CVE List - 2024 / January
Showing 1301 - 1400 of 2591 CVEs for January 2024 (Page 14 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-0315 | 2024-01-15 | Remote file inclusion vulnerability in FireEye Central Management |
| CVE-2024-0316 | 2024-01-15 | Improper cleanup vulnerability in FireEye Endpoint Security |
| CVE-2024-0317 | 2024-01-15 | Cross-Site Scripting in FireEye EX |
| CVE-2024-0318 | 2024-01-15 | Cross-Site Scripting in FireEye HXTool |
| CVE-2024-0319 | 2024-01-15 | Open Redirect vulnerability in FireEye HXTool |
| CVE-2024-0320 | 2024-01-15 | Cross-Site Scripting in FireEye Malware Analysis (AX) |
| CVE-2024-0557 | 2024-01-15 | DedeBIZ Website Copyright Setting cross site scripting |
| CVE-2024-0558 | 2024-01-15 | DedeBIZ makehtml_freelist_action.php sql injection |
| CVE-2024-0562 | 2024-01-15 | Kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c |
| CVE-2024-0565 | 2024-01-15 | Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client |
| CVE-2023-7206 | 2024-01-15 | Horner Automation Cscape Stack-Based Buffer Overflow |
| CVE-2023-52042 | 2024-01-16 | An issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter. |
| CVE-2024-22916 | 2024-01-16 | In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow. |
| CVE-2023-36236 | 2024-01-16 | Cross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad. |
| CVE-2023-39691 | 2024-01-16 | An issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator accounts via crafted GET request. |
| CVE-2023-41619 | 2024-01-16 | Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write. |
| CVE-2023-43449 | 2024-01-16 | An issue in HummerRisk HummerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component. |
| CVE-2023-47459 | 2024-01-16 | An issue in Knovos Discovery v.22.67.0 allows a remote attacker to obtain sensitive information via the /DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName component. |
| CVE-2023-47460 | 2024-01-16 | SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component. |
| CVE-2023-48104 | 2024-01-16 | Alinto SOGo before 5.9.1 is vulnerable to HTML Injection. |
| CVE-2023-48926 | 2024-01-16 | An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status. |
| CVE-2023-49351 | 2024-01-16 | A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use... |
| CVE-2023-51059 | 2024-01-16 | An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface. |
| CVE-2023-51257 | 2024-01-16 | An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code. |
| CVE-2023-51282 | 2024-01-16 | An issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter. |
| CVE-2023-51807 | 2024-01-16 | Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component. |
| CVE-2023-51810 | 2024-01-16 | SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users... |
| CVE-2023-52041 | 2024-01-16 | An issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program. |
| CVE-2023-52068 | 2024-01-16 | kodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs. |
| CVE-2024-22491 | 2024-01-16 | A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter. |
| CVE-2024-22625 | 2024-01-16 | Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_category.php?id=. |
| CVE-2024-22626 | 2024-01-16 | Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=. |
| CVE-2024-22627 | 2024-01-16 | Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=. |
| CVE-2024-22628 | 2024-01-16 | Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= |
| CVE-2023-49106 | 2024-01-16 | Missing Password Field Masking Vulnerability in Hitachi Device Manager |
| CVE-2023-49107 | 2024-01-16 | Generation of Error Message Containing Sensitive Information Vulnerability in Hitachi Device Manager |
| CVE-2023-6457 | 2024-01-16 | File and Directory Permission Vulnerability in Hitachi Tuning Manager |
| CVE-2024-22362 | 2024-01-16 | Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition. |
| CVE-2024-22428 | 2024-01-16 | Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the... |
| CVE-2023-22526 | 2024-01-16 | This High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows... |
| CVE-2024-21674 | 2024-01-16 | This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6... |
| CVE-2023-22527 | 2024-01-16 | A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must... |
| CVE-2024-21672 | 2024-01-16 | This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3... |
| CVE-2024-21673 | 2024-01-16 | This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0... |
| CVE-2023-4566 | 2024-01-16 | Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-44117 | 2024-01-16 | Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52109 | 2024-01-16 | Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52110 | 2024-01-16 | The sensor module has an out-of-bounds access vulnerability.Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-52111 | 2024-01-16 | Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2023-52112 | 2024-01-16 | Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation of this vulnerability may cause features to perform abnormally. |
