CVE List - 2024 / April
Showing 2501 - 2600 of 3605 CVEs for April 2024 (Page 26 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-3910 | 2024-04-17 | Tenda AC500 DhcpListClient fromDhcpListClient stack-based overflow |
| CVE-2023-6805 | 2024-04-17 | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up... |
| CVE-2023-40146 | 2024-04-17 | A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated... |
| CVE-2023-39367 | 2024-04-17 | An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution.... |
| CVE-2023-45744 | 2024-04-17 | A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker... |
| CVE-2023-45209 | 2024-04-17 | An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive... |
| CVE-2023-43491 | 2024-04-17 | An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive... |
| CVE-2024-1132 | 2024-04-17 | Keycloak: path transversal in redirection validation |
| CVE-2024-1249 | 2024-04-17 | Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos |
| CVE-2024-2419 | 2024-04-17 | Keycloak: path traversal in the redirect validation |
| CVE-2024-29035 | 2024-04-17 | Umbraco's Blind SSRF Leads to Port Scan by using Webhooks |
| CVE-2024-3825 | 2024-04-17 | CSRF in BlazeMeter Jenkins plugin |
| CVE-2024-30253 | 2024-04-17 | Handling untrusted input can result in a crash, leading to loss of availability / denial of service |
| CVE-2024-31463 | 2024-04-17 | Ironic-image allows unauthenticated local access to Ironic API |
| CVE-2024-32463 | 2024-04-17 | phlex makes Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags |
| CVE-2023-52645 | 2024-04-17 | pmdomain: mediatek: fix race conditions with genpd |
| CVE-2024-26910 | 2024-04-17 | netfilter: ipset: fix performance regression in swap operation |
| CVE-2024-26911 | 2024-04-17 | drm/buddy: Fix alloc_range() error handling code |
| CVE-2024-26912 | 2024-04-17 | drm/nouveau: fix several DMA buffer leaks |
| CVE-2024-26913 | 2024-04-17 | drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue |
| CVE-2024-26914 | 2024-04-17 | drm/amd/display: fix incorrect mpc_combine array size |
| CVE-2024-26915 | 2024-04-17 | drm/amdgpu: Reset IH OVERFLOW_CLEAR bit |
| CVE-2024-26916 | 2024-04-17 | Revert "drm/amd: flush any delayed gfxoff on suspend entry" |
| CVE-2024-26917 | 2024-04-17 | scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" |
| CVE-2024-26918 | 2024-04-17 | PCI: Fix active state requirement in PME polling |
| CVE-2024-26919 | 2024-04-17 | usb: ulpi: Fix debugfs directory leak |
| CVE-2024-26920 | 2024-04-17 | tracing/trigger: Fix to return error if failed to alloc snapshot |
| CVE-2023-5395 | 2024-04-17 | Server receiving a malformed message that uses the hostname in an internal table may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations... |
| CVE-2023-5396 | 2024-04-17 | Server receiving a malformed message creates connection for a hostname that may cause a stack overflow resulting in possible remote code execution. See Honeywell Security Notification for recommendations on upgrading... |
| CVE-2023-5397 | 2024-04-17 | Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on... |
| CVE-2023-5398 | 2024-04-17 | Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versioning. |
| CVE-2023-5400 | 2024-04-17 | Server receiving a malformed message based on a using the specified key values can cause a heap overflow vulnerability which could lead to an attacker performing remote code execution or... |
| CVE-2023-5401 | 2024-04-17 | Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or... |
| CVE-2023-5403 | 2024-04-17 | Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and... |
| CVE-2023-5404 | 2024-04-17 | Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading... |
| CVE-2023-5405 | 2024-04-17 | Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on... |
| CVE-2023-5406 | 2024-04-17 | Server communication with a controller can lead to remote code execution using a specially crafted message from the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. |
| CVE-2023-5407 | 2024-04-17 | Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. |
| CVE-2024-28073 | 2024-04-17 | SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-3914 | 2024-04-17 | Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-2961 | 2024-04-17 | The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the... |
| CVE-2024-29950 | 2024-04-17 | Brocade SANnav before v2.3.1, v2.3.0a uses weak encryption |
| CVE-2024-3900 | 2024-04-17 | Out-of-bounds stack array write in Xpdf 4.05 due to missing zero check |
| CVE-2024-3323 | 2024-04-17 | Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-29951 | 2024-04-17 | Brocade SANnav has weak encryption in internal SSH ports |
| CVE-2024-21989 | 2024-04-17 | Privilege Escalation Vulnerability in ONTAP Select Deploy administration utility |
| CVE-2024-21990 | 2024-04-17 | Default Privileged Account Credentials Vulnerability in ONTAP Select Deploy administration utility |
| CVE-2024-3817 | 2024-04-17 | HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches |
| CVE-2024-0257 | 2024-04-17 | RoboDK Heap-based Buffer Overflow |
| CVE-2024-32472 | 2024-04-17 | excalidraw vulnerable to a Stored XSS in excalidraw's web embed component |
| CVE-2024-29952 | 2024-04-17 | Clear text storage of sensistive information by manipulating command variables |
| CVE-2024-29955 | 2024-04-17 | Insertion of Sensitive Information into Brocade SANnav Log File |
| CVE-2023-4232 | 2024-04-17 | Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_status_report() function |
| CVE-2023-4233 | 2024-04-17 | Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the sms_decode_address_field() function |
