CVE List - 2024 / April
Showing 701 - 800 of 3605 CVEs for April 2024 (Page 8 of 37)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-3354 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection |
| CVE-2024-27231 | 2024-04-05 | In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2024-27232 | 2024-04-05 | In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2024-29738 | 2024-04-05 | In gov_init, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2024-29739 | 2024-04-05 | In tmu_get_temp_lut of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2024-29740 | 2024-04-05 | In tmu_set_table of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-29741 | 2024-04-05 | In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-29742 | 2024-04-05 | In apply_minlock_constraint of dvfs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2024-29743 | 2024-04-05 | In tmu_set_temp_lut of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-29744 | 2024-04-05 | In tmu_get_gov_time_windows, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2024-29745 | 2024-04-05 | there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
| CVE-2024-29746 | 2024-04-05 | In lpm_req_handler of lpm.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2024-29747 | 2024-04-05 | In _dvfs_get_lv of dvfs.c, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2024-29748 | 2024-04-05 | there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2024-29749 | 2024-04-05 | In tmu_set_tr_thresholds of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-29750 | 2024-04-05 | In km_exp_did_inner of kmv.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2024-29751 | 2024-04-05 | In asn1_ec_pkey_parse_p384 of asn1_common.c, there is a possible OOB Read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2024-29752 | 2024-04-05 | In tmu_set_tr_num_thresholds of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-29753 | 2024-04-05 | In tmu_set_control_temp_step of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-29754 | 2024-04-05 | In TMU_IPC_GET_TABLE, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2024-29755 | 2024-04-05 | In tmu_get_pi of tmu.c, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2024-29756 | 2024-04-05 | In afe_callback of q6afe.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2024-29757 | 2024-04-05 | there is a possible permission bypass due to Debug certs being allowlisted. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not... |
| CVE-2024-29782 | 2024-04-05 | In tmu_get_tr_num_thresholds of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2024-29783 | 2024-04-05 | In tmu_get_tr_thresholds, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2024-3355 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System sql injection |
| CVE-2023-4605 | 2024-04-05 | A valid authenticated Lenovo XClarity Administrator (LXCA) user can potentially leverage an unauthenticated API endpoint to retrieve system event information. |
| CVE-2023-5912 | 2024-04-05 | A potential memory leakage vulnerability was reported in some Lenovo Notebook products that may allow a local attacker with elevated privileges to write to NVRAM variables. |
| CVE-2023-25493 | 2024-04-05 | A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges... |
| CVE-2023-25494 | 2024-04-05 | A potential vulnerability were reported in the BIOS of some Desktop, Smart Edge, and ThinkStation products that could allow a local attacker with elevated privileges to write to NVRAM variables. |
| CVE-2024-23592 | 2024-04-05 | An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication. |
| CVE-2024-27908 | 2024-04-05 | A buffer overflow vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in denial of service. |
| CVE-2024-27909 | 2024-04-05 | A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot. |
| CVE-2024-27910 | 2024-04-05 | A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to reboot the printer without authentication. |
| CVE-2024-27911 | 2024-04-05 | A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password. |
| CVE-2024-27912 | 2024-04-05 | A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets. |
| CVE-2024-3356 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System sql injection |
| CVE-2024-3357 | 2024-04-05 | SourceCodester Aplaya Beach Resort Online Reservation System index.php cross site scripting |
| CVE-2024-27620 | 2024-04-06 | An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API. |
| CVE-2024-28741 | 2024-04-06 | Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component. |
| CVE-2024-1994 | 2024-04-06 | The Image Watermark plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the watermark_action_ajax() function in all versions up to, and including,... |
| CVE-2024-3245 | 2024-04-06 | The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site... |
| CVE-2024-2656 | 2024-04-06 | The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all... |
| CVE-2024-1385 | 2024-04-06 | The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismiss_notices() function in all versions up... |
| CVE-2024-3216 | 2024-04-06 | The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wt_pklist_reset_settings()... |
| CVE-2024-2950 | 2024-04-06 | The BoldGrid Easy SEO – Simple and Effective SEO plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.14 via meta information (og:description) This... |
| CVE-2024-3358 | 2024-04-06 | SourceCodester Aplaya Beach Resort Online Reservation System index.php cross site scripting |
