CVE List - 2024 / March
Showing 1001 - 1100 of 3299 CVEs for March 2024 (Page 11 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-26197 | 2024-03-12 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
| CVE-2024-26159 | 2024-03-12 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
| CVE-2024-26190 | 2024-03-12 | Microsoft QUIC Denial of Service Vulnerability |
| CVE-2024-26198 | 2024-03-12 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2024-26199 | 2024-03-12 | Microsoft Office Elevation of Privilege Vulnerability |
| CVE-2024-26201 | 2024-03-12 | Microsoft Intune Linux Agent Elevation of Privilege Vulnerability |
| CVE-2024-26203 | 2024-03-12 | Azure Data Studio Elevation of Privilege Vulnerability |
| CVE-2024-26161 | 2024-03-12 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-26164 | 2024-03-12 | Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-21330 | 2024-03-12 | Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability |
| CVE-2024-21334 | 2024-03-12 | Open Management Infrastructure (OMI) Remote Code Execution Vulnerability |
| CVE-2024-21390 | 2024-03-12 | Microsoft Authenticator Elevation of Privilege Vulnerability |
| CVE-2024-21400 | 2024-03-12 | Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability |
| CVE-2024-21407 | 2024-03-12 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2024-21408 | 2024-03-12 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-21419 | 2024-03-12 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2024-21427 | 2024-03-12 | Windows Kerberos Security Feature Bypass Vulnerability |
| CVE-2024-21431 | 2024-03-12 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability |
| CVE-2024-21432 | 2024-03-12 | Windows Update Stack Elevation of Privilege Vulnerability |
| CVE-2024-21433 | 2024-03-12 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2024-21434 | 2024-03-12 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability |
| CVE-2024-21435 | 2024-03-12 | Windows OLE Remote Code Execution Vulnerability |
| CVE-2024-21436 | 2024-03-12 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2024-21437 | 2024-03-12 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-21440 | 2024-03-12 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
| CVE-2024-21448 | 2024-03-12 | Microsoft Teams for Android Information Disclosure Vulnerability |
| CVE-2024-26160 | 2024-03-12 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
| CVE-2024-26162 | 2024-03-12 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
| CVE-2024-26166 | 2024-03-12 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-26169 | 2024-03-12 | Windows Error Reporting Service Elevation of Privilege Vulnerability |
| CVE-2024-26170 | 2024-03-12 | Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability |
| CVE-2024-26173 | 2024-03-12 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-26174 | 2024-03-12 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2024-26176 | 2024-03-12 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-26177 | 2024-03-12 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2024-26178 | 2024-03-12 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-26181 | 2024-03-12 | Windows Kernel Denial of Service Vulnerability |
| CVE-2024-26182 | 2024-03-12 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-26185 | 2024-03-12 | Windows Compressed Folder Tampering Vulnerability |
| CVE-2024-26204 | 2024-03-12 | Outlook for Android Information Disclosure Vulnerability |
| CVE-2024-26165 | 2024-03-12 | Visual Studio Code Elevation of Privilege Vulnerability |
| CVE-2024-1138 | 2024-03-12 | TIBCO FTL Privilege Escalation |
| CVE-2024-1137 | 2024-03-12 | TIBCO ActiveSpaces Information Leak Vulnerability |
| CVE-2024-1765 | 2024-03-12 | Unlimited resource allocation by QUIC CRYPTO frames flooding in quiche |
| CVE-2024-1410 | 2024-03-12 | Unbounded storage of information related to connection ID retirement, in quiche |
| CVE-2024-28098 | 2024-03-12 | Apache Pulsar: Improper Authorization For Topic-Level Policy Management |
| CVE-2022-34321 | 2024-03-12 | Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint |
| CVE-2024-27135 | 2024-03-12 | Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution |
| CVE-2024-27317 | 2024-03-12 | Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification |
| CVE-2024-27894 | 2024-03-12 | Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying |
| CVE-2024-2031 | 2024-03-12 | The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoom_recordings_by_meeting' shortcode in all versions up to, and including, 4.4.4 due to insufficient... |
