Lista CVE - 2024 / Gennaio
Visualizzazione 1201 - 1300 di 2591 CVE per Gennaio 2024 (Pagina 13 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-51068 | 2024-01-13 | An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. |
| CVE-2023-51071 | 2024-01-13 | An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing... |
| CVE-2023-51804 | 2024-01-13 | An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file. |
| CVE-2023-51805 | 2024-01-13 | SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file. |
| CVE-2023-52288 | 2024-01-13 | An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows attackers to... |
| CVE-2023-52289 | 2024-01-13 | An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to... |
| CVE-2024-0475 | 2024-01-13 | code-projects Dormitory Management System modifyuser.php sql injection |
| CVE-2024-0476 | 2024-01-13 | Blood Bank & Donor Management request-received-bydonar.php cross site scripting |
| CVE-2024-0477 | 2024-01-13 | code-projects Fighting Cock Information System update-deworm.php sql injection |
| CVE-2024-0478 | 2024-01-13 | code-projects Fighting Cock Information System edit_chicken.php sql injection |
| CVE-2024-0479 | 2024-01-13 | Taokeyun HTTP POST Request User.php login sql injection |
| CVE-2024-0480 | 2024-01-13 | Taokeyun HTTP POST Request Drs.php index sql injection |
| CVE-2024-0251 | 2024-01-13 | The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization... |
| CVE-2024-21640 | 2024-01-13 | OOB Access in CefVideoConsumerOSR::OnFrameCaptured |
| CVE-2024-22209 | 2024-01-13 | XBlock custom auth does not respect JWT Scopes |
| CVE-2024-0481 | 2024-01-13 | Taokeyun HTTP POST Request Goods.php shopGoods sql injection |
| CVE-2024-0482 | 2024-01-13 | Taokeyun HTTP POST Request Video.php index sql injection |
| CVE-2024-0483 | 2024-01-13 | Taokeyun HTTP POST Request Task.php index sql injection |
| CVE-2024-0484 | 2024-01-13 | code-projects Fighting Cock Information System update_mother.php sql injection |
| CVE-2024-0485 | 2024-01-13 | code-projects Fighting Cock Information System add_con.php sql injection |
| CVE-2024-0486 | 2024-01-13 | code-projects Fighting Cock Information System add_con.php sql injection |
| CVE-2024-0487 | 2024-01-13 | code-projects Fighting Cock Information System delete-vaccine.php sql injection |
| CVE-2024-0488 | 2024-01-13 | code-projects Fighting Cock Information System new-feed.php sql injection |
| CVE-2024-0489 | 2024-01-13 | code-projects Fighting Cock Information System edit_chicken.php sql injection |
| CVE-2024-0490 | 2024-01-13 | Huaxia ERP getAllList information disclosure |
| CVE-2024-0491 | 2024-01-13 | Huaxia ERP UserController.java password recovery |
| CVE-2024-0492 | 2024-01-13 | Kashipara Billing Software HTTP POST Request buyer_detail_submit.php sql injection |
| CVE-2024-0493 | 2024-01-13 | Kashipara Billing Software HTTP POST Request submit_delivery_list.php sql injection |
| CVE-2024-0494 | 2024-01-13 | Kashipara Billing Software HTTP POST Request material_bill.php sql injection |
| CVE-2024-0495 | 2024-01-13 | Kashipara Billing Software HTTP POST Request party_submit.php sql injection |
| CVE-2024-0496 | 2024-01-13 | Kashipara Billing Software HTTP POST Request item_list_edit.php sql injection |
| CVE-2024-0497 | 2024-01-13 | Campcodes Student Information System sql injection |
| CVE-2024-0498 | 2024-01-13 | Project Worlds Lawyer Management System searchLawyer.php sql injection |
| CVE-2024-0499 | 2024-01-13 | SourceCodester House Rental Management System index.php cross site scripting |
| CVE-2024-0500 | 2024-01-13 | SourceCodester House Rental Management System Manage Tenant Details cross site scripting |
| CVE-2024-0501 | 2024-01-13 | SourceCodester House Rental Management System Manage Invoice Details cross site scripting |
| CVE-2024-0502 | 2024-01-13 | SourceCodester House Rental Management System Edit User manage_user.php sql injection |
| CVE-2024-0503 | 2024-01-13 | code-projects Online FIR System registercomplaint.php cross site scripting |
| CVE-2024-0504 | 2024-01-13 | code-projects Simple Online Hotel Reservation System Make a Reservation Page add_reserve.php cross site scripting |
| CVE-2024-0505 | 2024-01-13 | ZhongFuCheng3y Austin Upload Material Menu MaterialController.java getFile unrestricted upload |
| CVE-2024-0510 | 2024-01-13 | HaoKeKeJi YiQiNiu Api.php http_post server-side request forgery |
| CVE-2024-0522 | 2024-01-14 | Allegro RomPager HTTP POST Request cross-site request forgery |
| CVE-2024-0523 | 2024-01-14 | CmsEasy language_admin.php getslide_child_action sql injection |
| CVE-2024-0524 | 2024-01-14 | CXBSoft Url-shorting index.php sql injection |
| CVE-2024-0525 | 2024-01-14 | CXBSoft Url-shorting HTTP POST Request long_s_short.php sql injection |
| CVE-2020-36770 | 2024-01-15 | pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm... |
| CVE-2024-0526 | 2024-01-15 | CXBSoft Url-shorting HTTP POST Request short_to_long.php sql injection |
