CVE List - 2024 / April
Showing 2701 - 2800 of 3605 CVEs for April 2024 (Page 28 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-49501 | 2024-04-19 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. |
| CVE-2023-49502 | 2024-04-19 | Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. |
| CVE-2023-50007 | 2024-04-19 | FFmpeg v.n6.1-3-g466799d4f5 allows an attacker to trigger use of a parameter of negative size in the av_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. |
| CVE-2023-50008 | 2024-04-19 | FFmpeg v.n6.1-3-g466799d4f5 allows memory consumption when using the colorcorrect filter, in the av_malloc function in libavutil/mem.c:105:9 component. |
| CVE-2023-50009 | 2024-04-19 | FFmpeg v.n6.1-3-g466799d4f5 allows a heap-based buffer overflow via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component. |
| CVE-2023-50010 | 2024-04-19 | FFmpeg v.n6.1-3-g466799d4f5 allows a buffer over-read at ff_gradfun_blur_line_movdqa_sse2, as demonstrated by a call to the set_encoder_id function in /fftools/ffmpeg_enc.c component. |
| CVE-2023-51791 | 2024-04-19 | Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map. |
| CVE-2023-51792 | 2024-04-19 | Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000. |
| CVE-2023-51793 | 2024-04-19 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. |
| CVE-2023-51795 | 2024-04-19 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame |
| CVE-2023-51796 | 2024-04-19 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame. |
| CVE-2023-51797 | 2024-04-19 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame |
| CVE-2023-51798 | 2024-04-19 | Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate. |
| CVE-2024-22640 | 2024-04-19 | TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color. |
| CVE-2024-27984 | 2024-04-19 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete specific type of files and/or cause denial of service. |
| CVE-2024-27975 | 2024-04-19 | An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. |
| CVE-2024-29204 | 2024-04-19 | A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands |
| CVE-2024-27976 | 2024-04-19 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. |
| CVE-2024-23530 | 2024-04-19 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. |
| CVE-2024-23531 | 2024-04-19 | An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also... |
| CVE-2024-23533 | 2024-04-19 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory. |
| CVE-2024-23534 | 2024-04-19 | An Unrestricted File-upload vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. |
| CVE-2024-24996 | 2024-04-19 | A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands. |
| CVE-2024-24994 | 2024-04-19 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. |
| CVE-2024-27978 | 2024-04-19 | A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. |
| CVE-2024-24991 | 2024-04-19 | A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. |
| CVE-2024-24997 | 2024-04-19 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. |
| CVE-2024-24999 | 2024-04-19 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. |
| CVE-2024-24993 | 2024-04-19 | A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. |
| CVE-2024-24995 | 2024-04-19 | A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. |
| CVE-2024-24998 | 2024-04-19 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. |
| CVE-2024-23535 | 2024-04-19 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. |
| CVE-2024-23532 | 2024-04-19 | An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead... |
| CVE-2024-24992 | 2024-04-19 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. |
| CVE-2024-27977 | 2024-04-19 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service. |
| CVE-2024-25000 | 2024-04-19 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. |
| CVE-2024-23528 | 2024-04-19 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. |
| CVE-2024-23529 | 2024-04-19 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. |
| CVE-2024-22061 | 2024-04-19 | A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands |
| CVE-2024-23526 | 2024-04-19 | An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. |
| CVE-2024-3560 | 2024-04-19 | The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient... |
| CVE-2024-3598 | 2024-04-19 | The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input... |
| CVE-2024-3615 | 2024-04-19 | The Media Library Folders plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 8.2.0 due to insufficient input sanitization... |
| CVE-2024-3818 | 2024-04-19 | The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's "Social Icons" block in all versions up... |
| CVE-2024-3731 | 2024-04-19 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input... |
| CVE-2024-3600 | 2024-04-19 | The Poll Maker – Best WordPress Poll Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to a missing capability check on the ays_poll_maker_quick_start AJAX action in addition... |
| CVE-2024-29957 | 2024-04-19 | Encryption key is stored in the DR log files |
| CVE-2024-29958 | 2024-04-19 | Encryption key in the console when a privileged user executes the script to replace the Brocade SANnav Management Portal standby node. |