| CVE-2024-2130 | 2024-03-12 | The CWW Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Module2 widget in all versions up to, and including, 1.2.7 due to insufficient input sanitization and... |
| CVE-2024-28186 | 2024-03-12 | SMTP Mail Credentials Disclosed in Error Log in freescout |
| CVE-2023-30968 | 2024-03-12 | Stored XSS in gaia |
| CVE-2024-28121 | 2024-03-12 | Reflex arbitrary method call in stimulus_reflex |
| CVE-2024-28112 | 2024-03-12 | Cross site scripting on router page in Peering Manager |
| CVE-2024-28113 | 2024-03-12 | Open redirection using the return_url parameter in Peering Manager |
| CVE-2024-28114 | 2024-03-12 | Remote Code Execution using Server Side Template Injection in Peering Manager |
| CVE-2023-5410 | 2024-03-12 | A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability. |
| CVE-2024-28239 | 2024-03-12 | URL Redirection to Untrusted Site in OAuth2/OpenID in directus |
| CVE-2024-28238 | 2024-03-12 | Session Token in URL in directus |
| CVE-2024-27305 | 2024-03-12 | SMTP smuggling in aiosmtpd |
| CVE-2024-2406 | 2024-03-12 | Gacjie Server Upload.php index unrestricted upload |
| CVE-2024-23300 | 2024-03-12 | A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code... |
| CVE-2024-28236 | 2024-03-12 | Insecure Variable Substitution in Vela |
| CVE-2024-2395 | 2024-03-12 | The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.14. This is due to missing or incorrect nonce validation... |
| CVE-2024-2107 | 2024-03-12 | The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers... |
| CVE-2024-0386 | 2024-03-12 | The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and... |
| CVE-2024-1397 | 2024-03-12 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due... |
| CVE-2024-1421 | 2024-03-12 | The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘border_type’ attribute of the Post Carousel widget in all versions up... |
| CVE-2023-7072 | 2024-03-12 | The Post Grid Combo – 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API... |
| CVE-2024-1450 | 2024-03-12 | The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.10 due to insufficient input sanitization... |
| CVE-2024-1503 | 2024-03-12 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to... |
| CVE-2024-1213 | 2024-03-12 | The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,... |
| CVE-2024-1502 | 2024-03-12 | The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in... |
| CVE-2024-0966 | 2024-03-12 | The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization... |
| CVE-2024-1214 | 2024-03-12 | The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including,... |
| CVE-2024-1278 | 2024-03-12 | The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'efb_likebox' shortcode in all... |
| CVE-2023-6500 | 2024-03-12 | The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization... |
| CVE-2024-1326 | 2024-03-12 | The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tag attributes in all versions up to, and including, 2.6.2 due to insufficient input sanitization... |
| CVE-2023-36238 | 2024-03-13 | Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter. |
| CVE-2023-41504 | 2024-03-13 | SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the Student Search function. |
| CVE-2024-25250 | 2024-03-13 | SQL Injection vulnerability in code-projects Agro-School Management System 1.0 allows attackers to run arbitrary code via the Login page. |
| CVE-2024-27703 | 2024-03-13 | Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter. |
| CVE-2024-28429 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php |
| CVE-2024-28431 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php. |
| CVE-2024-28432 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php. |
| CVE-2024-28623 | 2024-03-13 | RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section. |
| CVE-2024-28662 | 2024-03-13 | A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php. |
| CVE-2024-28665 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php |
| CVE-2024-28666 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php |
| CVE-2024-28667 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php |
| CVE-2024-28669 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php. |
| CVE-2024-28670 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php. |
| CVE-2024-28672 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php. |
| CVE-2024-28673 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php. |
| CVE-2024-28675 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php |
| CVE-2024-28677 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php. |
| CVE-2024-28678 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php |
| CVE-2024-28679 | 2024-03-13 | DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection. |