Lista CVE - 2024 / Febbraio
Visualizzazione 101 - 200 di 2784 CVE per Febbraio 2024 (Pagina 2 di 28)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-39611 | 2024-02-02 | An issue in Software FX Chart FX 7 version 7.0.4962.20829 allows attackers to enumerate and read files from the local filesystem by sending crafted web requests. |
| CVE-2023-46045 | 2024-02-02 | Graphviz 2.36.0 through 9.x before 10.0.1 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. |
| CVE-2023-46344 | 2024-02-02 | A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS)... |
| CVE-2023-48645 | 2024-02-02 | An issue was discovered in the Archibus app 4.0.3 for iOS. It uses a local database that is synchronized with a Web central server instance every time the application is... |
| CVE-2023-48792 | 2024-02-02 | Zoho ManageEngine ADAudit Plus through 7250 is vulnerable to SQL Injection in the report export option. |
| CVE-2023-48793 | 2024-02-02 | Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature. |
| CVE-2023-50488 | 2024-02-02 | An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code. |
| CVE-2023-51072 | 2024-02-02 | A stored cross-site scripting (XSS) vulnerability in the NOC component of Nagios XI version up to and including 2024R1 allows low-privileged users to execute malicious HTML or JavaScript code via... |
| CVE-2023-51820 | 2024-02-02 | An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to execute arbitrary code. |
| CVE-2023-51838 | 2024-02-02 | Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm. |
| CVE-2024-22107 | 2024-02-02 | An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to... |
| CVE-2024-22108 | 2024-02-02 | An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order... |
| CVE-2024-22533 | 2024-02-02 | Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering... |
| CVE-2024-22851 | 2024-02-02 | Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint. |
| CVE-2024-22899 | 2024-02-02 | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. |
| CVE-2024-22900 | 2024-02-02 | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. |
| CVE-2024-22901 | 2024-02-02 | Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. |
| CVE-2024-22902 | 2024-02-02 | Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. |
| CVE-2024-22903 | 2024-02-02 | Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function. |
| CVE-2024-23746 | 2024-02-02 | Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file... |
| CVE-2024-24029 | 2024-02-02 | JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. |
| CVE-2024-24160 | 2024-02-02 | MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. |
| CVE-2024-24161 | 2024-02-02 | MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered. |
| CVE-2024-24388 | 2024-02-02 | Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. |
| CVE-2024-24470 | 2024-02-02 | Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component. |
| CVE-2024-25006 | 2024-02-02 | XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import. |
| CVE-2023-50326 | 2024-02-02 | IBM PowerSC information Disclosure |
| CVE-2023-50933 | 2024-02-02 | IBM PowerSC HTML injection |
| CVE-2024-21399 | 2024-02-02 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2023-50937 | 2024-02-02 | IBM PowerSC information disclosure |
| CVE-2023-50327 | 2024-02-02 | IBM PowerSC weak security |
| CVE-2023-50936 | 2024-02-02 | IBM PowerSC session fixation |
| CVE-2023-50940 | 2024-02-02 | IBM PowerSC cross-resource origin sharing |
| CVE-2023-50934 | 2024-02-02 | IBM PowerSC improper authentication |
| CVE-2023-50941 | 2024-02-02 | IBM PowerSC session fixation |
| CVE-2023-50935 | 2024-02-02 | IBM PowerSC forced browsing |
| CVE-2023-50938 | 2024-02-02 | IBM PowerSC clickjacking |
| CVE-2023-50328 | 2024-02-02 | IBM PowerSC information disclosure |
| CVE-2023-50962 | 2024-02-02 | IBM PowerSC information disclosure |
| CVE-2023-32333 | 2024-02-02 | IBM Maximo Asset Management improper access control |
| CVE-2024-22319 | 2024-02-02 | IBM Operational Decision Manager JDNI injection |
| CVE-2024-22320 | 2024-02-02 | IBM Operational Decision Manager code execution |
| CVE-2023-46159 | 2024-02-02 | IBM Storage Ceph denial of service |
| CVE-2022-40744 | 2024-02-02 | IBM Aspera Faspex cross-site scripting |
| CVE-2023-38263 | 2024-02-02 | IBM SOAR QRadar Plugin App improper access controls |
| CVE-2023-38019 | 2024-02-02 | IBM SOAR QRadar Plugin App directory traversal |
| CVE-2023-38020 | 2024-02-02 | IBM SOAR QRadar Plugin App log injection |
