Lista CVE - 2024 / Gennaio
Visualizzazione 1801 - 1900 di 2591 CVE per Gennaio 2024 (Pagina 19 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-22420 | 2024-01-19 | Stored cross site scripting in Markdown Preview in JupyterLab |
| CVE-2024-23681 | 2024-01-19 | Artemis Java Test Sandbox Libary Load Escape |
| CVE-2024-23684 | 2024-01-19 | upokecenter CBOR Denial of Service |
| CVE-2024-0735 | 2024-01-19 | SourceCodester Online Tours & Travels Management System expense.php exec sql injection |
| CVE-2024-0736 | 2024-01-19 | EFS Easy File Sharing FTP Login denial of service |
| CVE-2024-23689 | 2024-01-19 | ClickHouse Client Certificate Password Exposure |
| CVE-2024-23685 | 2024-01-19 | FOLIO mod-remote-storage Hard Coded Credentials |
| CVE-2024-23686 | 2024-01-19 | DependencyCheck Debug Mode Logging of NVD API Key |
| CVE-2024-23687 | 2024-01-19 | FOLIO mod-data-export-spring Hard-Coded Credentials |
| CVE-2024-23688 | 2024-01-19 | Consensys Discovery Nonce Reuse |
| CVE-2024-0737 | 2024-01-19 | Xlightftpd Xlight FTP Server Login denial of service |
| CVE-2024-0738 | 2024-01-19 | 个人开源 mldong DecisionModel.java ExpressionEngine code injection |
| CVE-2024-0739 | 2024-01-19 | Hecheng Leadshop leadshop.php deserialization |
| CVE-2024-23332 | 2024-01-19 | Client configured with permissive trust policies susceptible to rollback attack in Notary Project |
| CVE-2021-31314 | 2024-01-20 | File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server. |
| CVE-2023-46447 | 2024-01-20 | The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE. |
| CVE-2023-47024 | 2024-01-20 | Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that... |
| CVE-2023-51892 | 2024-01-20 | An issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component. |
| CVE-2023-51906 | 2024-01-20 | An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component. |
| CVE-2023-51924 | 2024-01-20 | An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2023-51925 | 2024-01-20 | An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2023-51926 | 2024-01-20 | YonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component. |
| CVE-2023-51927 | 2024-01-20 | YonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method. |
| CVE-2023-51928 | 2024-01-20 | An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2024-0623 | 2024-01-20 | The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation... |
| CVE-2024-0679 | 2024-01-20 | The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes... |
| CVE-2023-7063 | 2024-01-20 | The WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and... |
| CVE-2024-0521 | 2024-01-20 | Code Injection in paddlepaddle/paddle |
| CVE-2023-52353 | 2024-01-21 | An issue was discovered in Mbed TLS through 3.5.1. In mbedtls_ssl_session_reset, the maximum negotiable TLS version is mishandled. For example, if the last connection negotiated TLS 1.2, then 1.2 becomes... |
| CVE-2024-23725 | 2024-01-21 | Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries. |
| CVE-2024-23726 | 2024-01-21 | Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK... |
| CVE-2024-23730 | 2024-01-21 | The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML. |
| CVE-2024-23731 | 2024-01-21 | The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument. |
| CVE-2024-23732 | 2024-01-21 | The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py. |
| CVE-2024-23744 | 2024-01-21 | An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. |
| CVE-2016-15037 | 2024-01-21 | go4rayyan Scumblr Task cross site scripting |
| CVE-2024-0769 | 2024-01-21 | D-Link DIR-859 HTTP POST Request hedwig.cgi path traversal |
| CVE-2023-6531 | 2024-01-21 | Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf |
| CVE-2024-0770 | 2024-01-21 | European Chemicals Agency IUCLID Desktop Installer iuclid6.exe default permission |
| CVE-2024-0771 | 2024-01-21 | Nsasoft Product Key Explorer Registration memory corruption |
| CVE-2024-0772 | 2024-01-21 | Nsasoft ShareAlarmPro Registration memory corruption |
| CVE-2024-0773 | 2024-01-21 | CodeAstro Internet Banking System pages_client_signup.php cross site scripting |
| CVE-2023-24135 | 2024-01-22 | Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the... |
| CVE-2017-20189 | 2024-01-22 | In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects. |
| CVE-2021-42141 | 2024-01-22 | An issue was discovered in Contiki-NG tinyDTLS through 2018-08-30. One incorrect handshake could complete with different epoch numbers in the packets Client_Hello, Client_key_exchange, and Change_cipher_spec, which may cause denial of... |
| CVE-2023-47352 | 2024-01-22 | Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords. |
| CVE-2023-48118 | 2024-01-22 | SQL Injection vulnerability in Quest Analytics LLC IQCRM v.2023.9.5 allows a remote attacker to execute arbitrary code via a crafted request to the Common.svc WSDL page. |
