Lista CVE - 2025 / Gennaio
Visualizzazione 1701 - 1800 di 4274 CVE per Gennaio 2025 (Pagina 18 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-39802 | 2025-01-14 | Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-39803 | 2025-01-14 | Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-39299 | 2025-01-14 | A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-36295 | 2025-01-14 | A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an... |
| CVE-2024-36258 | 2025-01-14 | A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send... |
| CVE-2024-36272 | 2025-01-14 | A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-34544 | 2025-01-14 | A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an... |
| CVE-2024-39757 | 2025-01-14 | A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make... |
| CVE-2024-39603 | 2025-01-14 | A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make... |
| CVE-2024-36493 | 2025-01-14 | A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make... |
| CVE-2024-39359 | 2025-01-14 | A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make... |
| CVE-2024-39357 | 2025-01-14 | A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make... |
| CVE-2024-39604 | 2025-01-14 | A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle... |
| CVE-2024-39273 | 2025-01-14 | A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle... |
| CVE-2024-39608 | 2025-01-14 | A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated... |
| CVE-2024-39773 | 2025-01-14 | An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send... |
| CVE-2024-39754 | 2025-01-14 | A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets... |
| CVE-2024-39781 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can... |
| CVE-2024-39782 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can... |
| CVE-2024-39783 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can... |
| CVE-2024-37186 | 2025-01-14 | An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make... |
| CVE-2024-39370 | 2025-01-14 | An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make... |
| CVE-2024-39774 | 2025-01-14 | A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-37357 | 2025-01-14 | A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-21797 | 2025-01-14 | A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an... |
| CVE-2024-39358 | 2025-01-14 | A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-39294 | 2025-01-14 | A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-37184 | 2025-01-14 | A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-39756 | 2025-01-14 | A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-39367 | 2025-01-14 | An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make... |
| CVE-2024-39768 | 2025-01-14 | Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-39769 | 2025-01-14 | Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-39770 | 2025-01-14 | Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-39288 | 2025-01-14 | A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-39762 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make... |
| CVE-2024-39763 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make... |
| CVE-2024-39764 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make... |
| CVE-2024-39765 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make... |
| CVE-2024-36290 | 2025-01-14 | A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an... |
| CVE-2024-39759 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make... |
| CVE-2024-39760 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make... |
| CVE-2024-39761 | 2025-01-14 | Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make... |
| CVE-2024-39363 | 2025-01-14 | A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker... |
| CVE-2024-34166 | 2025-01-14 | An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker... |
| CVE-2024-42444 | 2025-01-14 | TOCTOU Race Condition between DMA and SMM |
| CVE-2025-0458 | 2025-01-14 | Virtual Computer Vysual RH Solution Login Panel index.php cross site scripting |
| CVE-2025-0459 | 2025-01-14 | libretro RetroArch Startup profapi.dll untrusted search path |
| CVE-2024-29979 | 2025-01-14 | Unsafe Handling of Phoenix UEFI Variables |
| CVE-2024-29980 | 2025-01-14 | Unsafe Handling of IHV UEFI Variables |
| CVE-2025-0460 | 2025-01-14 | Blog Botz for Journal Theme blog_add unrestricted upload |
| CVE-2025-0461 | 2025-01-14 | Shanghai Lingdang Information Technology Lingdang CRM index.php path traversal |
| CVE-2024-45627 | 2025-01-14 | Apache Linkis Metadata Query Service JDBC: JDBC Datasource Module with Mysql has file read vulnerability |
| CVE-2025-0462 | 2025-01-14 | Shanghai Lingdang Information Technology Lingdang CRM index.php sql injection |
| CVE-2025-23080 | 2025-01-14 | XSSes in Special:BadgeView |
| CVE-2024-10630 | 2025-01-14 | A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. |
| CVE-2024-52898 | 2025-01-14 | IBM MQ information disclosure |
| CVE-2024-13179 | 2025-01-14 | Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. |
| CVE-2024-13180 | 2025-01-14 | Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011. |
| CVE-2024-13181 | 2025-01-14 | Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. |
| CVE-2025-23081 | 2025-01-14 | Various security vulnerabilities in Extension:DataTransfer |
| CVE-2024-10811 | 2025-01-14 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. |
| CVE-2025-0463 | 2025-01-14 | Shanghai Lingdang Information Technology Lingdang CRM index.php unrestricted upload |
| CVE-2025-0464 | 2025-01-14 | SourceCodester Task Reminder System Maintenance Section cross site scripting |
| CVE-2024-13161 | 2025-01-14 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. |
| CVE-2024-13160 | 2025-01-14 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. |
| CVE-2024-13159 | 2025-01-14 | Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. |
| CVE-2024-13158 | 2025-01-14 | An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve... |
| CVE-2024-13172 | 2025-01-14 | Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user... |
| CVE-2024-13171 | 2025-01-14 | Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user... |
| CVE-2024-13170 | 2025-01-14 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. |
| CVE-2024-13169 | 2025-01-14 | An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. |
| CVE-2024-13168 | 2025-01-14 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. |
| CVE-2024-13167 | 2025-01-14 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. |
| CVE-2024-13166 | 2025-01-14 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. |
| CVE-2024-13165 | 2025-01-14 | An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. |
| CVE-2024-13164 | 2025-01-14 | An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. |
| CVE-2024-13163 | 2025-01-14 | Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local... |
| CVE-2024-13162 | 2025-01-14 | SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.... |
| CVE-2025-0465 | 2025-01-14 | AquilaCMS categories deserialization |
| CVE-2025-21607 | 2025-01-14 | Success of Certain Precompile Calls not Checked in Vyper |
| CVE-2025-23051 | 2025-01-14 | Authenticated Remote Code Execution in AOS Web-based Management Interface |
| CVE-2024-12085 | 2025-01-14 | Rsync: info leak via uninitialized stack contents |
| CVE-2024-12086 | 2025-01-14 | Rsync: rsync server leaks arbitrary client files |
| CVE-2024-12088 | 2025-01-14 | Rsync: --safe-links option bypass leads to path traversal |
| CVE-2025-23052 | 2025-01-14 | Authenticated Command Injection Vulnerability allows Unauthorized Command Execution in CLI Interface |
| CVE-2024-12747 | 2025-01-14 | Rsync: race condition in rsync handling symbolic links |
| CVE-2025-23366 | 2025-01-14 | Org.jboss.hal:hal-console: wildfly hal console cross-site scripting |
| CVE-2025-23025 | 2025-01-14 | Privilege escalation (PR) through realtime WYSIWYG editing in XWiki |
| CVE-2024-12087 | 2025-01-14 | Rsync: path traversal vulnerability in rsync |
| CVE-2025-21411 | 2025-01-14 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2025-21413 | 2025-01-14 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2025-21171 | 2025-01-14 | .NET Remote Code Execution Vulnerability |
| CVE-2025-21210 | 2025-01-14 | Windows BitLocker Information Disclosure Vulnerability |
| CVE-2025-21214 | 2025-01-14 | Windows BitLocker Information Disclosure Vulnerability |
| CVE-2025-21215 | 2025-01-14 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2025-21233 | 2025-01-14 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2025-21234 | 2025-01-14 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-21235 | 2025-01-14 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| CVE-2025-21236 | 2025-01-14 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2025-21237 | 2025-01-14 | Windows Telephony Service Remote Code Execution Vulnerability |