Lista CVE - 2025 / Gennaio
Visualizzazione 401 - 500 di 4274 CVE per Gennaio 2025 (Pagina 5 di 43)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-20150 | 2025-01-06 | In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2024-20151 | 2025-01-06 | In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already... |
| CVE-2024-20152 | 2025-01-06 | In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained... |
| CVE-2024-20153 | 2025-01-06 | In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional... |
| CVE-2024-11356 | 2025-01-06 | Tourmaster < 5.3.4 - Unauthenticated Stored XSS via Room Booking |
| CVE-2024-11849 | 2025-01-06 | Pods – Custom Content Types and Fields < 3.2.8.1 - Admin+ Stored XSS |
| CVE-2024-12302 | 2025-01-06 | Icegram Engage < 3.1.32 - Author+ Stored XSS |
| CVE-2024-12311 | 2025-01-06 | Email Subscribers < 5.7.44 - Admin+ SQL Injection |
| CVE-2024-21464 | 2025-01-06 | Buffer Copy Without Checking Size of Input in Data Network Stack & Connectivity |
| CVE-2024-23366 | 2025-01-06 | Buffer Over-read in Automotive Autonomy |
| CVE-2024-33041 | 2025-01-06 | Use of Out-of-range Pointer Offset in Computer Vision |
| CVE-2024-33055 | 2025-01-06 | Use After Free in Computer Vision |
| CVE-2024-33059 | 2025-01-06 | Use After Free in Computer Vision |
| CVE-2024-33061 | 2025-01-06 | Buffer Over-read in DSP Service |
| CVE-2024-33067 | 2025-01-06 | Buffer Over-read in Audio |
| CVE-2024-43063 | 2025-01-06 | Buffer Over-read in Automotive Autonomy |
| CVE-2024-43064 | 2025-01-06 | Permissions, Privileges, and Access Controls issue in Automotive OS Platform |
| CVE-2024-45541 | 2025-01-06 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Windows Host |
| CVE-2024-45542 | 2025-01-06 | Stack-based Buffer Overflow in WLAN Windows Host |
| CVE-2024-45546 | 2025-01-06 | Buffer Over-read in WLAN Windows Host |
| CVE-2024-45547 | 2025-01-06 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Windows Host |
| CVE-2024-45548 | 2025-01-06 | Buffer Over-read in WLAN Windows Host |
| CVE-2024-45550 | 2025-01-06 | Improper Validation of Array Index in DSP Services |
| CVE-2024-45553 | 2025-01-06 | Use After Free in DSP Services |
| CVE-2024-45555 | 2025-01-06 | Integer Overflow to Buffer Overflow in Automotive OS Platform |
| CVE-2024-45558 | 2025-01-06 | Buffer Over-read in WLAN Host Cmn |
| CVE-2024-45559 | 2025-01-06 | Buffer Over-read in Automotive OS Platform |
| CVE-2024-12970 | 2025-01-06 | OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer |
| CVE-2024-5594 | 2025-01-06 | OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs. |
| CVE-2024-8474 | 2025-01-06 | OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN... |
| CVE-2025-21604 | 2025-01-06 | LangChain4j-AIDeepin Using MD5 to Hash files may cause file upload conflicts |
| CVE-2025-21611 | 2025-01-06 | tgstation-server's role authorization incorrectly OR'd with user's enabled status |
| CVE-2025-21612 | 2025-01-06 | Cross-site Scripting in TabberTransclude in Extension:TabberNeue |
| CVE-2024-31913 | 2025-01-06 | IBM Sterling B2B Integrator cross-site scripting |
| CVE-2024-31914 | 2025-01-06 | IBM Sterling B2B Integrator cross-site scripting |
| CVE-2025-21613 | 2025-01-06 | go-git has an Argument Injection via the URL field |
| CVE-2025-21614 | 2025-01-06 | go-git clients vulnerable to DoS via maliciously crafted Git server replies |
| CVE-2024-56757 | 2025-01-06 | Bluetooth: btusb: mediatek: add intf release flow when usb disconnect |
| CVE-2024-56758 | 2025-01-06 | btrfs: check folio mapping after unlock in relocate_one_folio() |
| CVE-2024-56759 | 2025-01-06 | btrfs: fix use-after-free when COWing tree bock and tracing is enabled |
| CVE-2024-56760 | 2025-01-06 | PCI/MSI: Handle lack of irqdomain gracefully |
| CVE-2024-56761 | 2025-01-06 | x86/fred: Clear WFE in missing-ENDBRANCH #CPs |
| CVE-2024-56763 | 2025-01-06 | tracing: Prevent bad count for tracing_cpumask_write |
| CVE-2024-56764 | 2025-01-06 | ublk: detach gendisk from ublk device if add_disk() fails |
| CVE-2024-56765 | 2025-01-06 | powerpc/pseries/vas: Add close() callback in vas_vm_ops struct |
| CVE-2024-56766 | 2025-01-06 | mtd: rawnand: fix double free in atmel_pmecc_create_user() |
| CVE-2024-56767 | 2025-01-06 | dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset |
| CVE-2024-56768 | 2025-01-06 | bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP |
| CVE-2024-56769 | 2025-01-06 | media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg |
| CVE-2025-21615 | 2025-01-06 | AAT allows data exfiltration by other apps installed on the same device |
| CVE-2025-21618 | 2025-01-06 | NiceGUI On Air authentication issue |
| CVE-2024-51472 | 2025-01-06 | IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection |
| CVE-2023-6601 | 2025-01-06 | Ffmpeg: hls unsafe file extension bypass in ffmpeg |