| CVE-2023-52354 | 2024-01-22 | chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted. |
| CVE-2024-22895 | 2024-01-22 | DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. |
| CVE-2024-23750 | 2024-01-22 | MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. |
| CVE-2024-23751 | 2024-01-22 | LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's... |
| CVE-2024-23752 | 2024-01-22 | GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe... |
| CVE-2024-23768 | 2024-01-22 | Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and... |
| CVE-2024-23770 | 2024-01-22 | darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments. |
| CVE-2024-23771 | 2024-01-22 | darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. |
| CVE-2024-0774 | 2024-01-22 | Any-Capture Any Sound Recorder Registration memory corruption |
| CVE-2024-0776 | 2024-01-22 | LinZhaoguan pb-cms Comment cross site scripting |
| CVE-2024-22113 | 2024-01-22 | Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks... |
| CVE-2024-21484 | 2024-01-22 | Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security... |
| CVE-2024-22233 | 2024-01-22 | CVE-2024-22233: Spring Framework server Web DoS Vulnerability |
| CVE-2024-0775 | 2024-01-22 | Kernel: use-after-free while changing the mount option in __ext4_remount leading |
| CVE-2020-36771 | 2024-01-22 | CloudLinux CageFS 7.1.1-1 or below passes the authentication token as a command line argument. In some configurations this allows local users to view the authentication token via the process list... |
| CVE-2020-36772 | 2024-01-22 | CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside... |
| CVE-2023-44395 | 2024-01-22 | Autolab has Path Traversal vulnerability in Assessment functionality |
| CVE-2024-0778 | 2024-01-22 | Uniview ISC 2500-S VM.php setNatConfig os command injection |
| CVE-2024-0781 | 2024-01-22 | CodeAstro Internet Banking System pages_client_signup.php redirect |
| CVE-2024-0782 | 2024-01-22 | CodeAstro Online Railway Reservation System pass-profile.php cross site scripting |
| CVE-2022-45790 | 2024-01-22 | Omron FINS memory protection susceptible to bruteforce |
| CVE-2024-0783 | 2024-01-22 | Project Worlds Online Admission System documents.php unrestricted upload |
| CVE-2024-0784 | 2024-01-22 | hongmaple octopus list sql injection |
| CVE-2022-45792 | 2024-01-22 | Directory Traversal in Project File Format allows overwrite (Zip Slip) |
| CVE-2024-0204 | 2024-01-22 | Authentication Bypass in GoAnywhere MFT |
| CVE-2024-0605 | 2024-01-22 | Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code... |
| CVE-2024-0606 | 2024-01-22 | An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability... |
| CVE-2023-47746 | 2024-01-22 | IBM Db2 denial of service |
| CVE-2024-0430 | 2024-01-22 | IObit Malware Fighter v11.0.0.1274 - Denial of Service (DoS) |
| CVE-2023-50308 | 2024-01-22 | IBM Db2 denial of service |
| CVE-2023-45193 | 2024-01-22 | IBM Db2 denial of service |
| CVE-2023-7170 | 2024-01-22 | EventON-RSVP < 2.9.5 - Reflected XSS |
| CVE-2023-6625 | 2024-01-22 | Product Enquiry for WooCommerce < 3.1 - Arbitrary Enquiry Deletion via CSRF |
| CVE-2023-6384 | 2024-01-22 | WP User Profile Avatar < 1.0.1 - Author+ Avatar Deletion/Update via IDOR |
| CVE-2023-7194 | 2024-01-22 | Meris <= 1.1.2 - Reflected XSS |
| CVE-2023-6290 | 2024-01-22 | WP SEO Press < 7.3 - Admin+ Stored XSS |
| CVE-2023-6456 | 2024-01-22 | WP Review Slider < 13.0 - Admin+ Stored XSS |
| CVE-2023-6626 | 2024-01-22 | Product Enquiry for WooCommerce < 3.1 - Admin+ Stored XSS |
| CVE-2023-7082 | 2024-01-22 | WP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCE |
| CVE-2023-6447 | 2024-01-22 | EventPrime < 3.3.6 - Unauthenticated Event Access |
| CVE-2023-47747 | 2024-01-22 | IBM Db2 denial of service |
| CVE-2023-27859 | 2024-01-22 | IBM Db2 code execution |
| CVE-2023-47152 | 2024-01-22 | IBM Db2 information disclosure |
| CVE-2023-47158 | 2024-01-22 | IBM Db2 denial of service |
| CVE-2023-47141 | 2024-01-22 | IBM Db2 denial of service |
| CVE-2024-23675 | 2024-01-22 | Splunk App Key Value Store (KV Store) Improper Handling of Permissions Leads to KV Store Collection Deletion |
| CVE-2024-23677 | 2024-01-22 | Server Response Disclosure in RapidDiag Salesforce.com Log File |
| CVE-2024-23676 | 2024-01-22 | Sensitive Information Disclosure of Index Metrics through “mrollup” SPL Command |
| CVE-2024-23678 | 2024-01-22 | Deserialization of Untrusted Data on Splunk Enterprise for Windows through Path Traversal from Separate Disk Partition |
| CVE-2024-23339 | 2024-01-22 | hoolock does not block Prototype pollution with object-path related utilities |
| CVE-2024-23340 | 2024-01-22 | @hono/node-server can't handle "double dots" in URL |
| CVE-2024-23342 | 2024-01-22 | python-ecdsa vulnerable to Minerva attack on P-256 |
| CVE-2024-23345 | 2024-01-22 | Nautobot has XSS potential in rendered Markdown fields |