CVE List - 2024 / March
Showing 2001 - 2100 of 3300 CVEs for March 2024 (Page 21 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-2702 | 2024-03-20 | WordPress Olive One Click Demo Import plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2024-2690 | 2024-03-20 | SourceCodester Online Discussion Forum Site uupdate.php unrestricted upload |
| CVE-2023-46839 | 2024-03-20 | pci: phantom functions assigned to incorrect contexts |
| CVE-2023-46840 | 2024-03-20 | VT-d: Failure to quarantine devices in !HVM builds |
| CVE-2023-46841 | 2024-03-20 | x86: shadow stack vs exceptions from emulation stubs |
| CVE-2023-52229 | 2024-03-20 | WordPress Word Replacer Pro plugin <= 1.0 - Broken Access Control vulnerability |
| CVE-2024-2721 | 2024-03-20 | WordPress Social Media Share Buttons plugin <= 2.1.0 - PHP Object Injection vulnerability |
| CVE-2024-1811 | 2024-03-20 | OpenText ArcSight Platform Remote Vulnerability |
| CVE-2024-1800 | 2024-03-20 | Progress Telerik Report Server Deserialization |
| CVE-2024-1801 | 2024-03-20 | Progress Telerik Reporting Local Deserialization Vulnerability |
| CVE-2024-1856 | 2024-03-20 | Progress Telerik Reporting Remote Deserialization Vulnerability |
| CVE-2023-35888 | 2024-03-20 | IBM Security Verify Governance information disclosure |
| CVE-2023-41038 | 2024-03-20 | Server crash when using specific form of SET BIND statement |
| CVE-2023-41877 | 2024-03-20 | GeoServer log file path traversal vulnerability |
| CVE-2024-2291 | 2024-03-20 | MOVEit Transfer Logging Bypass Vulnerability |
| CVE-2023-51444 | 2024-03-20 | GeoServer arbitrary file upload vulnerability in REST Coverage Store API |
| CVE-2023-51445 | 2024-03-20 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in REST Resources API |
| CVE-2024-23634 | 2024-03-20 | GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API |
| CVE-2024-23640 | 2024-03-20 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Style Publisher |
| CVE-2024-2703 | 2024-03-20 | Tenda AC10U SetOnlineDevName formSetDeviceName stack-based overflow |
| CVE-2024-2704 | 2024-03-20 | Tenda AC10U SetFirewallCfg formSetFirewallCfg stack-based overflow |
| CVE-2024-2705 | 2024-03-20 | Tenda AC10U SetNetControlList formSetQosBand stack-based overflow |
| CVE-2024-2706 | 2024-03-20 | Tenda AC10U WifiWpsStart formWifiWpsStart stack-based overflow |
| CVE-2024-2707 | 2024-03-20 | Tenda AC10U WriteFacMac formWriteFacMac os command injection |
| CVE-2024-2625 | 2024-03-20 | Object lifecycle issue in V8 in Google Chrome prior to... |
| CVE-2024-2626 | 2024-03-20 | Out of bounds read in Swiftshader in Google Chrome prior... |
| CVE-2024-2627 | 2024-03-20 | Use after free in Canvas in Google Chrome prior to... |
| CVE-2024-2628 | 2024-03-20 | Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58... |
| CVE-2024-2629 | 2024-03-20 | Incorrect security UI in iOS in Google Chrome prior to... |
| CVE-2024-2630 | 2024-03-20 | Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58... |
| CVE-2024-2631 | 2024-03-20 | Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58... |
| CVE-2023-45177 | 2024-03-20 | IBM MQ denial of service |
| CVE-2024-2708 | 2024-03-20 | Tenda AC10U execCommand formexeCommand stack-based overflow |
| CVE-2024-2709 | 2024-03-20 | Tenda AC10U SetStaticRouteCfg fromSetRouteStatic stack-based overflow |
| CVE-2024-23642 | 2024-03-20 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in Simple SVG Renderer |
| CVE-2024-23643 | 2024-03-20 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in GWC Seed Form |
| CVE-2024-23818 | 2024-03-20 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in WMS OpenLayers Format |
| CVE-2024-2710 | 2024-03-20 | Tenda AC10U openSchedWifi setSchedWifi stack-based overflow |
| CVE-2024-2711 | 2024-03-20 | Tenda AC10U addWifiMacFilter stack-based overflow |
| CVE-2024-23819 | 2024-03-20 | GeoServer Stored Cross-Site Scripting (XSS) vulnerability in MapML HTML Page |
| CVE-2024-23821 | 2024-03-20 | GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS) |
| CVE-2024-24813 | 2024-03-20 | Frappe SQL Injection from reporting logic |
| CVE-2024-27105 | 2024-03-20 | Frappe File Permissions can by bypassed using certain endpoints |
| CVE-2022-4963 | 2024-03-20 | Folio Spring Module Core Schema Name HibernateSchemaService.java dropSchema sql injection |
| CVE-2024-2712 | 2024-03-20 | Campcodes Complete Online DJ Booking System user-search.php sql injection |
| CVE-2024-2713 | 2024-03-20 | Campcodes Complete Online DJ Booking System booking-search.php sql injection |
| CVE-2024-2714 | 2024-03-20 | Campcodes Complete Online DJ Booking System booking-bwdates-reports-details.php sql injection |
| CVE-2024-27286 | 2024-03-20 | Moving single messages from public to private streams leaves them accessible |
| CVE-2024-28179 | 2024-03-20 | Jupyter Server Proxy's Websocket Proxying does not require authentication |
| CVE-2024-2715 | 2024-03-20 | Campcodes Complete Online DJ Booking System user-search.php cross site scripting |