| CVE-2023-6604 | 2025-01-06 | Ffmpeg: hls xbin demuxer dos amplification in ffmpeg |
| CVE-2023-6605 | 2025-01-06 | Ffmpeg: dash playlist ssrf vulnerability in ffmpeg |
| CVE-2024-55605 | 2025-01-06 | Suricata allows stack overflow in transforms |
| CVE-2024-47475 | 2025-01-06 | Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service. |
| CVE-2024-55626 | 2025-01-06 | Suricata oversized bpf file can lead to buffer overflow |
| CVE-2024-55627 | 2025-01-06 | Suricata segfault on StreamingBufferSlideToOffsetWithRegions |
| CVE-2024-55628 | 2025-01-06 | Suricata oversized resource names utilizing DNS name compression can lead to resource starvation |
| CVE-2024-55629 | 2025-01-06 | Suricata generic detection bypass using TCP urgent support |
| CVE-2025-21617 | 2025-01-06 | Guzzle OAuth Subscriber has insufficient nonce entropy |
| CVE-2024-46981 | 2025-01-06 | Redis' Lua library commands may lead to remote code execution |
| CVE-2024-51741 | 2025-01-06 | Redis allows denial-of-service due to malformed ACL selectors |
| CVE-2025-21616 | 2025-01-06 | Plane has a Cross-site scripting (XSS) via SVG image upload |
| CVE-2025-21620 | 2025-01-06 | Deno's authorization headers not dropped when redirecting cross-origin |
| CVE-2022-41572 | 2025-01-07 | An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over... |
| CVE-2022-41573 | 2025-01-07 | An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and... |
| CVE-2022-45185 | 2025-01-07 | An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution. |
| CVE-2022-45186 | 2025-01-07 | An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database. |
| CVE-2024-35532 | 2025-01-07 | An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea 2022.12, 2022.13, and 2022.14 allows attackers to perform arbitrary file reading under the privileges of the running process, make SSRF... |
| CVE-2024-40427 | 2025-01-07 | Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute |
| CVE-2024-44450 | 2025-01-07 | Multiple functions are vulnerable to Authorization Bypass in AIMS eCrew. The issue was fixed in version JUN23 #190. |
| CVE-2024-46242 | 2025-01-07 | An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address... |
| CVE-2024-46601 | 2025-01-07 | Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow. |
| CVE-2024-46602 | 2025-01-07 | An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service... |
| CVE-2024-46603 | 2025-01-07 | An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload. |
| CVE-2024-48245 | 2025-01-07 | Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking.... |
| CVE-2024-50658 | 2025-01-07 | Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file |
| CVE-2024-50659 | 2025-01-07 | Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html. |
| CVE-2024-50660 | 2025-01-07 | File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality |
| CVE-2024-53345 | 2025-01-07 | An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2024-53522 | 2025-01-07 | Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information. |
| CVE-2024-54819 | 2025-01-07 | I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php |
| CVE-2024-55008 | 2025-01-07 | JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically,... |
| CVE-2024-55218 | 2025-01-07 | IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter. |
| CVE-2024-55411 | 2025-01-07 | An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. |
| CVE-2024-55412 | 2025-01-07 | A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests .... |
| CVE-2024-55413 | 2025-01-07 | A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests .... |
| CVE-2024-55414 | 2025-01-07 | A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can be... |
| CVE-2024-55555 | 2025-01-07 | Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that... |
| CVE-2024-55556 | 2025-01-07 | A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization... |
| CVE-2025-22395 | 2025-01-07 | Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary... |
| CVE-2024-12590 | 2025-01-07 | WP Youtube Gallery <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2024-11437 | 2025-01-07 | Timeline Designer <= 1.4 - Authenticated (Admin+) SQL Injection |
| CVE-2024-12402 | 2025-01-07 | Themes Coder – Create Android & iOS Apps For Your Woocommerce Site <= 1.3.4 - Insecure Direct Object Reference to Password Change/Account Takeover/Privilege Escalation |
| CVE-2024-12557 | 2025-01-07 | Transporters.io <= 2.0.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11934 | 2025-01-07 | Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via address Parameter |
| CVE-2024-12528 | 2025-01-07 | WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12419 | 2025-01-07 | Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler <= 1.7.0 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting |