CVE List - 2024 / January
Showing 1501 - 1600 of 2591 CVEs for January 2024 (Page 16 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-20930 | 2024-01-16 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). The supported version that is... |
| CVE-2024-20932 | 2024-01-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE:... |
| CVE-2024-20934 | 2024-01-16 | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2024-20936 | 2024-01-16 | Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via... |
| CVE-2024-20938 | 2024-01-16 | Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: ECC). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP... |
| CVE-2024-20940 | 2024-01-16 | Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Create, Update, Authoring Flow). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2024-20942 | 2024-01-16 | Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: LOV). Supported versions that are affected are 11.5, 12.1 and 12.2. Easily exploitable vulnerability allows... |
| CVE-2024-20944 | 2024-01-16 | Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access... |
| CVE-2024-20946 | 2024-01-16 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the... |
| CVE-2024-20948 | 2024-01-16 | Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2024-20950 | 2024-01-16 | Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2024-20952 | 2024-01-16 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE:... |
| CVE-2024-20955 | 2024-01-16 | Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1;... |
| CVE-2024-20957 | 2024-01-16 | Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Package Build SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows high... |
| CVE-2024-20959 | 2024-01-16 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with... |
| CVE-2024-20961 | 2024-01-16 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low... |
| CVE-2024-20963 | 2024-01-16 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows... |
| CVE-2024-20965 | 2024-01-16 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high... |
| CVE-2024-20967 | 2024-01-16 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high... |
| CVE-2024-20969 | 2024-01-16 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high... |
| CVE-2024-20971 | 2024-01-16 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high... |
| CVE-2024-20973 | 2024-01-16 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low... |
| CVE-2024-20975 | 2024-01-16 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2024-20977 | 2024-01-16 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low... |
| CVE-2024-20979 | 2024-01-16 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2024-20981 | 2024-01-16 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high... |
| CVE-2024-20983 | 2024-01-16 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2024-20985 | 2024-01-16 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low... |
| CVE-2024-20987 | 2024-01-16 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2024-21670 | 2024-01-16 | CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential |
| CVE-2024-22192 | 2024-01-16 | Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders |
| CVE-2024-22191 | 2024-01-16 | Stored cross-site scripting (XSS) in `key_value` field in Avo |
| CVE-2024-22411 | 2024-01-16 | Cross site scripting in Action messages on Avo |
| CVE-2024-0603 | 2024-01-16 | ZhiCms giftcontroller.php deserialization |
| CVE-2024-22409 | 2024-01-16 | Default Privileges allow for high level operations for low privileged users in datahub |
| CVE-2024-22408 | 2024-01-16 | Server-Side Request Forgery (SSRF) in Shopware Flow Builder |
| CVE-2024-22407 | 2024-01-16 | Broken Access Control order API in Shopware |
| CVE-2024-22406 | 2024-01-16 | Blind SQL-injection in DAL aggregations in Shopware |
| CVE-2023-49515 | 2024-01-17 | Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection... |
| CVE-2023-25295 | 2024-01-17 | A Cross Site Scripting (XSS) vulnerability in evewa3ajax.php in GRUEN eVEWA3 Community 31 through 53 allows attackers to obtain escalated privileges via a crafted request to the login panel. |
| CVE-2023-36235 | 2024-01-17 | An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter. |
| CVE-2023-44077 | 2024-01-17 | Studio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636. |
| CVE-2023-46952 | 2024-01-17 | Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header. |
| CVE-2023-48858 | 2024-01-17 | A Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part. |
| CVE-2023-52069 | 2024-01-17 | kodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter. |
| CVE-2023-52285 | 2024-01-17 | ExamSys 9150244 allows SQL Injection via the /Support/action/Pages.php s_score2 parameter. |
