CVE List - 2024 / January
Showing 1601 - 1700 of 2591 CVEs for January 2024 (Page 17 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-20287 | 2024-01-17 | A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command... |
| CVE-2024-20277 | 2024-01-17 | A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges... |
| CVE-2022-41619 | 2024-01-17 | WordPress Image Zoom Plugin <= 1.8.8 is vulnerable to Broken Access Control |
| CVE-2023-50950 | 2024-01-17 | IBM QRadar information disclosure |
| CVE-2022-41695 | 2024-01-17 | WordPress Traffic Manager Plugin <= 1.4.5 is vulnerable to Broken Access Control |
| CVE-2022-41786 | 2024-01-17 | WordPress WP Job Portal Plugin <= 2.0.1 is vulnerable to Broken Access Control |
| CVE-2022-41790 | 2024-01-17 | WordPress WP Time Slots Booking Form Plugin <= 1.1.76 is vulnerable to Broken Access Control |
| CVE-2022-42884 | 2024-01-17 | WordPress WIP Custom Login Plugin <= 1.2.7 is vulnerable to Broken Access Control |
| CVE-2024-0647 | 2024-01-17 | Sparksuite SimpleMDE iFrame cross site scripting |
| CVE-2023-7031 | 2024-01-17 | Avaya Experience Portal Manager Insecure Direct Object Reference Vulnerabilities |
| CVE-2023-6548 | 2024-01-17 | Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated... |
| CVE-2023-6549 | 2024-01-17 | Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read |
| CVE-2023-5914 | 2024-01-17 | Cross-site scripting (XSS) |
| CVE-2024-22410 | 2024-01-17 | Binary Planting Attack on Windows Platforms in Creditcoin |
| CVE-2024-22414 | 2024-01-17 | User profile page vulnerable to Cross Site Scripting (XSS) in flaskBlog |
| CVE-2024-0648 | 2024-01-17 | Yunyou CMS Common.php unrestricted upload |
| CVE-2024-0649 | 2024-01-17 | ZhiHuiYun Search ImageController.php download_network_image server-side request forgery |
| CVE-2024-0650 | 2024-01-17 | Project Worlds Visitor Management System URL dataset.php cross site scripting |
| CVE-2024-22416 | 2024-01-17 | Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation |
| CVE-2023-6340 | 2024-01-17 | SonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by... |
| CVE-2023-51258 | 2024-01-18 | A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512. |
| CVE-2024-22593 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save |
| CVE-2024-22603 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link |
| CVE-2023-49943 | 2024-01-18 | Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet. |
| CVE-2023-50614 | 2024-01-18 | An issue discovereed in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci. |
| CVE-2023-51217 | 2024-01-18 | An issue discovered in TenghuTOS TWS-200 firmware version:V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component. |
| CVE-2024-22548 | 2024-01-18 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section. |
| CVE-2024-22549 | 2024-01-18 | FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. |
| CVE-2024-22568 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del. |
| CVE-2024-22591 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save. |
| CVE-2024-22592 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update |
| CVE-2024-22601 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save |
| CVE-2024-22699 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save. |
| CVE-2024-22817 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte |
| CVE-2024-22818 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save |
| CVE-2024-22819 | 2024-01-18 | FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update. |
| CVE-2024-0651 | 2024-01-18 | PHPGurukul Company Visitor Management System search-visitor.php sql injection |
| CVE-2021-4433 | 2024-01-18 | Karjasoft Sami HTTP Server HTTP HEAD Rrequest denial of service |
| CVE-2024-0652 | 2024-01-18 | PHPGurukul Company Visitor Management System search-visitor.php cross site scripting |
| CVE-2024-0654 | 2024-01-18 | DeepFaceLab Util.py deserialization |
| CVE-2023-6184 | 2024-01-18 | Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting |
| CVE-2024-0655 | 2024-01-18 | Novel-Plus list sql injection |
| CVE-2023-48339 | 2024-01-18 | In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed |
| CVE-2023-48340 | 2024-01-18 | In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2023-48341 | 2024-01-18 | In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2023-48342 | 2024-01-18 | In media service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-48343 | 2024-01-18 | In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2023-48344 | 2024-01-18 | In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2023-48345 | 2024-01-18 | In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2023-48346 | 2024-01-18 | In video decoder, there is a possible improper input validation. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2023-48347 | 2024-01-18 | In video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2023-48348 | 2024-01-18 | In video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2023-48349 | 2024-01-18 | In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges... |
