The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-25969 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an allocation of resources without limits or throttling vulnerability. A local unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | -- | May 14, 2024 |
| CVE-2024-25970 | Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an improper input validation vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to loss of integrity. | -- | May 14, 2024 |
| CVE-2024-25971 | Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service. | -- | Mar 28, 2024 |
| CVE-2024-25972 | Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected product. | -- | Mar 1, 2024 |
| CVE-2024-25973 | The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog (sub-category) can enter unfiltered input in the name field. In addition, attackers who are allowed to create curriculums can also enter unfiltered input in the name field. This allows an attacker to execute stored JavaScript code with the permissions of the victim in the context of the user\'s browser. | -- | Feb 21, 2024 |
| CVE-2024-25974 | The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload. | -- | Feb 21, 2024 |
| CVE-2024-25978 | Insufficient file size checks resulted in a denial of service risk in the file picker\'s unzip functionality. | -- | Feb 20, 2024 |
| CVE-2024-25979 | The URL parameters accepted by forum search were not limited to the allowed parameters. | -- | Feb 20, 2024 |
| CVE-2024-25980 | Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers. | -- | Feb 20, 2024 |
| CVE-2024-25981 | Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers. | -- | Feb 20, 2024 |
| CVE-2024-25982 | The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. | -- | Feb 20, 2024 |
| CVE-2024-25983 | Insufficient checks in a web service made it possible to add comments to the comments block on another user\'s dashboard when it was not otherwise available (e.g., on their profile page). | -- | Feb 20, 2024 |
| CVE-2024-25984 | In dumpBatteryDefend of dump_power.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Mar 12, 2024 |
| CVE-2024-25985 | In bigo_unlocked_ioctl of bigo.c, there is a possible UAF due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Mar 12, 2024 |
| CVE-2024-25986 | In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Mar 12, 2024 |
| CVE-2024-25987 | In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | -- | Mar 12, 2024 |
| CVE-2024-25988 | In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Mar 12, 2024 |
| CVE-2024-25989 | In gpu_slc_liveness_update of pixel_gpu_slc.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Mar 12, 2024 |
| CVE-2024-25990 | In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | -- | Mar 12, 2024 |
| CVE-2024-25991 | In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Mar 12, 2024 |
| CVE-2024-25992 | In tmu_tz_control of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Mar 12, 2024 |
| CVE-2024-25993 | In tmu_reset_tmu_trip_counter of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | -- | Mar 12, 2024 |
| CVE-2024-25994 | An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. | -- | Mar 12, 2024 |
| CVE-2024-25995 | An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical function. | -- | Mar 12, 2024 |
| CVE-2024-25996 | An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user. | -- | Mar 12, 2024 |
| CVE-2024-25997 | An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected. | -- | Mar 12, 2024 |
| CVE-2024-25998 | An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. | -- | Mar 12, 2024 |
| CVE-2024-25999 | An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. | -- | Mar 12, 2024 |
| CVE-2024-26000 | An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. | -- | Mar 12, 2024 |
| CVE-2024-26001 | An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. | -- | Mar 12, 2024 |
| CVE-2024-26002 | An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files. | -- | Mar 12, 2024 |
| CVE-2024-26003 | An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality. | -- | Mar 12, 2024 |
| CVE-2024-26004 | An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality. | -- | Mar 12, 2024 |
| CVE-2024-26005 | An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS. | -- | Mar 12, 2024 |
| CVE-2024-26007 | An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via crafted HTTP requests. | -- | May 14, 2024 |
| CVE-2024-26016 | A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it\'s important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue. | -- | Feb 28, 2024 |
| CVE-2024-26018 | Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a. | -- | Mar 26, 2024 |
| CVE-2024-26019 | Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product. | -- | Apr 11, 2024 |
| CVE-2024-26023 | OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execute arbitrary OS commands. | -- | Apr 15, 2024 |
| CVE-2024-26026 | An SQL injection vulnerability exists in the BIG-IP Next Central Manager API (URI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | -- | May 8, 2024 |
| CVE-2024-26028 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | -- | Mar 18, 2024 |
| CVE-2024-26030 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | -- | Mar 18, 2024 |
| CVE-2024-26031 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | -- | Mar 18, 2024 |
| CVE-2024-26032 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim\'s browser. Exploitation of this issue requires user interaction. | -- | Mar 18, 2024 |
| CVE-2024-26033 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | -- | Mar 18, 2024 |
| CVE-2024-26034 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | -- | Mar 18, 2024 |
| CVE-2024-26035 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | -- | Mar 18, 2024 |
| CVE-2024-26038 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | -- | Mar 18, 2024 |
| CVE-2024-26040 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | -- | Mar 18, 2024 |
| CVE-2024-26041 | Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | -- | Mar 18, 2024 |
