Lista CVE - 2024 / Gennaio
Visualizzazione 201 - 300 di 2591 CVE per Gennaio 2024 (Pagina 3 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-21622 | 2024-01-03 | Craft CMS Privilege Escalation |
| CVE-2024-21631 | 2024-01-03 | Integer overflow in URI leading to potential host spoofing |
| CVE-2024-21633 | 2024-01-03 | Arbitrary file write on Decoding |
| CVE-2023-6004 | 2024-01-03 | Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname |
| CVE-2024-0217 | 2024-01-03 | Packagekitd: use-after-free in idle function callback |
| CVE-2023-5879 | 2024-01-03 | Aladdin Connect Android Application Insecure Storage |
| CVE-2023-5880 | 2024-01-03 | Cross-site Scripting (XSS) injected into Aladdin Connect garage door opener (Retrofit-Kit) configuration setup webserver console via broadcast SSID name |
| CVE-2023-5881 | 2024-01-03 | Unauthenticated access permitted to web interface page "Garage Door Control Module Setup" |
| CVE-2023-6338 | 2024-01-03 | Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. |
| CVE-2023-6540 | 2024-01-03 | A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the... |
| CVE-2023-5138 | 2024-01-03 | Glitch detection not active by default in Silicon Labs Secure Vault High devices |
| CVE-2023-50256 | 2024-01-03 | Froxlor username/surname AND company field Bypass |
| CVE-2024-21634 | 2024-01-03 | Ion Java StackOverflow vulnerability |
| CVE-2023-29962 | 2024-01-04 | S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. |
| CVE-2023-50082 | 2024-01-04 | Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management... |
| CVE-2023-50630 | 2024-01-04 | Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function. |
| CVE-2023-51154 | 2024-01-04 | Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php. |
| CVE-2023-51812 | 2024-01-04 | Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList. |
| CVE-2023-52322 | 2024-01-04 | ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics. |
| CVE-2024-20802 | 2024-01-04 | Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment. |
| CVE-2024-20803 | 2024-01-04 | Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. |
| CVE-2024-20804 | 2024-01-04 | Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write... |
| CVE-2024-20805 | 2024-01-04 | Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write... |
| CVE-2024-20806 | 2024-01-04 | Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. |
| CVE-2024-20807 | 2024-01-04 | Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive information. |
| CVE-2024-20808 | 2024-01-04 | Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. |
| CVE-2024-20809 | 2024-01-04 | Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. |
| CVE-2024-0222 | 2024-01-04 | Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2024-0223 | 2024-01-04 | Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-0224 | 2024-01-04 | Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-0225 | 2024-01-04 | Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-6498 | 2024-01-04 | The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input... |
| CVE-2023-6733 | 2024-01-04 | The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for... |
| CVE-2023-6738 | 2024-01-04 | The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelayer_footer_code' meta fields in all versions... |
| CVE-2023-41784 | 2024-01-04 | Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro |
| CVE-2022-2081 | 2024-01-04 | A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the... |
| CVE-2023-7044 | 2024-01-04 | The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up... |
| CVE-2022-3864 | 2024-01-04 | A vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An... |
| CVE-2023-6944 | 2024-01-04 | Rhdh: catalog-import function leaks credentials to frontend |
| CVE-2023-6992 | 2024-01-04 | Memory corruption issues is Cloudflare zlib implementation |
| CVE-2021-42028 | 2024-01-04 | A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write... |
| CVE-2021-45465 | 2024-01-04 | A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition... |
| CVE-2021-40367 | 2024-01-04 | A vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write... |
| CVE-2023-49622 | 2024-01-04 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-49624 | 2024-01-04 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-49625 | 2024-01-04 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-49633 | 2024-01-04 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-49639 | 2024-01-04 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-49658 | 2024-01-04 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-49665 | 2024-01-04 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-49666 | 2024-01-04 | Billing Software v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-50743 | 2024-01-04 | Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-50752 | 2024-01-04 | Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-50753 | 2024-01-04 | Online Notice Board System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-50760 | 2024-01-04 | Online Notice Board System v1.0 - Insecure File Upload |