| CVE-2024-1073 | 2024-02-02 | The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and... |
| CVE-2024-0685 | 2024-02-02 | The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted... |
| CVE-2024-21485 | 2024-02-02 | Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of... |
| CVE-2024-1047 | 2024-02-02 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to,... |
| CVE-2024-1162 | 2024-02-02 | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce... |
| CVE-2024-1143 | 2024-02-02 | Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass. |
| CVE-2023-43756 | 2024-02-02 | Dsoftbus has an out-of-bounds read vulnerability |
| CVE-2023-49118 | 2024-02-02 | Dsoftbus has an out-of-bounds read vulnerability |
| CVE-2024-21845 | 2024-02-02 | Dsoftbus has an integer overflow vulnerability |
| CVE-2024-21860 | 2024-02-02 | Dsoftbus has a use after free vulnerability |
| CVE-2023-45734 | 2024-02-02 | Dsoftbus has an out-of-bounds write vulnerability |
| CVE-2024-0285 | 2024-02-02 | Dsoftbus has an improper input validation vulnerability |
| CVE-2024-21851 | 2024-02-02 | Dsoftbus has an integer overflow vulnerability |
| CVE-2024-21863 | 2024-02-02 | Dsoftbus has an improper input validation vulnerability |
| CVE-2024-21780 | 2024-02-02 | Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected... |
| CVE-2021-22282 | 2024-02-02 | RCE in B&R Automation Studio with crafted project files |
| CVE-2024-23978 | 2024-02-02 | Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported. |
| CVE-2020-24681 | 2024-02-02 | Automation Studio and PVI Multiple incorrect permission assignments for services |
| CVE-2020-24682 | 2024-02-02 | Automation Studio and PVI Multiple unquoted service path vulnerabilities |
| CVE-2021-22281 | 2024-02-02 | Zip Slip Vulnerability in B&R Automation Studio Project Import |
| CVE-2024-0338 | 2024-02-02 | Buffer Overflow Vulnerability in XAMPP |
| CVE-2024-23895 | 2024-02-02 | Cross-Site Scripting (XSS) vulnerability in Cups Easy |
| CVE-2024-0844 | 2024-02-02 | The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for... |
| CVE-2024-0963 | 2024-02-02 | The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input... |
| CVE-2024-1201 | 2024-02-02 | PanteraSoft HDD Health search path or unquoted item vulnerability |
| CVE-2023-6672 | 2024-02-02 | Stored XSS in National Keep's CyberMath |
| CVE-2024-0253 | 2024-02-02 | SQL Injection |
| CVE-2023-6673 | 2024-02-02 | Reflected XSS in National Keep's CyberMath |
| CVE-2023-47148 | 2024-02-02 | IBM Storage Protect Plus Server information disclosure |
| CVE-2023-6675 | 2024-02-02 | Malicious File Upload in National Keep's CyberMath |
| CVE-2024-1184 | 2024-02-02 | Nsasoft Network Sleuth Registration denial of service |
| CVE-2023-47143 | 2024-02-02 | IBM Tivoli Application Dependency Discovery Manager HOST header injection |
| CVE-2023-47144 | 2024-02-02 | IBM Tivoli Application Dependency Discovery Manager cross-site scripting |
| CVE-2024-0269 | 2024-02-02 | SQL Injection |
| CVE-2023-6676 | 2024-02-02 | Cross Site Request Forgery in National Keep's CyberMath |
| CVE-2023-47142 | 2024-02-02 | IBM Tivoli Application Dependency Discovery Manager privilege escalation |
| CVE-2023-38273 | 2024-02-02 | IBM Cloud Pak System information disclosure |
| CVE-2023-6387 | 2024-02-02 | Incorrect buffer parsing in Bluetooth LE sample code may lead to buffer overflow |
| CVE-2024-23824 | 2024-02-02 | mailcow ipixel flood attack leads to Denial of Service in admin page |
| CVE-2024-24760 | 2024-02-02 | Mailcow Docker Container Exposure to Local Network |
| CVE-2022-34381 | 2024-02-02 | Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could... |
| CVE-2024-1185 | 2024-02-02 | Nsasoft NBMonitor Network Bandwidth Monitor Registration denial of service |
| CVE-2024-23831 | 2024-02-02 | Privilege escalation through CSRF attack on 'setup.pl' |
| CVE-2024-24757 | 2024-02-02 | open-irs .env Exposure |
| CVE-2021-21575 | 2024-02-02 | Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. |
| CVE-2020-29504 | 2024-02-02 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability. |
| CVE-2023-32967 | 2024-02-02 | QTS, QuTScloud |
| CVE-2023-39302 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-39297 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-39303 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-41273 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-41274 | 2024-02-02 | QTS, QuTS hero, QuTScloud |
| CVE-2023-41275 | 2024-02-02 | QTS, QuTS hero, QuTScloud |