| CVE-2024-22714 | 2024-01-17 | Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) in the editing section of the article content. |
| CVE-2024-22715 | 2024-01-17 | Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php. |
| CVE-2024-23525 | 2024-01-17 | The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig. |
| CVE-2024-0405 | 2024-01-17 | The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device',... |
| CVE-2023-51719 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51720 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51721 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51722 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51723 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51724 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51725 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51726 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51727 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51728 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51729 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51730 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51731 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51732 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51733 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51734 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51735 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51736 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51737 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51738 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51739 | 2024-01-17 | Stored Cross Site Scripting Vulnerability in Skyworth Router |
| CVE-2023-51740 | 2024-01-17 | Cleartext Submission of Password vulnerability in Skyworth Router |
| CVE-2023-51741 | 2024-01-17 | Cleartext Submission of Password vulnerability in Skyworth Router |
| CVE-2023-51742 | 2024-01-17 | Buffer Overflow vulnerability in Skyworth Router |
| CVE-2023-51743 | 2024-01-17 | Buffer Overflow vulnerability in Skyworth Router |
| CVE-2021-4434 | 2024-01-17 | The Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on... |
| CVE-2024-0642 | 2024-01-17 | Inadequate access control in C21 Live Encoder and Live Mosaic |
| CVE-2024-0643 | 2024-01-17 | Unrestricted upload of dangerous file types in C21 Live Encoder and Live Mosaic |
| CVE-2024-0645 | 2024-01-17 | Buffer Overflow Vulnerability in Explorer++ |
| CVE-2023-5041 | 2024-01-17 | Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection |
| CVE-2023-5006 | 2024-01-17 | WP Discord Invite < 2.5.1 - Arbitrary Settings Update via CSRF |
| CVE-2024-0639 | 2024-01-17 | Kernel: potential deadlock on &net->sctp.addr_wq_lock leading to dos |
| CVE-2024-0641 | 2024-01-17 | Kernel: deadlock leading to denial of service in tipc_crypto_key_revoke |
| CVE-2024-0646 | 2024-01-17 | Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination |
| CVE-2022-36418 | 2024-01-17 | WordPress HREFLANG Tags Lite Plugin <= 2.0.0 is vulnerable to Broken Authentication |
| CVE-2024-0396 | 2024-01-17 | Missing Server-Side Input Validation in HTTP Parameter |
| CVE-2022-38141 | 2024-01-17 | WordPress Sales Report Email for WooCommerce Plugin <= 2.8 is vulnerable to Broken Access Control |
| CVE-2022-40203 | 2024-01-17 | WordPress Advanced Dynamic Pricing for WooCommerce Plugin <= 4.1.5 is vulnerable to Broken Access Control |
| CVE-2023-34379 | 2024-01-17 | WordPress Cart2Cart: Magento to WooCommerce Migration Plugin <= 2.0.0 is vulnerable to Broken Access Control |
| CVE-2022-41990 | 2024-01-17 | WordPress 3D Tag Cloud Plugin <= 3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-23896 | 2024-01-17 | WordPress URL Shortener by MyThemeShop Plugin <= 1.0.17 is vulnerable to Broken Access Control |
| CVE-2023-23882 | 2024-01-17 | WordPress Ultimate Addons for Beaver Builder – Lite Plugin <= 1.5.5 is vulnerable to Broken Access Control |
| CVE-2022-40702 | 2024-01-17 | WordPress Advanced Local Pickup for WooCommerce Plugin <= 1.5.2 is vulnerable to Broken Access Control |
| CVE-2024-20270 | 2024-01-17 | A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an authenticated, remote attacker to conduct a stored cross-site... |
| CVE-2024-20272 | 2024-01-17 | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the... |
| CVE-2024-20251 | 2024-01-17 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack against a user... |
| CVE-2023-20257 | 2024-01-17 | A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of... |
| CVE-2023-20271 | 2024-01-17 | A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on... |
| CVE-2023-20258 | 2024-01-17 | A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due... |
| CVE-2023-20260 | 2024-01-17 | A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due... |