CVE List - 2024 / January
Showing 1701 - 1800 of 2591 CVEs for January 2024 (Page 18 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-43818 | 2024-01-18 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wTextLen Buffer Overflow Remote Code Execution |
| CVE-2023-43819 | 2024-01-18 | Delta Electronics Delta Industrial Automation DOPSoft DPS File InitialMacroLen Buffer Overflow Remote Code Execution |
| CVE-2023-43820 | 2024-01-18 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesPrevValueLen Buffer Overflow Remote Code Execution |
| CVE-2023-43821 | 2024-01-18 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesActionLen Buffer Overflow Remote Code Execution |
| CVE-2023-43822 | 2024-01-18 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wLogTitlesTimeLen Buffer Overflow Remote Code Execution |
| CVE-2023-43823 | 2024-01-18 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wTTitleLen Buffer Overflow Remote Code Execution |
| CVE-2023-43824 | 2024-01-18 | Delta Electronics Delta Industrial Automation DOPSoft DPS File wTitleTextLen Buffer Overflow Remote Code Execution |
| CVE-2024-0693 | 2024-01-18 | EFS Easy File Sharing FTP denial of service |
| CVE-2024-0695 | 2024-01-18 | EFS Easy Chat Server HTTP GET Request denial of service |
| CVE-2024-0696 | 2024-01-18 | AtroCore AtroPIM Product Series Overview cross site scripting |
| CVE-2023-47034 | 2024-01-19 | A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors. |
| CVE-2023-50447 | 2024-01-19 | Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter). |
| CVE-2024-22914 | 2024-01-19 | A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service. |
| CVE-2024-22920 | 2024-01-19 | swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c. |
| CVE-2023-27168 | 2024-01-19 | An arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file. |
| CVE-2023-33295 | 2024-01-19 | Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation. |
| CVE-2023-43985 | 2024-01-19 | SunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component. |
| CVE-2023-46351 | 2024-01-19 | In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial... |
| CVE-2023-47033 | 2024-01-19 | MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction. |
| CVE-2023-47035 | 2024-01-19 | RPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations. |
| CVE-2023-49329 | 2024-01-19 | Anomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker... |
| CVE-2023-50028 | 2024-01-19 | In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection. |
| CVE-2023-50030 | 2024-01-19 | In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can... |
| CVE-2023-50693 | 2024-01-19 | An issue in Jester v.0.6.0 and before allows a remote attacker to send a malicious crafted request. |
| CVE-2023-50694 | 2024-01-19 | An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to send a malicious crafted request due to insufficient parsing in the parser.nim component. |
| CVE-2023-51946 | 2024-01-19 | Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML. |
| CVE-2023-51947 | 2024-01-19 | Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication. |
| CVE-2023-51948 | 2024-01-19 | A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application. |
| CVE-2024-22562 | 2024-01-19 | swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c. |
| CVE-2024-22563 | 2024-01-19 | openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. |
| CVE-2024-22876 | 2024-01-19 | StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML... |
| CVE-2024-22877 | 2024-01-19 | StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template... |
| CVE-2024-22911 | 2024-01-19 | A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602. |
| CVE-2024-22912 | 2024-01-19 | A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution. |
| CVE-2024-22913 | 2024-01-19 | A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution. |
| CVE-2024-22915 | 2024-01-19 | A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution. |
| CVE-2024-22919 | 2024-01-19 | swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587. |
| CVE-2024-22955 | 2024-01-19 | swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576. |
| CVE-2024-22956 | 2024-01-19 | swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838 |
| CVE-2024-22957 | 2024-01-19 | swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190. |
| CVE-2024-23659 | 2024-01-19 | SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js. |
| CVE-2024-22422 | 2024-01-19 | Unauthenticated Denial of Service (DOS) attack in AnythingLLM |
| CVE-2024-22424 | 2024-01-19 | Cross-Site Request Forgery (CSRF) in github.com/argoproj/argo-cd |
| CVE-2023-38738 | 2024-01-19 | IBM OpenPages with Watson information disclosure |
| CVE-2023-40683 | 2024-01-19 | IBM OpenPages with Watson privilege escalation |
| CVE-2023-35020 | 2024-01-19 | IBM Sterling Control Center directory traversal |
| CVE-2023-47718 | 2024-01-19 | IBM Maximo Asset Management cross-site request forgery |
