Lista CVE - 2024 / Gennaio
Visualizzazione 1 - 100 di 2591 CVE per Gennaio 2024 (Pagina 1 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-50094 | 2024-01-01 | reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root... |
| CVE-2024-21732 | 2024-01-01 | FlyCms through abbaa5a allows XSS via the permission management feature. |
| CVE-2023-6064 | 2024-01-01 | PayHere Payment Gateway < 2.2.12 - Unauthenticated Log Data Disclosure |
| CVE-2023-6421 | 2024-01-01 | Download Manager < 3.2.83 - Unauthenticated Protected File Download Password Leak |
| CVE-2023-6271 | 2024-01-01 | Backup Migration Staging < 1.3.6 - Sensitive Data Exposure |
| CVE-2023-6485 | 2024-01-01 | Html5 Video Player < 2.5.19 - Subscriber+ Stored XSS |
| CVE-2023-6000 | 2024-01-01 | Popup Builder < 4.2.3 - Unauthenticated Stored XSS |
| CVE-2023-6037 | 2024-01-01 | WP TripAdvisor Review Slider < 11.9 - Admin+ Stored XSS |
| CVE-2023-5877 | 2024-01-01 | affiliate-toolkit < 3.4.3 - Unauthenticated SSRF |
| CVE-2023-6113 | 2024-01-01 | WP Staging (Free < 3.1.3, Pro < 5.1.3) - Unauthenticated Backup Download |
| CVE-2024-0181 | 2024-01-01 | RRJ Nueva Ecija Engineer Online Portal Admin Panel admin_user.php cross site scripting |
| CVE-2024-0182 | 2024-01-01 | SourceCodester Engineers Online Portal Admin Login sql injection |
| CVE-2024-0183 | 2024-01-01 | RRJ Nueva Ecija Engineer Online Portal NIA Office students.php cross site scripting |
| CVE-2024-0184 | 2024-01-01 | RRJ Nueva Ecija Engineer Online Portal Add Enginer edit_teacher.php cross site scripting |
| CVE-2023-45893 | 2024-01-02 | An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. |
| CVE-2023-49551 | 2024-01-02 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file. |
| CVE-2020-26623 | 2024-01-02 | SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login... |
| CVE-2020-26624 | 2024-01-02 | A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal. |
| CVE-2020-26625 | 2024-01-02 | A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal. |
| CVE-2023-45561 | 2024-01-02 | An issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. |
| CVE-2023-45892 | 2024-01-02 | An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. |
| CVE-2023-47458 | 2024-01-02 | An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework. |
| CVE-2023-49549 | 2024-01-02 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file. |
| CVE-2023-49550 | 2024-01-02 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component. |
| CVE-2023-49552 | 2024-01-02 | An Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file. |
| CVE-2023-49553 | 2024-01-02 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file. |
| CVE-2023-49554 | 2024-01-02 | Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component. |
| CVE-2023-49555 | 2024-01-02 | An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component. |
| CVE-2023-49556 | 2024-01-02 | Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. |
| CVE-2023-49557 | 2024-01-02 | An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component. |
| CVE-2023-49558 | 2024-01-02 | An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. |
| CVE-2023-50019 | 2024-01-02 | An issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response. |
| CVE-2023-50020 | 2024-01-02 | An issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF. |
| CVE-2024-0185 | 2024-01-02 | RRJ Nueva Ecija Engineer Online Portal Avatar dasboard_teacher.php unrestricted upload |
| CVE-2024-0186 | 2024-01-02 | HuiRan Host Reseller System HTTP POST Request password recovery |
| CVE-2023-32872 | 2024-01-02 | In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-32874 | 2024-01-02 | In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2023-32875 | 2024-01-02 | In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not... |
| CVE-2023-32876 | 2024-01-02 | In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not... |
| CVE-2023-32877 | 2024-01-02 | In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-32878 | 2024-01-02 | In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not... |
| CVE-2023-32879 | 2024-01-02 | In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-32880 | 2024-01-02 | In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not... |
| CVE-2023-32881 | 2024-01-02 | In battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed... |
| CVE-2023-32882 | 2024-01-02 | In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-32883 | 2024-01-02 | In Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2023-32884 | 2024-01-02 | In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-32885 | 2024-01-02 | In display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-32886 | 2024-01-02 | In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional... |