| CVE-2023-4234 | 2024-04-17 | Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_submit_report() function |
| CVE-2023-4235 | 2024-04-17 | Ofono: sms decoder stack-based buffer overflow remote code execution vulnerability within the decode_deliver_report() function |
| CVE-2023-4509 | 2024-04-17 | It is possible for an API key to be logged in clear text in the audit log file after an invalid login attempt. |
| CVE-2024-3928 | 2024-04-17 | Dromara open-capacity-platform auth-server heapdump information disclosure |
| CVE-2024-30564 | 2024-04-18 | An issue inandrei-tatar nora-firebase-common between v.1.0.41 and v.1.12.2 allows a remote attacker to execute arbitrary code via a crafted script to the updateState parameter of the updateStateInternal method. |
| CVE-2024-30938 | 2024-04-18 | SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component. |
| CVE-2024-31750 | 2024-04-18 | SQL injection vulnerability in f-logic datacube3 v.1.0 allows a remote attacker to obtain sensitive information via the req_id parameter. |
| CVE-2024-32325 | 2024-04-18 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the ssid parameter in the setWiFiExtenderConfig function. |
| CVE-2024-32326 | 2024-04-18 | TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. |
| CVE-2024-32327 | 2024-04-18 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Port Forwarding under the Firewall Page. |
| CVE-2024-32332 | 2024-04-18 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in WDS Settings under the Wireless Page. |
| CVE-2024-32333 | 2024-04-18 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. |
| CVE-2024-32334 | 2024-04-18 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. |
| CVE-2024-32335 | 2024-04-18 | TOTOLINK N300RT V2.1.8-B20201030.1539 contains a Store Cross-site scripting (XSS) vulnerability in Access Control under the Wireless Page. |
| CVE-2024-30920 | 2024-04-18 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component. |
| CVE-2024-30921 | 2024-04-18 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the photo.php component. |
| CVE-2024-30922 | 2024-04-18 | SQL Injection vulnerability in DerbyNet v9.0 allows a remote attacker to execute arbitrary code via the where Clause in Award Document Rendering. |
| CVE-2024-30923 | 2024-04-18 | SQL Injection vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the where Clause in Racer Document Rendering |
| CVE-2024-30924 | 2024-04-18 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the checkin.php component. |
| CVE-2024-30925 | 2024-04-18 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the photo-thumbs.php component. |
| CVE-2024-30926 | 2024-04-18 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the ./inc/kiosks.inc component. |
| CVE-2024-30927 | 2024-04-18 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the racer-results.php component. |
| CVE-2024-30928 | 2024-04-18 | SQL Injection vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary SQL commands via 'classids' Parameter in ajax/query.slide.next.inc |
| CVE-2024-30929 | 2024-04-18 | Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows attackers to execute arbitrary code via the 'back' Parameter in playlist.php |
| CVE-2024-3931 | 2024-04-18 | Totara LMS User Selector check.php cross site scripting |
| CVE-2024-3932 | 2024-04-18 | Totara LMS User Selector cross-site request forgery |
| CVE-2024-29956 | 2024-04-18 | cleartext password in supportsave logs when a user schedules a switch Supportsave from Brocade SANnav |
| CVE-2024-1426 | 2024-04-18 | The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... |
| CVE-2024-1429 | 2024-04-18 | The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... |
| CVE-2024-2729 | 2024-04-18 | Otter Blocks < 2.6.6 - Contributor+ Stored XSS |
| CVE-2024-31869 | 2024-04-18 | Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used |
| CVE-2024-32142 | 2024-04-18 | WordPress Ovic Responsive WPBakery plugin <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2023-49742 | 2024-04-18 | WordPress Support Genix plugin <= 1.2.3 - Broken Access Control lead to Arbitrary File Upload vulnerability |
| CVE-2023-41864 | 2024-04-18 | WordPress PeproDev CF7 Database plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-32604 | 2024-04-18 | WordPress WP-Recall plugin <= 16.26.5 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-32603 | 2024-04-18 | WordPress WooBuddy plugin <= 3.4.20 - PHP Object Injection vulnerability |
| CVE-2024-32601 | 2024-04-18 | WordPress Popup Anything plugin <= 2.8 - Broken Access Control vulnerability |
| CVE-2024-32599 | 2024-04-18 | WordPress WP Dummy Content Generator plugin <= 3.2.1 - Arbitrary Code Execution vulnerability |
| CVE-2024-32598 | 2024-04-18 | WordPress BA Book Everything plugin <= 1.6.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32597 | 2024-04-18 | WordPress WP Smart Import plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32596 | 2024-04-18 | WordPress DSGVO Youtube plugin <= 1.4.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32595 | 2024-04-18 | WordPress WP Helper Premium plugin < 4.6.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32594 | 2024-04-18 | WordPress Attesa Extra plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32593 | 2024-04-18 | WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.3.4.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32592 | 2024-04-18 | WordPress Void Elementor WHMCS Elements For Elementor Page Builder plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-32591 | 2024-04-18 | WordPress Backend Designer plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability |