CVE List - 2024 / March
Showing 1601 - 1700 of 3299 CVEs for March 2024 (Page 17 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-2571 | 2024-03-18 | SourceCodester Employee Task Management System manage-admin.php redirect |
| CVE-2023-39223 | 2024-03-18 | Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. |
| CVE-2023-39933 | 2024-03-18 | Insufficient verification vulnerability exists in Broadcast Mail CGI (pmc.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a user who can upload files through the product may... |
| CVE-2023-40160 | 2024-03-18 | Directory traversal vulnerability exists in Mailing List Search CGI (pmmls.exe) included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the... |
| CVE-2023-40747 | 2024-03-18 | Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot. |
| CVE-2024-2572 | 2024-03-18 | SourceCodester Employee Task Management System task-details.php redirect |
| CVE-2024-2573 | 2024-03-18 | SourceCodester Employee Task Management System task-info.php redirect |
| CVE-2024-2574 | 2024-03-18 | SourceCodester Employee Task Management System edit-task.php authorization |
| CVE-2024-2575 | 2024-03-18 | SourceCodester Employee Task Management System task-details.php authorization |
| CVE-2024-2576 | 2024-03-18 | SourceCodester Employee Task Management System update-admin.php authorization |
| CVE-2024-2577 | 2024-03-18 | SourceCodester Employee Task Management System update-employee.php authorization |
| CVE-2024-2581 | 2024-03-18 | Tenda AC10 SetStaticRouteCfg fromSetRouteStatic stack-based overflow |
| CVE-2024-28745 | 2024-03-18 | Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on... |
| CVE-2024-23604 | 2024-03-18 | Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using... |
| CVE-2024-28125 | 2024-03-18 | FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification... |
| CVE-2024-28128 | 2024-03-18 | Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who... |
| CVE-2024-27974 | 2024-03-18 | Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is... |
| CVE-2024-21824 | 2024-03-18 | Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can... |
| CVE-2024-22475 | 2024-03-18 | Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the... |
| CVE-2024-28039 | 2024-03-18 | Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service (DoS)... |
| CVE-2024-1604 | 2024-03-18 | Incorrect authorization in BMC Control-M |
| CVE-2024-1605 | 2024-03-18 | DLL side-loading in BMC Control-M |
| CVE-2024-1606 | 2024-03-18 | HTML injection in BMC Control-M |
| CVE-2023-52609 | 2024-03-18 | binder: fix race between mmput() and do_exit() |
| CVE-2023-52610 | 2024-03-18 | net/sched: act_ct: fix skb leak and crash on ooo frags |
| CVE-2023-52611 | 2024-03-18 | wifi: rtw88: sdio: Honor the host max_req_size in the RX path |
| CVE-2023-52612 | 2024-03-18 | crypto: scomp - fix req->dst buffer overflow |
| CVE-2023-52613 | 2024-03-18 | drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment |
| CVE-2024-26631 | 2024-03-18 | ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work |
| CVE-2024-26632 | 2024-03-18 | block: Fix iterating over an empty bio with bio_for_each_folio_all |
| CVE-2024-26633 | 2024-03-18 | ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() |
| CVE-2023-52614 | 2024-03-18 | PM / devfreq: Fix buffer overflow in trans_stat_show |
| CVE-2023-52615 | 2024-03-18 | hwrng: core - Fix page fault dead lock on mmap-ed hwrng |
| CVE-2023-52616 | 2024-03-18 | crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init |
| CVE-2024-26634 | 2024-03-18 | net: fix removing a namespace with conflicting altnames |
| CVE-2024-26635 | 2024-03-18 | llc: Drop support for ETH_P_TR_802_2. |
| CVE-2024-26636 | 2024-03-18 | llc: make llc_ui_sendmsg() more robust against bonding changes |
| CVE-2024-26637 | 2024-03-18 | wifi: ath11k: rely on mac80211 debugfs handling for vif |
| CVE-2024-26638 | 2024-03-18 | nbd: always initialize struct msghdr completely |
| CVE-2023-52617 | 2024-03-18 | PCI: switchtec: Fix stdev_release() crash after surprise hot remove |
| CVE-2023-52618 | 2024-03-18 | block/rnbd-srv: Check for unlikely string overflow |
| CVE-2023-52619 | 2024-03-18 | pstore/ram: Fix crash when setting number of cpus to an odd number |
| CVE-2024-26640 | 2024-03-18 | tcp: add sanity checks to rx zerocopy |
| CVE-2024-26641 | 2024-03-18 | ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() |
| CVE-2024-1013 | 2024-03-18 | Unixodbc: out of bounds stack write due to pointer-to-integer types conversion |
| CVE-2024-20767 | 2024-03-18 | ColdFusion | Improper Access Control (CWE-284) |
| CVE-2023-7250 | 2024-03-18 | Iperf3: possible denial of service |
| CVE-2024-2002 | 2024-03-18 | Libdwarf: crashes randomly on fuzzed object |
