Lista CVE - 2024 / Gennaio
Visualizzazione 2401 - 2500 di 2591 CVE per Gennaio 2024 (Pagina 25 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-40550 | 2024-01-29 | Shim: out-of-bound read in verify_buffer_sbat() |
| CVE-2023-40549 | 2024-01-29 | Shim: out-of-bounds read in verify_buffer_authenticode() malformed pe file |
| CVE-2023-40546 | 2024-01-29 | Shim: out-of-bounds read printing error messages |
| CVE-2024-1009 | 2024-01-29 | SourceCodester Employee Management System login.php sql injection |
| CVE-2024-1010 | 2024-01-29 | SourceCodester Employee Management System edit-profile.php cross site scripting |
| CVE-2023-40551 | 2024-01-29 | Shim: out of bounds read when parsing mz binaries |
| CVE-2024-23828 | 2024-01-29 | Nginx-UI authenticated RCE through injecting into the application config via CRLF |
| CVE-2024-1011 | 2024-01-29 | SourceCodester Employee Management System Leave delete-leave.php access control |
| CVE-2024-1016 | 2024-01-29 | Solar FTP Server PASV Command denial of service |
| CVE-2024-23940 | 2024-01-29 | Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow... |
| CVE-2023-30970 | 2024-01-29 | Gotham table and Forward App Path traversal |
| CVE-2024-1017 | 2024-01-29 | Gabriels FTP Server denial of service |
| CVE-2023-22836 | 2024-01-29 | In cases where a multi-tenant stack user is operating Foundry’s Linter service, and the user changes the linter name from the default value, the renamed value may be visible to the rest of the stack’s tenants. |
| CVE-2024-1018 | 2024-01-29 | PbootCMS cross site scripting |
| CVE-2023-4550 | 2024-01-29 | Unauthenticated Arbitrary File Read |
| CVE-2023-4551 | 2024-01-29 | Command Injection via Task Scheduler |
| CVE-2023-4552 | 2024-01-29 | Java Database Connectivity (JDBC) URL Manipulation |
| CVE-2023-4553 | 2024-01-29 | Unauthenticated Access to AppBuilder Configuration Files |
| CVE-2023-4554 | 2024-01-29 | XML External Entity (XXE) Processing |
| CVE-2024-1020 | 2024-01-29 | Rebuild proxy-download getStorageFile cross site scripting |
| CVE-2024-1021 | 2024-01-29 | Rebuild HTTP Request readRawText server-side request forgery |
| CVE-2024-23829 | 2024-01-29 | aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators |
| CVE-2024-23334 | 2024-01-29 | aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal |
| CVE-2024-1022 | 2024-01-29 | CodeAstro Simple Student Result Management System Add Class Page add_classes.php cross site scripting |
| CVE-2023-36260 | 2024-01-30 | An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name... |
| CVE-2024-22894 | 2024-01-30 | An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows... |
| CVE-2024-24326 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function. |
| CVE-2024-24328 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. |
| CVE-2023-36259 | 2024-01-30 | Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation. |
| CVE-2023-37571 | 2024-01-30 | Softing TH SCOPE through 3.70 allows XSS. |
| CVE-2023-51813 | 2024-01-30 | Cross Site Request Forgery (CSRF) vulnerability in Free Open-Source Inventory Management System v.1.0 allows a remote attacker to execute arbitrary code via the staff_list parameter in the index.php component. |
| CVE-2023-51837 | 2024-01-30 | Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation. |
| CVE-2023-51843 | 2024-01-30 | react-dashboard 1.4.0 is vulnerable to Cross Site Scripting (XSS) as httpOnly is not set. |
| CVE-2023-51982 | 2024-01-30 | CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and_ Local_ In the case of an address, identity authentication can be bypassed... |
| CVE-2024-22523 | 2024-01-30 | Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component. |
| CVE-2024-22643 | 2024-01-30 | A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. |
| CVE-2024-22646 | 2024-01-30 | An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. |
| CVE-2024-22647 | 2024-01-30 | An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a... |
| CVE-2024-22648 | 2024-01-30 | A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. |
| CVE-2024-22938 | 2024-01-30 | Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component. |
| CVE-2024-24324 | 2024-01-30 | TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. |
| CVE-2024-24325 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function. |
| CVE-2024-24327 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function. |
| CVE-2024-24329 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function. |
| CVE-2024-24330 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function. |
| CVE-2024-24331 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. |
| CVE-2024-24332 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function. |
| CVE-2024-24333 | 2024-01-30 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function. |
| CVE-2024-1024 | 2024-01-30 | SourceCodester Facebook News Feed Like New Account cross site scripting |
