CVE List - 2024 / April
Showing 1501 - 1600 of 3605 CVEs for April 2024 (Page 16 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-31464 | 2024-04-10 | XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted |
| CVE-2024-3157 | 2024-04-10 | Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via... |
| CVE-2024-3516 | 2024-04-10 | Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-3515 | 2024-04-10 | Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-31386 | 2024-04-10 | Multiple WordPress themes affected by Cross-Site Request Forgery vulnerability |
| CVE-2021-47181 | 2024-04-10 | usb: musb: tusb6010: check return value after calling platform_get_resource() |
| CVE-2021-47182 | 2024-04-10 | scsi: core: Fix scsi_mode_sense() buffer length handling |
| CVE-2021-47183 | 2024-04-10 | scsi: lpfc: Fix link down processing to address NULL pointer dereference |
| CVE-2021-47184 | 2024-04-10 | i40e: Fix NULL ptr dereference on VSI filter sync |
| CVE-2021-47185 | 2024-04-10 | tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc |
| CVE-2021-47186 | 2024-04-10 | tipc: check for null after calling kmemdup |
| CVE-2021-47187 | 2024-04-10 | arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency |
| CVE-2021-47188 | 2024-04-10 | scsi: ufs: core: Improve SCSI abort handling |
| CVE-2021-47189 | 2024-04-10 | btrfs: fix memory ordering between normal and ordered work functions |
| CVE-2021-47190 | 2024-04-10 | perf bpf: Avoid memory leak from perf_env__insert_btf() |
| CVE-2021-47191 | 2024-04-10 | scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() |
| CVE-2021-47192 | 2024-04-10 | scsi: core: sysfs: Fix hang when device state is set via sysfs |
| CVE-2021-47193 | 2024-04-10 | scsi: pm80xx: Fix memory leak during rmmod |
| CVE-2021-47194 | 2024-04-10 | cfg80211: call cfg80211_stop_ap when switch from P2P_GO type |
| CVE-2021-47195 | 2024-04-10 | spi: fix use-after-free of the add_lock mutex |
| CVE-2021-47196 | 2024-04-10 | RDMA/core: Set send and receive CQ before forwarding to the driver |
| CVE-2021-47197 | 2024-04-10 | net/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove() |
| CVE-2021-47198 | 2024-04-10 | scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine |
| CVE-2021-47199 | 2024-04-10 | net/mlx5e: CT, Fix multiple allocations and memleak of mod acts |
| CVE-2021-47200 | 2024-04-10 | drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap |
| CVE-2021-47201 | 2024-04-10 | iavf: free q_vectors before queues in iavf_disable_vf |
| CVE-2021-47202 | 2024-04-10 | thermal: Fix NULL pointer dereferences in of_thermal_ functions |
| CVE-2021-47203 | 2024-04-10 | scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() |
| CVE-2021-47204 | 2024-04-10 | net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove |
| CVE-2021-47205 | 2024-04-10 | clk: sunxi-ng: Unregister clocks/resets when unbinding |
| CVE-2021-47206 | 2024-04-10 | usb: host: ohci-tmio: check return value after calling platform_get_resource() |
| CVE-2021-47207 | 2024-04-10 | ALSA: gus: fix null pointer dereference on pointer block |
| CVE-2021-47209 | 2024-04-10 | sched/fair: Prevent dead task groups from regaining cfs_rq's |
| CVE-2021-47210 | 2024-04-10 | usb: typec: tipd: Remove WARN_ON in tps6598x_block_read |
| CVE-2021-47211 | 2024-04-10 | ALSA: usb-audio: fix null pointer dereference on pointer cs_desc |
| CVE-2021-47212 | 2024-04-10 | net/mlx5: Update error handler for UCTX and UMEM |
| CVE-2021-47214 | 2024-04-10 | hugetlb, userfaultfd: fix reservation restore on userfaultfd error |
| CVE-2021-47215 | 2024-04-10 | net/mlx5e: kTLS, Fix crash in RX resync flow |
| CVE-2021-47216 | 2024-04-10 | scsi: advansys: Fix kernel pointer leak |
| CVE-2021-47217 | 2024-04-10 | x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails |
| CVE-2021-47218 | 2024-04-10 | selinux: fix NULL-pointer dereference when hashtab allocation fails |
| CVE-2021-47219 | 2024-04-10 | scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() |
| CVE-2024-31430 | 2024-04-10 | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR and WOLF WordPress plugins |
| CVE-2024-31465 | 2024-04-10 | XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet |
| CVE-2024-31939 | 2024-04-10 | WordPress Import any XML or CSV File to WordPress plugin <= 3.7.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-31981 | 2024-04-10 | XWiki Platform: Privilege escalation (PR) from user registration through PDFClass |
| CVE-2024-31982 | 2024-04-10 | XWiki Platform: Remote code execution as guest via DatabaseSearch |
| CVE-2024-31983 | 2024-04-10 | XWiki Platform: Remote code execution from edit in multilingual wikis via translations |
| CVE-2024-31984 | 2024-04-10 | XWiki Platform: Remote code execution through space title and Solr space facet |
| CVE-2024-31985 | 2024-04-10 | XWiki Platform CSRF in the job scheduler |
| CVE-2024-31986 | 2024-04-10 | XWiki Platform CSRF remote code execution through scheduler job's document reference |
| CVE-2024-31987 | 2024-04-10 | XWiki Platform remote code execution from account via custom skins support |
| CVE-2024-1481 | 2024-04-10 | Freeipa: specially crafted http requests potentially lead to denial of service |
| CVE-2024-31988 | 2024-04-10 | XWiki Platform CSRF remote code execution through the realtime HTML Converter API |
| CVE-2024-31996 | 2024-04-10 | XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution |
| CVE-2024-31997 | 2024-04-10 | XWiki Platform remote code execution from account through UIExtension parameters |
| CVE-2024-31995 | 2024-04-10 | zcap has incomplete expiration checks in capability chains. |
| CVE-2024-31999 | 2024-04-10 | @fastify/secure-session: Reuse of destroyed secure session cookie |
| CVE-2024-32001 | 2024-04-10 | SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used |
| CVE-2024-29902 | 2024-04-10 | Cosign vulnerable to system-wide denial of service via malicious attachments |
| CVE-2024-29903 | 2024-04-10 | Cosign vulnerable to machine-wide denial of service via malicious artifacts |
| CVE-2024-3612 | 2024-04-10 | SourceCodester Warehouse Management System barang.php cross site scripting |
| CVE-2023-48865 | 2024-04-11 | An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL. |
| CVE-2024-22717 | 2024-04-11 | Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application. |
| CVE-2024-22719 | 2024-04-11 | SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client. |
| CVE-2024-22721 | 2024-04-11 | Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link. |
| CVE-2024-22722 | 2024-04-11 | Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. |
| CVE-2024-25852 | 2024-04-11 | Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device... |
| CVE-2024-27592 | 2024-04-11 | Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL. |
| CVE-2024-28458 | 2024-04-11 | Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c. |
| CVE-2024-29399 | 2024-04-11 | An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component. |
| CVE-2024-30878 | 2024-04-11 | A cross-site scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the upload_drive... |
| CVE-2024-30879 | 2024-04-11 | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the... |
| CVE-2024-30880 | 2024-04-11 | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the... |
| CVE-2024-30883 | 2024-04-11 | Reflected Cross Site Scripting (XSS) vulnerability in RageFrame2 v2.6.43, allows remote attackers to execute arbitrary web scripts or HTML and obtain sensitive information via a crafted payload injected into the... |
| CVE-2024-30884 | 2024-04-11 | Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the... |
| CVE-2024-30885 | 2024-04-11 | Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component . |
| CVE-2024-30917 | 2024-04-11 | An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter... |
| CVE-2024-31678 | 2024-04-11 | Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file. |
| CVE-2023-29483 | 2024-04-11 | eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and... |
| CVE-2024-22718 | 2024-04-11 | Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL. |
| CVE-2024-25376 | 2024-04-11 | An issue discovered in Thesycon Software Solutions Gmbh & Co. KG TUSBAudio MSI-based installers before 5.68.0 allows a local attacker to execute arbitrary code via the msiexec.exe repair mode. |
| CVE-2024-30915 | 2024-04-11 | An issue was discovered in OpenDDS commit b1c534032bb62ad4ae32609778de6b8d6c823a66, allows a local attacker to cause a denial of service and obtain sensitive information via the max_samples parameter within the DataReaderQoS component. |
| CVE-2024-30916 | 2024-04-11 | An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter... |
| CVE-2024-3613 | 2024-04-11 | SourceCodester Warehouse Management System supplier.php cross site scripting |
| CVE-2024-3614 | 2024-04-11 | SourceCodester Warehouse Management System customer.php cross site scripting |
| CVE-2024-3616 | 2024-04-11 | SourceCodester Warehouse Management System pengguna.php cross site scripting |
| CVE-2024-3652 | 2024-04-11 | IKEv1 default AH/ESP responder can cause libreswan to abort and restart |
| CVE-2023-6811 | 2024-04-11 | The Language Translate Widget for WordPress – ConveyThis plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'api_key’ parameter in all versions up to, and including, 223 due... |
| CVE-2024-3617 | 2024-04-11 | SourceCodester Kortex Lite Advocate Office Management System deactivate_case.php sql injection |
| CVE-2024-29220 | 2024-04-11 | Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser... |
| CVE-2024-26019 | 2024-04-11 | Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the... |
| CVE-2024-25572 | 2024-04-11 | Cross-site request forgery (CSRF) vulnerability exists in Ninja Forms prior to 3.4.31. If a website administrator views a malicious page while logging in, unintended operations may be performed. |
| CVE-2024-3618 | 2024-04-11 | SourceCodester Kortex Lite Advocate Office Management System activate_case.php sql injection |
| CVE-2024-3619 | 2024-04-11 | SourceCodester Kortex Lite Advocate Office Management System addcase_stage.php sql injection |
| CVE-2024-3620 | 2024-04-11 | SourceCodester Kortex Lite Advocate Office Management System adds.php sql injection |
| CVE-2024-3621 | 2024-04-11 | SourceCodester Kortex Lite Advocate Office Management System register_case.php sql injection |
| CVE-2024-21508 | 2024-04-11 | Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due to improper validation of the supportBigNumbers and bigNumberStrings values. |
| CVE-2023-6257 | 2024-04-11 | Inline Related Posts < 3.6.0 - Subscriber+ Password Protected Post Read |
| CVE-2024-3285 | 2024-04-11 | The Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'metaslider' shortcode in all versions up to,... |