Lista CVE - 2025 / Gennaio
Visualizzazione 2001 - 2100 di 4274 CVE per Gennaio 2025 (Pagina 21 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-48121 | 2025-01-15 | The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over the GIOP protocol. This allows attackers to possibly gain access to sensitive information via a man-in-the-middle... |
| CVE-2024-48122 | 2025-01-15 | Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges. |
| CVE-2024-48123 | 2025-01-15 | An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device. |
| CVE-2024-48125 | 2025-01-15 | An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests. |
| CVE-2024-48126 | 2025-01-15 | HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access. |
| CVE-2024-50953 | 2025-01-15 | An issue in XINJE XL5E-16T V3.7.2a allows attackers to cause a Denial of Service (DoS) via a crafted Modbus message. |
| CVE-2024-50954 | 2025-01-15 | The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a... |
| CVE-2024-52783 | 2025-01-15 | Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file. |
| CVE-2024-53407 | 2025-01-15 | In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data. |
| CVE-2024-55503 | 2025-01-15 | An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component. |
| CVE-2024-57011 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg. |
| CVE-2024-57012 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg. |
| CVE-2024-57013 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg. |
| CVE-2024-57014 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg. |
| CVE-2024-57015 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg. |
| CVE-2024-57016 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg. |
| CVE-2024-57017 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg. |
| CVE-2024-57018 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg. |
| CVE-2024-57019 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg. |
| CVE-2024-57020 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg. |
| CVE-2024-57021 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg. |
| CVE-2024-57022 | 2025-01-15 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg. |
| CVE-2024-57726 | 2025-01-15 | SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges... |
| CVE-2024-57727 | 2025-01-15 | SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP... |
| CVE-2024-57728 | 2025-01-15 | SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can... |
| CVE-2025-22964 | 2025-01-15 | DDSN Interactive cm3 Acora CMS version 10.1.1 has an unauthenticated time-based blind SQL Injection vulnerability caused by insufficient input sanitization and validation in the "table" parameter. This flaw allows attackers... |
| CVE-2025-22968 | 2025-01-15 | An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions |
| CVE-2025-22976 | 2025-01-15 | SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder.php" shopId module. |
| CVE-2025-23013 | 2025-01-15 | In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or... |
| CVE-2025-0343 | 2025-01-15 | Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can... |
| CVE-2024-13334 | 2025-01-15 | Car Demon <= 1.8.1 - Reflected Cross-Site Scripting |
| CVE-2025-21101 | 2025-01-15 | Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion. |
| CVE-2025-22394 | 2025-01-15 | Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code... |
| CVE-2024-55577 | 2025-01-15 | Stack-based buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier. When the software processes a file which is specially crafted by an attacker, arbitrary code may be executed. As... |
| CVE-2024-13394 | 2025-01-15 | ViewMedica 9 <= 1.4.15 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11870 | 2025-01-15 | Event Registration Calendar By vcita <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2025-0354 | 2025-01-15 | Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4... |
| CVE-2025-0355 | 2025-01-15 | Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier,... |
| CVE-2025-0356 | 2025-01-15 | NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the network. |
| CVE-2024-7322 | 2025-01-15 | Dos in ZigBee device due to unsolicited encrypted rejoin response |
| CVE-2024-4227 | 2025-01-15 | gSOAP: Vulnerable to specially crafted unencrypted SDC messages |
| CVE-2024-9636 | 2025-01-15 | Post Grid and Gutenberg Blocks 2.2.85 - 2.3.3 - Unauthenticated Privilege Escalation |
| CVE-2024-10775 | 2025-01-15 | Piotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-12423 | 2025-01-15 | Contact Form 7 Redirect & Thank You Page <= 1.0.7 - Reflected Cross-Site Scripting |
| CVE-2024-12403 | 2025-01-15 | Image Gallery – Responsive Photo Gallery <= 1.0.5 - Reflected Cross-Site Scripting |
| CVE-2024-12818 | 2025-01-15 | WP Smart TV <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-13351 | 2025-01-15 | Social proof testimonials and reviews by Repuso <= 5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12297 | 2025-01-15 | Frontend Authorization Logic Disclosure Vulnerability |
| CVE-2024-35280 | 2025-01-15 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version... |
| CVE-2025-0434 | 2025-01-15 | Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2025-0435 | 2025-01-15 | Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-0436 | 2025-01-15 | Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-0437 | 2025-01-15 | Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-0438 | 2025-01-15 | Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-0439 | 2025-01-15 | Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted... |
| CVE-2025-0440 | 2025-01-15 | Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2025-0441 | 2025-01-15 | Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security... |
| CVE-2025-0442 | 2025-01-15 | Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a... |
| CVE-2025-0443 | 2025-01-15 | Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via... |
| CVE-2025-0446 | 2025-01-15 | Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a... |
| CVE-2025-0447 | 2025-01-15 | Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2025-0448 | 2025-01-15 | Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2025-0193 | 2025-01-15 | Stored Cross-site Scripting (XSS) Vulnerability in the MGate 5121/5122/5123 Series |
| CVE-2024-11848 | 2025-01-15 | NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2024-12593 | 2025-01-15 | PDF for WPForms + Drag and Drop Template Builder <= 4.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yeepdf_dotab Shortcode |
| CVE-2024-11851 | 2025-01-15 | NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Transient Update |
| CVE-2024-13215 | 2025-01-15 | Elementor Addon Elements <= 1.13.10 - Authenticated (Contributor+) Sensitive Information Exposure via Modal Popup |
| CVE-2024-11029 | 2025-01-15 | Freeipa: administrative user data leaked through systemd journal |
| CVE-2024-5198 | 2025-01-15 | OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to... |
| CVE-2024-57882 | 2025-01-15 | mptcp: fix TCP options overflow. |
| CVE-2024-57883 | 2025-01-15 | mm: hugetlb: independent PMD page table shared count |
| CVE-2024-57884 | 2025-01-15 | mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() |
| CVE-2024-57885 | 2025-01-15 | mm/kmemleak: fix sleeping function called from invalid context at print message |
| CVE-2024-57886 | 2025-01-15 | mm/damon/core: fix new damon_target objects leaks on damon_commit_targets() |
| CVE-2024-57887 | 2025-01-15 | drm: adv7511: Fix use-after-free in adv7533_attach_dsi() |
| CVE-2024-57888 | 2025-01-15 | workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker |
| CVE-2024-57889 | 2025-01-15 | pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking |
| CVE-2024-57890 | 2025-01-15 | RDMA/uverbs: Prevent integer overflow issue |
| CVE-2024-57891 | 2025-01-15 | sched_ext: Fix invalid irq restore in scx_ops_bypass() |
| CVE-2024-57892 | 2025-01-15 | ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv |
| CVE-2024-57893 | 2025-01-15 | ALSA: seq: oss: Fix races at processing SysEx messages |
| CVE-2024-57895 | 2025-01-15 | ksmbd: set ATTR_CTIME flags when setting mtime |
| CVE-2024-57896 | 2025-01-15 | btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount |
| CVE-2024-57897 | 2025-01-15 | drm/amdkfd: Correct the migration DMA map direction |
| CVE-2024-57898 | 2025-01-15 | wifi: cfg80211: clear link ID from bitmap during link delete after clean up |
| CVE-2024-57899 | 2025-01-15 | wifi: mac80211: fix mbss changed flags corruption on 32 bit systems |
| CVE-2024-57900 | 2025-01-15 | ila: serialize calls to nf_register_net_hooks() |
| CVE-2024-57901 | 2025-01-15 | af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK |
| CVE-2024-57902 | 2025-01-15 | af_packet: fix vlan_get_tci() vs MSG_PEEK |
| CVE-2024-57903 | 2025-01-15 | net: restrict SO_REUSEPORT to inet sockets |
| CVE-2025-21629 | 2025-01-15 | net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets |
| CVE-2024-36476 | 2025-01-15 | RDMA/rtrs: Ensure 'ib_sge list' is accessible |
| CVE-2024-39282 | 2025-01-15 | net: wwan: t7xx: Fix FSM command timeout issue |
| CVE-2024-53681 | 2025-01-15 | nvmet: Don't overflow subsysnqn |
| CVE-2024-54031 | 2025-01-15 | netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext |
| CVE-2024-57795 | 2025-01-15 | RDMA/rxe: Remove the direct link to net_device |
| CVE-2024-57801 | 2025-01-15 | net/mlx5e: Skip restore TC rules for vport rep without loaded flag |
| CVE-2024-57802 | 2025-01-15 | netrom: check buffer length before accessing it |
| CVE-2024-57841 | 2025-01-15 | net: fix memory leak in tcp_conn_request() |
| CVE-2024-57844 | 2025-01-15 | drm/xe: Fix fault on fd close after unbind |