| CVE-2024-0527 | 2024-01-15 | CXBSoft Url-shorting HTTP POST Request update_go.php sql injection |
| CVE-2024-0528 | 2024-01-15 | CXBSoft Post-Office HTTP POST Request update_go.php sql injection |
| CVE-2024-0529 | 2024-01-15 | CXBSoft Post-Office HTTP POST Request login_auth.php sql injection |
| CVE-2024-0530 | 2024-01-15 | CXBSoft Post-Office HTTP POST Request reg_go.php sql injection |
| CVE-2024-0531 | 2024-01-15 | Tenda A15 Web-based Management Interface setBlackRule stack-based overflow |
| CVE-2024-0532 | 2024-01-15 | Tenda A15 Web-based Management Interface WifiExtraSet set_repeat5 stack-based overflow |
| CVE-2024-0533 | 2024-01-15 | Tenda A15 Web-based Management Interface SetOnlineDevName stack-based overflow |
| CVE-2024-0534 | 2024-01-15 | Tenda A15 Web-based Management Interface SetOnlineDevName stack-based overflow |
| CVE-2023-48383 | 2024-01-15 | NetVision Information airPASS - Path Traversal |
| CVE-2024-0535 | 2024-01-15 | Tenda PA6 httpd portmap cgiPortMapAdd stack-based overflow |
| CVE-2024-0536 | 2024-01-15 | Tenda W9 httpd setWrlAccessList stack-based overflow |
| CVE-2024-0537 | 2024-01-15 | Tenda W9 httpd setWrlBasicInfo stack-based overflow |
| CVE-2024-0538 | 2024-01-15 | Tenda W9 httpd formQosManage_auto stack-based overflow |
| CVE-2024-0552 | 2024-01-15 | Intumit inc. SmartRobot - Remote Code Execution |
| CVE-2024-0539 | 2024-01-15 | Tenda W9 httpd formQosManage_user stack-based overflow |
| CVE-2024-0540 | 2024-01-15 | Tenda W9 httpd formOfflineSet stack-based overflow |
| CVE-2024-0541 | 2024-01-15 | Tenda W9 httpd formAddSysLogRule stack-based overflow |
| CVE-2024-0542 | 2024-01-15 | Tenda W9 httpd formWifiMacFilterGet stack-based overflow |
| CVE-2024-0543 | 2024-01-15 | CodeAstro Real Estate Management System propertydetail.php sql injection |
| CVE-2024-0545 | 2024-01-15 | CodeCanyon RISE Ultimate Project Manager signin redirect |
| CVE-2024-0546 | 2024-01-15 | EasyFTP LIST Command denial of service |
| CVE-2024-0547 | 2024-01-15 | Ability FTP Server APPE Command denial of service |
| CVE-2024-0548 | 2024-01-15 | FreeFloat FTP Server SIZE Command denial of service |
| CVE-2024-22028 | 2024-01-15 | Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the... |
| CVE-2023-6915 | 2024-01-15 | Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c |
| CVE-2023-50290 | 2024-01-15 | Apache Solr: Host environment variables are published via the Metrics API |
| CVE-2023-46749 | 2024-01-15 | Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting |
| CVE-2023-46226 | 2024-01-15 | Apache IoTDB: Remote Code Execution (RCE) risk via the UDF |
| CVE-2023-5253 | 2024-01-15 | Check Point IoT integration: WebSocket returns assets data without authentication in Guardian/CMC before 23.3.0 |
| CVE-2023-4001 | 2024-01-15 | Grub2: bypass the grub password protection feature |
| CVE-2024-20721 | 2024-01-15 | T5 Acrobat JS vulnerability - Exploitable crash via t5::javascript::get_page_num_words |
| CVE-2024-20709 | 2024-01-15 | New Edge T5 MSRC Case [DCMSFT-1081] |
| CVE-2023-4818 | 2024-01-15 | PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The... |
| CVE-2023-42134 | 2024-01-15 | PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access... |
| CVE-2023-42135 | 2024-01-15 | PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical... |
| CVE-2023-42136 | 2024-01-15 | PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker... |
| CVE-2023-42137 | 2024-01-15 | PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device... |
| CVE-2023-6941 | 2024-01-15 | Keap Official Opt-in Forms <= 1.0.11 - Admin+ Stored XSS |
| CVE-2023-6049 | 2024-01-15 | Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection |
| CVE-2023-6029 | 2024-01-15 | EazyDocs < 2.3.6 - Unauthenticated Arbitrary Posts Deletion and Document Management |
| CVE-2023-6843 | 2024-01-15 | easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update |
| CVE-2023-6623 | 2024-01-15 | Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion |
| CVE-2023-6048 | 2024-01-15 | Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update |
| CVE-2023-6163 | 2024-01-15 | WP Crowdfunding < 2.1.10 - Admin+ Stored XSS |
| CVE-2023-6620 | 2024-01-15 | Post SMTP < 2.8.7 - Admin+ SQL Injection |
| CVE-2023-6991 | 2024-01-15 | JSM file_get_contents() Shortcode < 2.7.1 - Contributor+ SSRF |
| CVE-2023-6050 | 2024-01-15 | Estatik Real Estate Plugin < 4.1.1 - Reflected XSS |
| CVE-2023-6066 | 2024-01-15 | WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update |
| CVE-2023-5905 | 2024-01-15 | DeMomentSomTres WordPress Export Posts With Images <= 20220825 - Subscriber+ unauthorized data export |
| CVE-2023-4925 | 2024-01-15 | Easy Forms for Mailchimp <= 6.8.10 - Admin+ Stored Cross-Site Scripting |
| CVE-2024-22207 | 2024-01-15 | Default swagger-ui configuration exposes all files in the module |
| CVE-2023-50729 | 2024-01-15 | An unrestricted file upload vulnerability in traccar leads to RCE |
| CVE-2024-0314 | 2024-01-15 | XSS vulnerability in FireEye Central Management |