| CVE-2023-52113 | 2024-01-16 | launchAnyWhere vulnerability in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability. |
| CVE-2011-10005 | 2024-01-16 | EasyFTP MKD Command buffer overflow |
| CVE-2023-44112 | 2024-01-16 | Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2023-52114 | 2024-01-16 | Data confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity. |
| CVE-2023-52115 | 2024-01-16 | The iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerability may affect the system functions. |
| CVE-2023-52116 | 2024-01-16 | Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. |
| CVE-2023-52107 | 2024-01-16 | Vulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52108 | 2024-01-16 | Vulnerability of process priorities being raised in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-52098 | 2024-01-16 | Denial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability. |
| CVE-2023-34063 | 2024-01-16 | Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows. |
| CVE-2023-52099 | 2024-01-16 | Vulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52100 | 2024-01-16 | The Celia Keyboard module has a vulnerability in access control. Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-52101 | 2024-01-16 | Component exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service availability and integrity. |
| CVE-2023-52102 | 2024-01-16 | Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52103 | 2024-01-16 | Buffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may cause out-of-bounds read. |
| CVE-2023-52104 | 2024-01-16 | Vulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2023-52105 | 2024-01-16 | The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-52106 | 2024-01-16 | Vulnerability of permission verification for APIs in the DownloadProviderMain module. Impact: Successful exploitation of this vulnerability will affect integrity and availability. |
| CVE-2024-0554 | 2024-01-16 | Cross-site scripting (XSS) vulnerability on WIC1200 |
| CVE-2024-0555 | 2024-01-16 | Cross-Site Request Forgery (CSRF) vulnerability on WIC1200 |
| CVE-2024-0556 | 2024-01-16 | Weak Cryptography for Passwords vulnerability on WIC1200 |
| CVE-2024-0553 | 2024-01-16 | Gnutls: incomplete fix for cve-2023-5981 |
| CVE-2024-0569 | 2024-01-16 | Totolink T8 Setting cstecgi.cgi getSysStatusCfg information disclosure |
| CVE-2024-0581 | 2024-01-16 | Uncontrolled Resource Consumption vulnerability on Sandsprite scdbg |
| CVE-2024-0570 | 2024-01-16 | Totolink N350RT Setting cstecgi.cgi access control |
| CVE-2024-0571 | 2024-01-16 | Totolink LR1200GB cstecgi.cgi setSmsCfg stack-based overflow |
| CVE-2024-0572 | 2024-01-16 | Totolink LR1200GB cstecgi.cgi setOpModeCfg stack-based overflow |
| CVE-2024-0232 | 2024-01-16 | Sqlite: use-after-free bug in jsonparseaddnodearray |
| CVE-2024-0567 | 2024-01-16 | Gnutls: rejects certificate chain with distributed trust |
| CVE-2021-4432 | 2024-01-16 | PCMan FTP Server USER Command denial of service |
| CVE-2024-0573 | 2024-01-16 | Totolink LR1200GB cstecgi.cgi setDiagnosisCfg stack-based overflow |
| CVE-2023-6395 | 2024-01-16 | Mock: privilege escalation for users that can access mock configuration |
| CVE-2024-0582 | 2024-01-16 | Kernel: io_uring: page use-after-free vulnerability via buffer ring mmap |
| CVE-2024-0574 | 2024-01-16 | Totolink LR1200GB cstecgi.cgi setParentalRules stack-based overflow |
| CVE-2024-0575 | 2024-01-16 | Totolink LR1200GB cstecgi.cgi setTracerouteCfg stack-based overflow |
| CVE-2024-0576 | 2024-01-16 | Totolink LR1200GB cstecgi.cgi setIpPortFilterRules stack-based overflow |
| CVE-2024-0577 | 2024-01-16 | Totolink LR1200GB cstecgi.cgi setLanguageCfg stack-based overflow |
| CVE-2021-24567 | 2024-01-16 | Simple Post <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2021-24566 | 2024-01-16 | WooCommerce Currency Switcher < 1.3.7 - Authenticated (Low Privilege) Local File Inclusion |
| CVE-2021-24559 | 2024-01-16 | Qyrr < 0.7 - Authenticated (contributor+) Stored XSS |
| CVE-2021-24151 | 2024-01-16 | WP Editor < 1.2.7 - Authenticated SQL injection |
| CVE-2021-25117 | 2024-01-16 | WP Postratings < 1.86.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24432 | 2024-01-16 | Advanced AJAX Product Filters < 1.5.4.7 - Unauthenticated Reflected Cross-Site Scripting (XSS) |
| CVE-2021-24433 | 2024-01-16 | Simple Sort&Search <= 0.0.3 - Ccontributor+ Stored XSS |
| CVE-2021-24869 | 2024-01-16 | WP Fastest Cache < 0.9.5 - Subscriber+ SQL Injection |
| CVE-2021-24870 | 2024-01-16 | WP Fastest Cache < 0.9.5 - CSRF to Stored Cross-Site Scripting |
| CVE-2022-2413 | 2024-01-16 | Slide Anything < 2.3.47 - Author+ Cross Site Scripting in slide title |
| CVE-2022-1563 | 2024-01-16 | WPGraphQL WooCommerce <= 0.11.0 - Unauthenticated Coupon Codes Disclosure |
| CVE-2022-1538 | 2024-01-16 | Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload |
| CVE-2022-3836 | 2024-01-16 | Seed Social < 2.0.4 - Admin+ Stored XSS |