| CVE-2024-29959 | 2024-04-19 | Brocade Fabric OS switch encrypted passwords in the Brocade SANnav Standby node's support save |
| CVE-2024-29960 | 2024-04-19 | Identical SSH keys utilized inside the OVA image (CVE-2024-29960) |
| CVE-2024-29961 | 2024-04-19 | supply-chain attack risk |
| CVE-2024-29963 | 2024-04-19 | Brocade SANnav contains hardcoded TLS keys used by Docker |
| CVE-2024-29962 | 2024-04-19 | Insecure file permission setting that makes files world-readable |
| CVE-2024-29964 | 2024-04-19 | Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files |
| CVE-2024-29965 | 2024-04-19 | Insecure backup |
| CVE-2024-29966 | 2024-04-19 | hard-coded credentials in the documentation that appear as the appliance root password |
| CVE-2024-2761 | 2024-04-19 | Genesis Blocks < 3.1.3 - Contributor+ Stored XSS |
| CVE-2024-29967 | 2024-04-19 | In Brocade SANnav before v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points |
| CVE-2024-29968 | 2024-04-19 | SQL Table names, column names, and SQL queries are collected in DR standby Supportsave |
| CVE-2024-29969 | 2024-04-19 | TLS/SSL weak message authentication code ciphers are added by default for port 18082 |
| CVE-2024-0671 | 2024-04-19 | Mali GPU Kernel Driver allows improper GPU memory processing operations |
| CVE-2024-1065 | 2024-04-19 | Mali GPU Kernel Driver allows improper GPU memory processing operations |
| CVE-2024-32683 | 2024-04-19 | WordPress WP Ultimate Review plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-3654 | 2024-04-19 | Cross-Site Scripting Vulnerability in Teixo by Teimas Global |
| CVE-2023-37400 | 2024-04-19 | IBM Aspera Faspex privilege escalation |
| CVE-2024-3470 | 2024-04-19 | Repository administrator can bypass organization's ruleset using deploy keys |
| CVE-2024-3646 | 2024-04-19 | Command injection vulnerability was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console |
| CVE-2023-49275 | 2024-04-19 | Wazuh vulnerable to NULL Pointer Dereference in wazuh-analysisd |
| CVE-2024-3684 | 2024-04-19 | Improper Privilege Management was identified in GitHub Enterprise Server that allowed privilege escalation in the Management Console |
| CVE-2023-50260 | 2024-04-19 | Wazuh's vulnerability in host_deny AR script allows arbitrary command execution |
| CVE-2024-32038 | 2024-04-19 | Wazuh Analysis Engine Event Decoder Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-32478 | 2024-04-19 | Git Credential Manager (GCM)'s Debian package does not set root ownership on installed files |
| CVE-2024-32644 | 2024-04-19 | Evmos' transaction execution not accounting for all state transition after interaction with precompiles |
| CVE-2024-29030 | 2024-04-19 | memos vulnerable to an SSRF in /api/resource |
| CVE-2024-29028 | 2024-04-19 | memos vulnerable to an SSRF in /o/get/httpmeta |
| CVE-2024-29029 | 2024-04-19 | memos vulnerable to an SSRF in /o/get/image |
| CVE-2023-22869 | 2024-04-19 | IBM Aspera Faspex information disclosure |
| CVE-2024-29183 | 2024-04-19 | OpenRASP vulnerable to a reflected Cross-Site Scripting (XSS) attack in /login |
| CVE-2024-32650 | 2024-04-19 | Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input |
| CVE-2023-37396 | 2024-04-19 | IBM Aspera Faspex information disclosure |
| CVE-2023-27279 | 2024-04-19 | IBM Aspera Faspex denial of service |
| CVE-2024-29991 | 2024-04-19 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability |
| CVE-2023-37397 | 2024-04-19 | IBM Aspera Faspex data manipulation |
| CVE-2022-40745 | 2024-04-19 | IBM Aspera Faspex information disclosure |
| CVE-2024-2440 | 2024-04-19 | Race Condition was identified in GitHub Enterprise Server that allowed maintaining admin permissions |
| CVE-2024-3979 | 2024-04-19 | COVESA vsomeip race condition |
| CVE-2024-32652 | 2024-04-19 | @hono/node-server contains Denial of Service risk when receiving Host header that cannot be parsed |
| CVE-2024-31450 | 2024-04-19 | Owncast vulnerable to arbitrary file deletion in emoji.go (GHSL-2023-277) |
| CVE-2024-1681 | 2024-04-19 | Log Injection Vulnerability in corydolphin/flask-cors |
| CVE-2024-4018 | 2024-04-19 | Privilege Escalation in U-Series Appliance |
| CVE-2024-4017 | 2024-04-19 | Privilege Escalation in U-Series Appliance |
| CVE-2024-31991 | 2024-04-19 | Mealie vulnerable to a GET-based SSRF in recipe importer (GHSL-2023-225) |
| CVE-2024-31992 | 2024-04-19 | Mealie contains a DoS vulnerability in recipe importer |
| CVE-2024-31993 | 2024-04-19 | Mealie vulnerable to a GET-based SSRF in recipe image importer (GHSL-2023-227) |
| CVE-2024-31994 | 2024-04-19 | Mealie vulnerable to a DoS in recipe image importer (GHSL-2023-228) |
| CVE-2024-1480 | 2024-04-19 | Unitronics Vision Standard Unauthenticated Password Retrieval |
| CVE-2024-1057 | 2024-04-20 | The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +10 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's... |
| CVE-2024-1730 | 2024-04-20 | The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to... |
| CVE-2024-4014 | 2024-04-20 | The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf7-hcaptcha shortcode in all versions up to, and including, 4.0.0 due to insufficient input... |
| CVE-2024-4019 | 2024-04-20 | Byzoro Smart S80 Management Platform importhtml.php deserialization |