CVE List - 2024 / March
Showing 501 - 600 of 3300 CVEs for March 2024 (Page 6 of 33)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-26626 | 2024-03-06 | ipmr: fix kernel panic when forwarding mcast packets |
| CVE-2024-26627 | 2024-03-06 | scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler |
| CVE-2024-2211 | 2024-03-06 | Cross-Site Scripting vulnerability in Gophish Admin Panel |
| CVE-2024-1224 | 2024-03-06 | Information Disclosure Vulnerability in CDAC USB Pratirodh |
| CVE-2024-25102 | 2024-03-06 | Information Disclosure Vulnerability in CDAC AppSamvid Software |
| CVE-2024-25103 | 2024-03-06 | Dynamic Link Library (DLL) Hijacking Vulnerability in CDAC AppSamvid Software |
| CVE-2024-26580 | 2024-03-06 | Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability |
| CVE-2023-50740 | 2024-03-06 | Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged |
| CVE-2024-20301 | 2024-03-06 | A vulnerability in Cisco Duo Authentication for Windows Logon and... |
| CVE-2024-20338 | 2024-03-06 | A vulnerability in the ISE Posture (System Scan) module of... |
| CVE-2024-20337 | 2024-03-06 | A vulnerability in the SAML authentication process of Cisco Secure... |
| CVE-2024-20335 | 2024-03-06 | A vulnerability in the web-based management interface of Cisco Small... |
| CVE-2024-20336 | 2024-03-06 | A vulnerability in the web-based user interface of Cisco Small... |
| CVE-2024-20292 | 2024-03-06 | A vulnerability in the logging component of Cisco Duo Authentication... |
| CVE-2024-20346 | 2024-03-06 | A vulnerability in the web-based management interface of Cisco AppDynamics... |
| CVE-2024-20345 | 2024-03-06 | A vulnerability in the file upload functionality of Cisco AppDynamics... |
| CVE-2024-28173 | 2024-03-06 | In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters... |
| CVE-2024-28174 | 2024-03-06 | In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in... |
| CVE-2024-2215 | 2024-03-06 | A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin... |
| CVE-2024-2216 | 2024-03-06 | A missing permission check in an HTTP endpoint in Jenkins... |
| CVE-2024-28149 | 2024-03-06 | Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does... |
| CVE-2024-28150 | 2024-03-06 | Jenkins HTML Publisher Plugin 1.32 and earlier does not escape... |
| CVE-2024-28151 | 2024-03-06 | Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic... |
| CVE-2024-28152 | 2024-03-06 | In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except... |
| CVE-2024-28153 | 2024-03-06 | Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape... |
| CVE-2024-28154 | 2024-03-06 | Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive... |
| CVE-2024-28155 | 2024-03-06 | Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission... |
| CVE-2024-28156 | 2024-03-06 | Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not... |
| CVE-2024-28157 | 2024-03-06 | Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket... |
| CVE-2024-28158 | 2024-03-06 | A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial... |
| CVE-2024-28159 | 2024-03-06 | A missing permission check in Jenkins Subversion Partial Release Manager... |
| CVE-2024-28160 | 2024-03-06 | Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum... |
| CVE-2024-28161 | 2024-03-06 | In Jenkins Delphix Plugin 3.0.1, a global option for administrators... |
| CVE-2024-28162 | 2024-03-06 | In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a... |
| CVE-2023-50167 | 2024-03-06 | Pega Platform from 7.1.7 to 23.1.1 is affected by an... |
| CVE-2023-50716 | 2024-03-06 | Invalid DATA_FRAG Submessage causes a bad-free error |
| CVE-2024-24761 | 2024-03-06 | Galette public pages accessibility restriction |
| CVE-2024-24765 | 2024-03-06 | CasaOS-UserService allows unauthorized access to any file |
| CVE-2024-24767 | 2024-03-06 | CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability |
| CVE-2024-24766 | 2024-03-06 | CasaOS Username Enumeration |
| CVE-2024-25111 | 2024-03-06 | SQUID-2024:1 Denial of Service in HTTP Chunked Decoding |
| CVE-2024-27287 | 2024-03-06 | ESPHome vulnerable to stored Cross-site Scripting in edit configuration file API |
| CVE-2024-27288 | 2024-03-06 | 1Panel open source panel project has an unauthorized vulnerability. |
| CVE-2024-27289 | 2024-03-06 | pgx SQL Injection via Line Comment Creation |
| CVE-2024-27302 | 2024-03-06 | Authorization Bypass Through User-Controlled Key in go-zero |
| CVE-2024-2173 | 2024-03-06 | Out of bounds memory access in V8 in Google Chrome... |
| CVE-2024-2174 | 2024-03-06 | Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111... |
| CVE-2024-2176 | 2024-03-06 | Use after free in FedCM in Google Chrome prior to... |
| CVE-2024-27303 | 2024-03-06 | electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) |
| CVE-2024-27304 | 2024-03-06 | pgx SQL Injection via Protocol Message Size Overflow |