| CVE-2023-32887 | 2024-01-02 | In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2023-32888 | 2024-01-02 | In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional... |
| CVE-2023-32889 | 2024-01-02 | In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional... |
| CVE-2023-32890 | 2024-01-02 | In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction... |
| CVE-2023-32831 | 2024-01-02 | In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction... |
| CVE-2023-32891 | 2024-01-02 | In bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-26159 | 2024-01-02 | Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error,... |
| CVE-2023-26157 | 2024-01-02 | Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c. |
| CVE-2023-47039 | 2024-01-02 | Perl: perl for windows binary hijacking vulnerability |
| CVE-2023-28583 | 2024-01-02 | Double Free in Data Network Stack & Connectivity |
| CVE-2023-33014 | 2024-01-02 | Improper Input Validation in Services |
| CVE-2023-33025 | 2024-01-02 | Buffer Copy without Checking Size of Input in Data Modem |
| CVE-2023-33030 | 2024-01-02 | Buffer Copy without Checking Size of Input in HLOS |
| CVE-2023-33032 | 2024-01-02 | Integer Overflow or Wraparound in TZ Secure OS |
| CVE-2023-33033 | 2024-01-02 | Use of Out-of-range Pointer Offset in Audio |
| CVE-2023-33036 | 2024-01-02 | NULL Pointer Dereference in Hypervisor |
| CVE-2023-33037 | 2024-01-02 | Cryptographic Issues in Automotive |
| CVE-2023-33038 | 2024-01-02 | Integer Overflow or Wraparound in Radio Interface Layer |
| CVE-2023-33040 | 2024-01-02 | Buffer Over-read in Data Modem |
| CVE-2023-33062 | 2024-01-02 | Buffer Over-read in WLAN Firmware |
| CVE-2023-33085 | 2024-01-02 | Buffer Copy Without Checking Size of Input (Classic Buffer Overflow) in Wearables |
| CVE-2023-33094 | 2024-01-02 | Use After Free in Linux Graphics |
| CVE-2023-33108 | 2024-01-02 | Use After Free in Graphics |
| CVE-2023-33109 | 2024-01-02 | NULL Pointer Dereference in WLAN Firmware |
| CVE-2023-33110 | 2024-01-02 | Use of Out-of-range Pointer Offset in Audio |
| CVE-2023-33112 | 2024-01-02 | Buffer Over-read in WLAN Firmware |
| CVE-2023-33113 | 2024-01-02 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Kernel |
| CVE-2023-33114 | 2024-01-02 | Use after free in Neural Processing Unit |
| CVE-2023-33116 | 2024-01-02 | Buffer over-read without Checking Size of Input in WLAN Host |
| CVE-2023-33117 | 2024-01-02 | Use After Free in Audio |
| CVE-2023-33118 | 2024-01-02 | Use After Free in Automotive Audio |
| CVE-2023-33120 | 2024-01-02 | Use After Free in Audio |
| CVE-2023-43511 | 2024-01-02 | Loop with Unreachable Exit Condition (Infinite Loop) in WLAN Firmware |
| CVE-2023-43512 | 2024-01-02 | Buffer Over-read in Qualcomm ESL |
| CVE-2023-43514 | 2024-01-02 | Use After Free in DSP Services |
| CVE-2023-47216 | 2024-01-02 | Liteos-A has a missing release of resource vulnerability |
| CVE-2023-47857 | 2024-01-02 | multimedia camera has a UAF vulnerability |
| CVE-2023-48360 | 2024-01-02 | multimedia player has a UAF vulnerability |
| CVE-2023-49135 | 2024-01-02 | multimedia player has a UAF vulnerability |
| CVE-2023-49142 | 2024-01-02 | multimedia audio has a UAF vulnerability |
| CVE-2023-6693 | 2024-01-02 | Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx() |
| CVE-2023-48732 | 2024-01-02 | Keywords that trigger mentions are leaked to other users |
| CVE-2023-50333 | 2024-01-02 | Lack of restriction to manage group names for freshly demoted guests |
| CVE-2023-47858 | 2024-01-02 | Details of archived public channels are leaked to members of another team |
| CVE-2023-6436 | 2024-01-02 | SQLi in Ekol Bilisim Website Template |
| CVE-2015-10128 | 2024-01-02 | rt-prettyphoto Plugin rt-prettyphoto.php royal_prettyphoto_plugin_links cross site scripting |
| CVE-2017-20188 | 2024-01-02 | Zimbra zm-ajax XFormItem.js XFormItem.prototype.setError cross site scripting |
| CVE-2024-0188 | 2024-01-02 | RRJ Nueva Ecija Engineer Online Portal change_password_teacher.php weak password |
| CVE-2018-25097 | 2024-01-02 | Acumos Design Studio cross site scripting |
| CVE-2023-4280 | 2024-01-02 | Unvalidated input in Silicon Labs TrustZone implementation leads to accessing Trusted memory region |
| CVE-2024-0189 | 2024-01-02 | RRJ Nueva Ecija Engineer Online Portal Create Message teacher_message.php cross site scripting |