| CVE-2024-2716 | 2024-03-20 | Campcodes Complete Online DJ Booking System contactus.php cross site scripting |
| CVE-2024-28231 | 2024-03-20 | Manipulated DATA Submessage causes a heap-buffer-overflow error |
| CVE-2024-28868 | 2024-03-20 | Umbraco possible user enumeration vulnerability |
| CVE-2024-29018 | 2024-03-20 | External DNS requests from 'internal' networks could lead to data exfiltration |
| CVE-2024-29032 | 2024-03-20 | `qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code |
| CVE-2024-2717 | 2024-03-20 | Campcodes Complete Online DJ Booking System booking-search.php cross site scripting |
| CVE-2024-2718 | 2024-03-20 | Campcodes Complete Online DJ Booking System booking-bwdates-reports-details.php cross site scripting |
| CVE-2024-29033 | 2024-03-20 | GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace |
| CVE-2024-29036 | 2024-03-20 | Saleor Storefront session leak in cache |
| CVE-2024-29037 | 2024-03-20 | Default secret use for initial deployment |
| CVE-2024-2719 | 2024-03-20 | Campcodes Complete Online DJ Booking System admin-profile.php cross site scripting |
| CVE-2024-2720 | 2024-03-20 | Campcodes Complete Online DJ Booking System aboutus.php cross site scripting |
| CVE-2024-29026 | 2024-03-20 | Owncast cross origin request |
| CVE-2024-2469 | 2024-03-20 | Remote Code Execution in GitHub Enterprise Server Allowed Administrators to gain SSH access to the appliance |
| CVE-2024-2443 | 2024-03-20 | Improper input validation vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console |
| CVE-2024-2748 | 2024-03-20 | CSRF vulnerability was identified in GitHub Enterprise Server that allowed performing actions on behalf of a user |
| CVE-2024-28916 | 2024-03-20 | Xbox Gaming Services Elevation of Privilege Vulnerability |
| CVE-2023-48901 | 2024-03-21 | A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows... |
| CVE-2023-48902 | 2024-03-21 | An issue was discovered in tramyardg autoexpress version 1.3.0, allows... |
| CVE-2023-48903 | 2024-03-21 | Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows... |
| CVE-2023-51141 | 2024-03-21 | An issue in ZKTeko BioTime v.8.5.4 and before allows a... |
| CVE-2024-22724 | 2024-03-21 | An issue was discovered in osCommerce v4, allows local attackers... |
| CVE-2024-27683 | 2024-03-21 | D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the... |
| CVE-2024-28402 | 2024-03-21 | TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS)... |
| CVE-2024-28521 | 2024-03-21 | SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1... |
| CVE-2024-28635 | 2024-03-21 | Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132... |
| CVE-2024-28756 | 2024-03-21 | The SolarEdge mySolarEdge application before 2.20.1 for Android has a... |
| CVE-2024-29243 | 2024-03-21 | Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to... |
| CVE-2024-29244 | 2024-03-21 | Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to... |
| CVE-2024-29374 | 2024-03-21 | A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE... |
| CVE-2024-29858 | 2024-03-21 | In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly... |
| CVE-2024-29859 | 2024-03-21 | In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly... |
| CVE-2024-29862 | 2024-03-21 | The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge... |
| CVE-2024-29864 | 2024-03-21 | Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via... |
| CVE-2024-29866 | 2024-03-21 | Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect... |
| CVE-2024-29916 | 2024-03-21 | The dormakaba Saflok system before the November 2023 software update... |
| CVE-2023-51142 | 2024-03-21 | An issue in ZKTeco BioTime v.8.5.4 and before allows a... |
| CVE-2024-24272 | 2024-03-21 | An issue in iTop DualSafe Password Manager & Digital Vault... |
| CVE-2024-29937 | 2024-03-21 | NFS in a BSD derived codebase, as used in OpenBSD... |
| CVE-2024-1538 | 2024-03-21 | The File Manager plugin for WordPress is vulnerable to Cross-Site... |
| CVE-2024-2161 | 2024-03-21 | Use of Hard-coded Credentials in Kiloview NDI N series products API middleware |
| CVE-2024-2162 | 2024-03-21 | Authenticated Remote Code Execution in Kiloview NDI N series products |
| CVE-2024-28835 | 2024-03-21 | Gnutls: potential crash during chain building/verification |
| CVE-2024-2754 | 2024-03-21 | SourceCodester Complete E-Commerce Site users_photo.php unrestricted upload |
| CVE-2024-1147 | 2024-03-21 | Weak Access Control - Arbitrary file download |
| CVE-2024-1148 | 2024-03-21 | Weak Access Control - Arbitrary file upload |
| CVE-2024-29133 | 2024-03-21 | Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree |
| CVE-2024-29131 | 2024-03-21 | Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() |
| CVE-2024-26307 | 2024-03-21 | Apache Doris: Possible race condition |
| CVE-2024-27438 | 2024-03-21 | Apache Doris: Downloading arbitrary remote jar files resulting in remote command execution |