| CVE-2023-48703 | 2024-03-06 | SAML authentication bypass vulnerability in RobotsAndPencils/go-saml |
| CVE-2024-27307 | 2024-03-06 | JSONata expression can pollute the "Object" prototype |
| CVE-2024-27308 | 2024-03-06 | Mio's tokens for named pipes may be delivered after deregistration |
| CVE-2024-27915 | 2024-03-06 | Sulu grants access to pages regardless of role permissions |
| CVE-2024-27917 | 2024-03-06 | Shopware's session is persistent in Cache for 404 pages |
| CVE-2024-1142 | 2024-03-06 | Sonatype IQ Server - Path Traversal |
| CVE-2024-27916 | 2024-03-06 | `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user |
| CVE-2024-27918 | 2024-03-06 | Coder's OIDC authentication allows email with partially matching domain to register |
| CVE-2024-27923 | 2024-03-06 | Remote Code Execution by uploading a phar file using frontmatter |
| CVE-2024-27922 | 2024-03-06 | HTTP Handling Vulnerability in the Bare server |
| CVE-2024-27926 | 2024-03-06 | RSSHub Cross-site Scripting vulnerability caused by internal media proxy |
| CVE-2024-27927 | 2024-03-06 | RSSHub vulnerable to SSRF in /mastodon, /zjoi, and /m4 |
| CVE-2024-27932 | 2024-03-06 | Deno's improper suffix match testing for DENO_AUTH_TOKENS |
| CVE-2024-27933 | 2024-03-06 | Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass |
| CVE-2024-27934 | 2024-03-06 | *const c_void / ExternalPointer unsoundness leading to use-after-free |
| CVE-2024-27935 | 2024-03-06 | Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination |
| CVE-2024-27936 | 2024-03-06 | Deno interactive permission prompt spoofing via improper ANSI stripping |
| CVE-2024-28101 | 2024-03-06 | Apollo Router's Compressed Payloads do not respect HTTP Payload Limits |
| CVE-2024-28102 | 2024-03-06 | JWCrypto vulnerable to JWT bomb Attack in `deserialize` function |
| CVE-2024-28110 | 2024-03-06 | Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials |
| CVE-2024-28111 | 2024-03-06 | CSV Injection in exported history CSV files |
| CVE-2024-2236 | 2024-03-06 | Libgcrypt: vulnerable to marvin attack |
| CVE-2022-46089 | 2024-03-07 | Cross Site Scripting (XSS) vulnerability in the add-airline form of... |
| CVE-2022-46091 | 2024-03-07 | Cross Site Scripting (XSS) vulnerability in the feedback form of... |
| CVE-2022-46497 | 2024-03-07 | Hospital Management System 1.0 was discovered to contain a SQL... |
| CVE-2022-46498 | 2024-03-07 | Hospital Management System 1.0 was discovered to contain a SQL... |
| CVE-2022-46499 | 2024-03-07 | Hospital Management System 1.0 was discovered to contain a SQL... |
| CVE-2023-33676 | 2024-03-07 | Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable... |
| CVE-2023-41015 | 2024-03-07 | code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection... |
| CVE-2023-47415 | 2024-03-07 | Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain... |
| CVE-2023-49986 | 2024-03-07 | A cross-site scripting (XSS) vulnerability in the component /admin/parent of... |
| CVE-2023-49987 | 2024-03-07 | A cross-site scripting (XSS) vulnerability in the component /management/term of... |
| CVE-2023-49988 | 2024-03-07 | Hotel Booking Management v1.0 was discovered to contain a SQL... |
| CVE-2023-49989 | 2024-03-07 | Hotel Booking Management v1.0 was discovered to contain a SQL... |
| CVE-2023-51281 | 2024-03-07 | Cross Site Scripting vulnerability in Customer Support System v.1.0 allows... |
| CVE-2023-51786 | 2024-03-07 | An issue was discovered in Lustre versions 2.13.x, 2.14.x, and... |
| CVE-2024-22752 | 2024-03-07 | Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allows... |
| CVE-2024-22857 | 2024-03-07 | Heap based buffer flow in zlog v1.1.0 to v1.2.17 in... |
| CVE-2024-24035 | 2024-03-07 | Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1... |
| CVE-2024-24375 | 2024-03-07 | SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker... |
| CVE-2024-25327 | 2024-03-07 | Cross Site Scripting (XSS) vulnerability in Justice Systems FullCourt Enterprise... |
| CVE-2024-25729 | 2024-03-07 | Arris SBG6580 devices have predictable default WPA2 security passwords that... |
| CVE-2024-26492 | 2024-03-07 | An issue in Online Diagnostic Lab Management System 1.0 allows... |
| CVE-2024-26566 | 2024-03-07 | An issue in Cute Http File Server v.3.1 allows a... |
| CVE-2024-27707 | 2024-03-07 | Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform... |
| CVE-2024-27733 | 2024-03-07 | File Upload vulnerability in Byzro Network Smart s42 Management Platform... |
| CVE-2024-28222 | 2024-03-07 | In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2,... |
| CVE-2023-41014 | 2024-03-07 | code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection... |
| CVE-2023-41503 | 2024-03-07 | Student Enrollment In PHP v1.0 was discovered to contain a... |
| CVE-2024-24389 | 2024-03-07 | A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2... |