| CVE-2023-48350 | 2024-01-18 | In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges... |
| CVE-2023-48351 | 2024-01-18 | In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges... |
| CVE-2023-48352 | 2024-01-18 | In phasecheckserver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed |
| CVE-2023-48353 | 2024-01-18 | In vsp driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-48354 | 2024-01-18 | In telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges needed |
| CVE-2023-48355 | 2024-01-18 | In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-48356 | 2024-01-18 | In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-48357 | 2024-01-18 | In vsp driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-48358 | 2024-01-18 | In drm driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-48359 | 2024-01-18 | In autotest driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed |
| CVE-2023-6816 | 2024-01-18 | Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer |
| CVE-2023-6970 | 2024-01-18 | The WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization... |
| CVE-2024-0381 | 2024-01-18 | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions... |
| CVE-2023-6958 | 2024-01-18 | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization... |
| CVE-2024-0580 | 2024-01-18 | Omission of key-controlled authorization in Qsige |
| CVE-2023-51464 | 2024-01-18 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2023-51463 | 2024-01-18 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) |
| CVE-2024-0669 | 2024-01-18 | Cross-Frame Scripting (XFS) on Plone CMS |
| CVE-2023-5806 | 2024-01-18 | SQLi in Mergen Soft Quality Management System |
| CVE-2024-22317 | 2024-01-18 | IBM App Connect Enterprise denial of service |
| CVE-2023-7153 | 2024-01-18 | Reflected XSS in Macroturk's Macro-Bel |
| CVE-2021-33630 | 2024-01-18 | NULL-ptr-deref in network sched |
| CVE-2021-33631 | 2024-01-18 | Kernel crash in EXT4 filesystem |
| CVE-2023-40051 | 2024-01-18 | Progress Application Server (PAS) for OpenEdge File Upload via Directory Traversal |
| CVE-2023-40052 | 2024-01-18 | Progress Application Server (PAS) for OpenEdge Denial of Service |
| CVE-2024-0408 | 2024-01-18 | Xorg-x11-server: selinux unlabeled glx pbuffer |
| CVE-2024-0409 | 2024-01-18 | Xorg-x11-server: selinux context corruption |
| CVE-2024-0607 | 2024-01-18 | Kernel: nf_tables: pointer math issue in nft_byteorder_eval() |
| CVE-2023-28900 | 2024-01-18 | Nickname Disclosure on the Backend Automotive Server |
| CVE-2023-28901 | 2024-01-18 | Trip Data Disclosure from Backend |
| CVE-2023-31274 | 2024-01-18 | Missing Release of Resource after Effective Lifetime vulnerability in Aveva PI Server |
| CVE-2023-34348 | 2024-01-18 | Improper Check or Handling of Exceptional Conditions in Aveva PI Server |
| CVE-2024-22419 | 2024-01-18 | concat built-in can corrupt memory in vyper |
| CVE-2024-22212 | 2024-01-18 | Nextcloud global site selector authentication bypass |
| CVE-2024-22213 | 2024-01-18 | Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app |
| CVE-2024-22400 | 2024-01-18 | Open redirect in user_saml via RelayState parameter in Nextcloud User Saml |
| CVE-2024-22403 | 2024-01-18 | OAuth2 authorization codes are valid indefinetly in Nextcloud server |
| CVE-2024-22404 | 2024-01-18 | Permissions bypass in Nextcloud with the files zip app |
| CVE-2024-22401 | 2024-01-18 | All users can reset the allowed apps list for Nextcloud Guest App users |
| CVE-2024-22402 | 2024-01-18 | Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist |
| CVE-2024-22415 | 2024-01-18 | Unsecured endpoints in the jupyter-lsp server extension |
| CVE-2024-22418 | 2024-01-18 | Stored Cross-site Scripting Vulnerability via Malicious File Names in GroupOffice |
| CVE-2023-5130 | 2024-01-18 | Delta Electronics WPLSoft Buffer-Overflow |
| CVE-2023-5131 | 2024-01-18 | Delta Electronics ISPSoft Heap Buffer-Overflow |
| CVE-2023-43815 | 2024-01-18 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wScreenDESCTextLen Buffer Overflow Remote Code Execution |
| CVE-2023-43816 | 2024-01-18 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wKPFStringLen Buffer Overflow Remote Code Execution |
| CVE-2023-43817 | 2024-01-18 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wMailContentLen Buffer Overflow Remote Code Execution |