| CVE-2024-3359 | 2024-04-06 | SourceCodester Online Library System login.php sql injection |
| CVE-2024-3360 | 2024-04-06 | SourceCodester Online Library System index.php sql injection |
| CVE-2024-2444 | 2024-04-06 | Inline Related Posts < 3.5.0 - Admin+ Stored XSS |
| CVE-2024-3361 | 2024-04-06 | SourceCodester Online Library System deweydecimal.php sql injection |
| CVE-2024-2471 | 2024-04-06 | The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image attachment fields (such as 'Title', 'Alt Text', 'Custom URL', 'Custom Class', and 'Override Type') in all versions... |
| CVE-2024-3362 | 2024-04-06 | SourceCodester Online Library System controller.php sql injection |
| CVE-2024-2949 | 2024-04-06 | The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable... |
| CVE-2024-1428 | 2024-04-06 | The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... |
| CVE-2024-0837 | 2024-04-06 | The Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... |
| CVE-2024-2458 | 2024-04-06 | The Powerkit – Supercharge your WordPress Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.9.1 due to... |
| CVE-2024-3363 | 2024-04-06 | SourceCodester Online Library System index.php sql injection |
| CVE-2024-2132 | 2024-04-06 | The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Widget in all versions up to, and including, 1.4.0 due to insufficient... |
| CVE-2024-2296 | 2024-04-06 | The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.8.21... |
| CVE-2024-3364 | 2024-04-06 | SourceCodester Online Library System index.php cross site scripting |
| CVE-2024-3365 | 2024-04-06 | SourceCodester Online Library System controller.php cross site scripting |
| CVE-2024-3366 | 2024-04-06 | Xuxueli xxl-job Template JdkSerializeTool.java deserialize injection |
| CVE-2024-3369 | 2024-04-06 | code-projects Car Rental add-vehicle.php unrestricted upload |
| CVE-2024-3376 | 2024-04-06 | SourceCodester Computer Laboratory Management System config.php redirect |
| CVE-2024-22328 | 2024-04-06 | IBM Maximo Application Suite information disclosure |
| CVE-2024-25029 | 2024-04-06 | IBM Personal Communications code execution |
| CVE-2024-24746 | 2024-04-06 | Apache NimBLE: Denial of service in NimBLE Bluetooth stack |
| CVE-2024-3377 | 2024-04-06 | SourceCodester Computer Laboratory Management System cross site scripting |
| CVE-2024-3378 | 2024-04-06 | iboss Secure Web Gateway Login Portal login cross site scripting |
| CVE-2024-3156 | 2024-04-06 | Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity:... |
| CVE-2024-3158 | 2024-04-06 | Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-3159 | 2024-04-06 | Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-0406 | 2024-04-06 | Mholt/archiver: path traversal vulnerability |
| CVE-2024-3413 | 2024-04-06 | SourceCodester Human Resource Information System login_process.php sql injection |
| CVE-2024-3414 | 2024-04-06 | SourceCodester Human Resource Information System addcorporate_process.php cross site scripting |
| CVE-2024-3415 | 2024-04-06 | SourceCodester Human Resource Information System addbranches_process.php cross site scripting |
| CVE-2024-31950 | 2024-04-07 | In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size... |
| CVE-2024-31951 | 2024-04-07 | In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt... |
| CVE-2020-36829 | 2024-04-07 | The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are... |
| CVE-2021-47208 | 2024-04-07 | The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service. |
| CVE-2024-31948 | 2024-04-07 | In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. |
| CVE-2024-31949 | 2024-04-07 | In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing. |
| CVE-2023-6877 | 2024-04-07 | The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in... |
| CVE-2024-3416 | 2024-04-07 | SourceCodester Online Courseware editt.php sql injection |
| CVE-2024-3417 | 2024-04-07 | SourceCodester Online Courseware saveeditt.php sql injection |
| CVE-2024-30413 | 2024-04-07 | Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-30414 | 2024-04-07 | Command injection vulnerability in the AccountManager module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-30415 | 2024-04-07 | Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-30416 | 2024-04-07 | Use After Free (UAF) vulnerability in the underlying driver module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-30417 | 2024-04-07 | Path traversal vulnerability in the Bluetooth-based sharing module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-30418 | 2024-04-07 | Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52713 | 2024-04-07 | Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. |
| CVE-2023-52714 | 2024-04-07 | Vulnerability of defects introduced in the design process in the hwnff module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-4438 | 2024-04-07 | kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver improper export of android application components |
| CVE-2023-52715 | 2024-04-07 | The SystemUI module has a vulnerability in permission management. Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-52716 | 2024-04-07 | Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52717 | 2024-04-07 | Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-3418 | 2024-04-07 | SourceCodester Online Courseware deactivateteach.php sql injection |
| CVE-2024-3419 | 2024-04-07 | SourceCodester Online Courseware edit.php sql injection |