| CVE-2023-50862 | 2024-01-04 | Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-50863 | 2024-01-04 | Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-50864 | 2024-01-04 | Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-50865 | 2024-01-04 | Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-50866 | 2024-01-04 | Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-50867 | 2024-01-04 | Travel Website v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-3726 | 2024-01-04 | OCSInventory-ocsreports 2.12.0 - Stored cross-site Scripting |
| CVE-2024-21625 | 2024-01-04 | One-click remote code execution via malicious deep link |
| CVE-2023-6551 | 2024-01-04 | Stored XSS in class.upload.php |
| CVE-2023-6270 | 2024-01-04 | Kernel: aoe: improper reference count leads to use-after-free vulnerability |
| CVE-2024-21636 | 2024-01-04 | view_component Cross-site Scripting vulnerability |
| CVE-2024-22049 | 2024-01-04 | httparty Multipart/Form-Data Request Tampering Vulnerability |
| CVE-2024-22050 | 2024-01-04 | Iodine Static File Server Path Traversal Vulnerability |
| CVE-2024-22051 | 2024-01-04 | CommonMarker Integer Overflow Vulnerability |
| CVE-2024-22047 | 2024-01-04 | Audited Log Integrity Errors Due to Race Condition |
| CVE-2024-22048 | 2024-01-04 | govuk_tech_docs XSS Vulnerability |
| CVE-2024-0241 | 2024-01-04 | encoded_id-rails Denial of Service Vulnerability |
| CVE-2022-36677 | 2024-01-05 | Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document. |
| CVE-2024-22088 | 2024-01-05 | Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled. |
| CVE-2020-13878 | 2024-01-05 | IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write. |
| CVE-2020-13879 | 2024-01-05 | IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write. |
| CVE-2020-13880 | 2024-01-05 | IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write. |
| CVE-2023-50027 | 2024-01-05 | SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. |
| CVE-2023-50991 | 2024-01-05 | Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function. |
| CVE-2023-51277 | 2024-01-05 | nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds. |
| CVE-2023-52323 | 2024-01-05 | PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. |
| CVE-2024-22075 | 2024-01-05 | Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. |
| CVE-2024-22086 | 2024-01-05 | handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution. |
| CVE-2024-22087 | 2024-01-05 | route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. |
| CVE-2023-7207 | 2024-01-05 | Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to... |
| CVE-2023-41782 | 2024-01-05 | DLL Hijacking Vulnerability in ZTE ZXCLOUD iRAI |
| CVE-2023-6493 | 2024-01-05 | The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This... |
| CVE-2023-52178 | 2024-01-05 | WordPress WP Affiliate Disclosure Plugin <= 1.2.7 is vulnerable to Cross-Site Scripting (XSS) |
| CVE-2023-51502 | 2024-01-05 | WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.6.1 is vulnerable to Insecure Direct Object References (IDOR) |
| CVE-2023-52184 | 2024-01-05 | WordPress WP Job Portal Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52150 | 2024-01-05 | WordPress Dynamic Content for Elementor Plugin < 2.12.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52149 | 2024-01-05 | WordPress Floating Button Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52145 | 2024-01-05 | WordPress Republish Old Posts Plugin <= 1.21 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52136 | 2024-01-05 | WordPress Custom Twitter Feeds (Tweets Widget) Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52130 | 2024-01-05 | WordPress Affiliates Manager Plugin <= 2.9.31 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52129 | 2024-01-05 | WordPress teachPress Plugin <= 9.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52128 | 2024-01-05 | WordPress White Label Plugin <= 2.9.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52127 | 2024-01-05 | WordPress WPC Product Bundles for WooCommerce Plugin <= 7.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52123 | 2024-01-05 | WordPress Strong Testimonials Plugin <= 3.1.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52122 | 2024-01-05 | WordPress Simple Job Board Plugin <= 2.10.6 is vulnerable to Cross Site Request Forgery (CSRF) |