| CVE-2023-5372 | 2024-01-30 | The post-authentication command injection vulnerability in Zyxel NAS326 firmware versions through V5.21(AAZF.15)C0 and NAS542 firmware versions through V5.21(ABAG.12)C0 could allow an authenticated attacker with administrator privileges to execute some operating... |
| CVE-2024-1026 | 2024-01-30 | Cogites eReserv config.php cross site scripting |
| CVE-2024-21840 | 2024-01-30 | Directory and File Permission Vulnerability in Hitachi Storage Plug-in for VMware vCenter |
| CVE-2024-1027 | 2024-01-30 | SourceCodester Facebook News Feed Like Post unrestricted upload |
| CVE-2024-1028 | 2024-01-30 | SourceCodester Facebook News Feed Like Post cross site scripting |
| CVE-2024-21488 | 2024-01-30 | Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given... |
| CVE-2024-1029 | 2024-01-30 | Cogites eReserv tenancyDetail.php cross site scripting |
| CVE-2024-21803 | 2024-01-30 | Possible UAF in bt_accept_poll in Linux kernel |
| CVE-2023-7225 | 2024-01-30 | The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the width and height parameters in all versions up to, and including, 2.88.16 due to... |
| CVE-2024-1061 | 2024-01-30 | The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'get_view' function. |
| CVE-2023-6374 | 2024-01-30 | Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login... |
| CVE-2023-6942 | 2024-01-30 | Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3 Version1(GOT2000) versions 1.320J and prior, GX... |
| CVE-2023-6943 | 2024-01-30 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1(GOT1000) versions 1.325P and prior, GT Designer3... |
| CVE-2024-1063 | 2024-01-30 | Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159. |
| CVE-2024-1030 | 2024-01-30 | Cogites eReserv tenancyDetail.php cross site scripting |
| CVE-2024-0674 | 2024-01-30 | Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines |
| CVE-2024-0675 | 2024-01-30 | Improper checking for unusual or exceptional conditions vulnerability in Lamassu Bitcoin ATM Douro machines |
| CVE-2024-0676 | 2024-01-30 | Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines |
| CVE-2024-1031 | 2024-01-30 | CodeAstro Expense Management System Add Expenses Page 5-Add-Expenses.php cross site scripting |
| CVE-2024-1032 | 2024-01-30 | openBI Test Connection Databasesource.php testConnection deserialization |
| CVE-2024-1033 | 2024-01-30 | openBI Datament.php agent information disclosure |
| CVE-2024-1034 | 2024-01-30 | openBI File.php uploadFile unrestricted upload |
| CVE-2024-0564 | 2024-01-30 | Kernel: max page sharing of kernel samepage merging (ksm) may cause memory deduplication |
| CVE-2023-37518 | 2024-01-30 | A code injection vulnerability affects HCL BigFix ServiceNow Data Flow |
| CVE-2024-21649 | 2024-01-30 | Remote code execution |
| CVE-2024-21653 | 2024-01-30 | vantage6 insecure SSH configuration for node and server containers |
| CVE-2024-21671 | 2024-01-30 | vantage6 username timing attack |
| CVE-2024-22193 | 2024-01-30 | vantage6 unencrypted task can be created in encrypted collaboration |
| CVE-2024-22200 | 2024-01-30 | vantage6-UI docker image leaks software version information |
| CVE-2024-1035 | 2024-01-30 | openBI Icon.php uploadIcon unrestricted upload |
| CVE-2024-1019 | 2024-01-30 | WAF bypass of the ModSecurity v3 release line |
| CVE-2024-23647 | 2024-01-30 | PKCE downgrade attack in Authentik |
| CVE-2024-23825 | 2024-01-30 | TablePress SSRF vulnerability due to insufficient filtering of cloud provider hosts |
| CVE-2024-23838 | 2024-01-30 | TrueLayer.Client SSRF when fetching payment or payment provider |
| CVE-2024-23840 | 2024-01-30 | `goreleaser release --debug` shows secrets |
| CVE-2024-24565 | 2024-01-30 | CrateDB database has an arbitrary file read vulnerability |
| CVE-2023-6258 | 2024-01-30 | Pkcs11-provider: side-channel proofing pkcs#1 1.5 paths |
| CVE-2023-46231 | 2024-01-30 | Session Token Disclosure to Internal Log Files in Splunk Add-on Builder |
| CVE-2023-46230 | 2024-01-30 | Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder |
| CVE-2024-23841 | 2024-01-30 | XSS in @apollo/experimental-nextjs-app-support |
| CVE-2024-24556 | 2024-01-30 | XSS in @urql/next |
| CVE-2024-21388 | 2024-01-30 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2024-1036 | 2024-01-30 | openBI Icon Screen.php uploadIcon unrestricted upload |
| CVE-2024-24558 | 2024-01-30 | react-query-streamed-hydration xss |
| CVE-2023-5389 | 2024-01-30 | An attacker could potentially exploit this vulnerability, leading to the ability to modify files on Honeywell Experion ControlEdge VirtualUOC and ControlEdge UOC . This exploit could be used to write... |
| CVE-2024-24567 | 2024-01-30 | raw_call `value=` kwargs not disabled for static and delegate calls |
| CVE-2024-1059 | 2024-01-30 | Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-1060 | 2024-01-30 | Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-1077 | 2024-01-30 | Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) |
| CVE-2024-23834 | 2024-01-30 | Discourse improperly sanitized user input leads to XSS |
| CVE-2024-23745 | 2024-01-31 | In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file... |