| CVE-2024-2496 | 2024-03-18 | Libvirt: null pointer dereference in udevconnectlistallinterfaces() |
| CVE-2024-27767 | 2024-03-18 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-287: Improper Authentication |
| CVE-2024-27768 | 2024-03-18 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-22: 'Path Traversal' |
| CVE-2024-27769 | 2024-03-18 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2024-27770 | 2024-03-18 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-23: Relative Path Traversal |
| CVE-2024-27771 | 2024-03-18 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-22: 'Path Traversal' |
| CVE-2024-27772 | 2024-03-18 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-78: 'OS Command Injection' |
| CVE-2024-27773 | 2024-03-18 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-348: Use of Less Trusted Source |
| CVE-2024-27774 | 2024-03-18 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-259: Use of Hard-coded Password |
| CVE-2024-2584 | 2024-03-18 | SQL injection vulnerability in AMSS++ |
| CVE-2024-2585 | 2024-03-18 | SQL injection vulnerability in AMSS++ |
| CVE-2024-2586 | 2024-03-18 | SQL injection vulnerability in AMSS++ |
| CVE-2024-2587 | 2024-03-18 | SQL injection vulnerability in AMSS++ |
| CVE-2024-2588 | 2024-03-18 | SQL injection vulnerability in AMSS++ |
| CVE-2024-2589 | 2024-03-18 | SQL injection vulnerability in AMSS++ |
| CVE-2024-2590 | 2024-03-18 | SQL injection vulnerability in AMSS++ |
| CVE-2024-2591 | 2024-03-18 | SQL injection vulnerability in AMSS++ |
| CVE-2024-2592 | 2024-03-18 | SQL injection vulnerability in AMSS++ |
| CVE-2024-2593 | 2024-03-18 | Cross-Site Scripting (XSS) in AMSS++ |
| CVE-2024-2594 | 2024-03-18 | Cross-Site Scripting (XSS) in AMSS++ |
| CVE-2024-2595 | 2024-03-18 | Cross-Site Scripting (XSS) in AMSS++ |
| CVE-2024-2596 | 2024-03-18 | Cross-Site Scripting (XSS) in AMSS++ |
| CVE-2024-2597 | 2024-03-18 | Cross-Site Scripting (XSS) in AMSS++ |
| CVE-2024-2598 | 2024-03-18 | Cross-Site Scripting (XSS) in AMSS++ |
| CVE-2024-2599 | 2024-03-18 | Unrestricted Upload of File with Dangerous Type vulnerability in AMSS++ |
| CVE-2024-22257 | 2024-03-18 | In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is... |
| CVE-2024-1753 | 2024-03-18 | Buildah: full container escape at build time |
| CVE-2024-20745 | 2024-03-18 | ZDI-CAN-22671: Adobe Premiere Pro AVI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-20746 | 2024-03-18 | Adobe Premiere Pro Out-of-bounds Write Arbitrary code execution |
| CVE-2024-1331 | 2024-03-18 | Team Members < 5.3.2 - Author+ Stored XSS |
| CVE-2024-1333 | 2024-03-18 | Responsive Pricing Table < 5.1.11 - Author+ Stored XSS |
| CVE-2024-1658 | 2024-03-18 | Grid Shortcodes < 1.1.1 - Contributor+ Stored XSS |
| CVE-2024-27937 | 2024-03-18 | glpi Users emails enumeration |
| CVE-2024-27930 | 2024-03-18 | Sensitive fields access through dropdowns in GLPI |
| CVE-2024-2390 | 2024-03-18 | Local Privilege Escalation |
| CVE-2024-20756 | 2024-03-18 | Adobe Bridge 2024 Out of Bound Write Remote Code Execution Vulnerability |
| CVE-2024-20752 | 2024-03-18 | ZDI-CAN-22653: Adobe Bridge PS File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-20755 | 2024-03-18 | Adobe Bridge PDF Parsing Heap Memory Corruption Remote Code Execution Vulnerability |
| CVE-2024-20757 | 2024-03-18 | Bridge 2024 TIF File Parsing Out-Of-Bound Read Information Disclosure Vulnerability |
| CVE-2024-2051 | 2024-03-18 | CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form. |
| CVE-2024-2050 | 2024-03-18 | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript code within the context of the product. |
| CVE-2024-2052 | 2024-03-18 | CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download... |
| CVE-2024-2229 | 2024-03-18 | CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user. |
| CVE-2024-27096 | 2024-03-18 | SQL Injection in through the search engine |
| CVE-2024-27098 | 2024-03-18 | Blind Server-Side Request Forgery (SSRF) using Arbitrary Object Instantiation in GLPI |
| CVE-2024-27104 | 2024-03-18 | Stored XSS in dashboards in GLPI |
| CVE-2024-27914 | 2024-03-18 | Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI |
| CVE-2024-20754 | 2024-03-18 | Lightroom Desktop | Untrusted Search Path (CWE-426) |
| CVE-2024-21652 | 2024-03-18 | Argo CD vulnerable to Bypassing of Brute Force Protection via Application Crash and In-Memory Data Loss |
| CVE-2024-20761 | 2024-03-18 | Adobe Animate 2024 BMP File Parsing Out-Of-Bound Write Remote Code execution Vulnerability |
| CVE-2024-20763 | 2024-03-18 | Adobe Animate 2024 GIF file parsing memory corruption |
| CVE-2024-20764 | 2024-03-18 | Adobe Animate 2024 SWF File parsing memory corruption |