| CVE-2023-32337 | 2024-01-19 | IBM Maximo Spatial Asset Management server-side request forgery |
| CVE-2023-50963 | 2024-01-19 | IBM Storage Defender HTTP HOST header injection |
| CVE-2023-5716 | 2024-01-19 | ASUS Armoury Crate - Arbitrary File Write |
| CVE-2024-23387 | 2024-01-19 | FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on... |
| CVE-2024-0705 | 2024-01-19 | The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping... |
| CVE-2024-21733 | 2024-01-19 | Apache Tomcat: Leaking of unrelated request bodies in default error page |
| CVE-2024-0712 | 2024-01-19 | Byzoro Smart S150 Management Platform userattea.php access control |
| CVE-2022-40700 | 2024-01-19 | Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins |
| CVE-2024-0714 | 2024-01-19 | MiczFlor RPi-Jukebox-RFID HTTP Request userScripts.php os command injection |
| CVE-2022-45083 | 2024-01-19 | WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection |
| CVE-2022-45845 | 2024-01-19 | WordPress Smart Slider 3 Plugin <= 3.5.1.9 is vulnerable to PHP Object Injection |
| CVE-2022-47160 | 2024-01-19 | WordPress Wp Social Plugin <= 1.9.0 is vulnerable to Sensitive Data Exposure |
| CVE-2024-0716 | 2024-01-19 | Byzoro Smart S150 Management Platform Backup File download.php information disclosure |
| CVE-2024-0717 | 2024-01-19 | D-Link Good Line Router v2 HTTP GET Request devinfo information disclosure |
| CVE-2024-0718 | 2024-01-19 | liuwy-dlsdys zhglxt HTTP POST Request edit cross site scripting |
| CVE-2024-0720 | 2024-01-19 | FactoMineR FactoInvestigate HTML Report Generator cross site scripting |
| CVE-2024-0721 | 2024-01-19 | Jspxcms Survey Label cross site scripting |
| CVE-2024-0722 | 2024-01-19 | code-projects Social Networking Site Message Page message.php cross site scripting |
| CVE-2024-0723 | 2024-01-19 | freeSSHd denial of service |
| CVE-2024-0725 | 2024-01-19 | ProSSHD denial of service |
| CVE-2024-0726 | 2024-01-19 | Project Worlds Student Project Allocation System Admin Login Module admin_login.php cross site scripting |
| CVE-2024-0728 | 2024-01-19 | ForU CMS channel.php file inclusion |
| CVE-2024-0729 | 2024-01-19 | ForU CMS cms_admin.php sql injection |
| CVE-2024-0730 | 2024-01-19 | Project Worlds Online Time Table Generator course_ajax.php sql injection |
| CVE-2024-0731 | 2024-01-19 | PCMan FTP Server PUT Command denial of service |
| CVE-2024-23331 | 2024-01-19 | Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem |
| CVE-2024-23329 | 2024-01-19 | changedetection.io API endpoint is not secured with API token |
| CVE-2024-22211 | 2024-01-19 | FreeRDP integer Overflow leading to Heap Overflow |
| CVE-2024-0732 | 2024-01-19 | PCMan FTP Server STOR Command denial of service |
| CVE-2023-42429 | 2024-01-19 | Improper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-38587 | 2024-01-19 | Improper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-42766 | 2024-01-19 | Improper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-28738 | 2024-01-19 | Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-28743 | 2024-01-19 | Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-29495 | 2024-01-19 | Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-28722 | 2024-01-19 | Improper buffer restrictions for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2023-32272 | 2024-01-19 | Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow an authenticated user to potentially enable denial of service via local... |
| CVE-2023-32544 | 2024-01-19 | Improper access control in some Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element software installers before version 1.1.45 may allow an authenticated user to potentially enable... |
| CVE-2023-38541 | 2024-01-19 | Insecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially... |
| CVE-2023-29244 | 2024-01-19 | Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user... |
| CVE-2023-5080 | 2024-01-19 | A privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands. |
| CVE-2023-5081 | 2024-01-19 | An information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier. |
| CVE-2023-6043 | 2024-01-19 | A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges. |
| CVE-2023-6044 | 2024-01-19 | A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges. |
| CVE-2023-6450 | 2024-01-19 | An incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service. |
| CVE-2024-23682 | 2024-01-19 | Artemis Java Test Sandbox Class Loading Escape |
| CVE-2024-0758 | 2024-01-19 | MolecularFaces XSS |
| CVE-2024-23679 | 2024-01-19 | Enonic XP Session Fixation Vulnerability |
| CVE-2024-0733 | 2024-01-19 | Smsot HTTP POST Request api.php sql injection |
| CVE-2024-0734 | 2024-01-19 | Smsot get.php sql injection |
| CVE-2024-23680 | 2024-01-19 | AWS Encryption SDK for Java Improper Verification of Cryptographic Signature |
| CVE-2024-22421 | 2024-01-19 | Potential authentication and CSRF tokens leak in JupyterLab |
| CVE-2024-23683 | 2024-01-19 | Artemis Java Test Sandbox InvocationTargetException Subclass Escape |