CVE List - 2024 / January
Showing 2001 - 2100 of 2591 CVEs for January 2024 (Page 21 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-41176 | 2024-01-23 | Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note,... |
| CVE-2023-41177 | 2024-01-23 | Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note,... |
| CVE-2023-41178 | 2024-01-23 | Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note,... |
| CVE-2023-47192 | 2024-01-23 | An agent link vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2023-47193 | 2024-01-23 | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2023-47194 | 2024-01-23 | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2023-47195 | 2024-01-23 | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2023-47196 | 2024-01-23 | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2023-47197 | 2024-01-23 | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2023-47198 | 2024-01-23 | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2023-47199 | 2024-01-23 | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2023-47200 | 2024-01-23 | A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must... |
| CVE-2023-47201 | 2024-01-23 | A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must... |
| CVE-2023-47202 | 2024-01-23 | A local file inclusion vulnerability on the Trend Micro Apex One management server could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first... |
| CVE-2023-52090 | 2024-01-23 | A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the... |
| CVE-2023-52091 | 2024-01-23 | An anti-spyware engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the... |
| CVE-2023-52092 | 2024-01-23 | A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the... |
| CVE-2023-52093 | 2024-01-23 | An exposed dangerous function vulnerability in the Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2023-52094 | 2024-01-23 | An updater link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to abuse the updater to delete an arbitrary folder, leading for a local... |
| CVE-2023-52324 | 2024-01-23 | An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit... |
| CVE-2023-52325 | 2024-01-23 | A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must... |
| CVE-2023-52326 | 2024-01-23 | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please... |
| CVE-2023-52327 | 2024-01-23 | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please... |
| CVE-2023-52328 | 2024-01-23 | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please... |
| CVE-2023-52329 | 2024-01-23 | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please... |
| CVE-2023-52330 | 2024-01-23 | A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction... |
| CVE-2023-52331 | 2024-01-23 | A post-authenticated server-side request forgery (SSRF) vulnerability in Trend Micro Apex Central could allow an attacker to interact with internal or local services directly. Please note: an attacker must first... |
| CVE-2023-52337 | 2024-01-23 | An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges... |
| CVE-2023-52338 | 2024-01-23 | A link following vulnerability in the Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges... |
| CVE-2023-7237 | 2024-01-23 | Lantronix XPort Weak Encoding for Password |
| CVE-2023-47115 | 2024-01-23 | Label Studio XSS Vulnerability on Avatar Upload |
| CVE-2024-23453 | 2024-01-23 | Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API... |
| CVE-2024-23633 | 2024-01-23 | Label Studio XSS Vulnerability on Data Import |
| CVE-2024-23638 | 2024-01-23 | SQUID-2023:11 Denial of Service in Cache Manager |
| CVE-2024-0807 | 2024-01-23 | Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-0812 | 2024-01-23 | Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-0808 | 2024-01-23 | Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) |
| CVE-2024-0810 | 2024-01-23 | Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted... |
| CVE-2024-0814 | 2024-01-23 | Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-0813 | 2024-01-23 | Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2024-0806 | 2024-01-23 | Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) |
| CVE-2024-0805 | 2024-01-23 | Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) |
| CVE-2024-0804 | 2024-01-23 | Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-0811 | 2024-01-23 | Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted... |
| CVE-2024-0809 | 2024-01-23 | Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2023-43993 | 2024-01-24 | An issue in smaregi_app_market mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-43998 | 2024-01-24 | An issue in Books-futaba mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-51888 | 2024-01-24 | Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL. |
| CVE-2023-52040 | 2024-01-24 | An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function. |
| CVE-2024-22651 | 2024-01-24 | There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04. |
| CVE-2021-42143 | 2024-01-24 | An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to... |
| CVE-2021-42144 | 2024-01-24 | Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message(). |
| CVE-2021-42145 | 2024-01-24 | An assertion failure discovered in in check_certificate_request() in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers to cause a denial of service. |
| CVE-2021-42146 | 2024-01-24 | An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. DTLS servers allow remote attackers to reuse the same epoch number within two times the TCP maximum segment lifetime,... |
| CVE-2021-42147 | 2024-01-24 | Buffer over-read vulnerability in the dtls_sha256_update function in Contiki-NG tinyDTLS through master branch 53a0d97 allows remote attackers to cause a denial of service via crafted data packet. |
| CVE-2021-43584 | 2024-01-24 | DOM-based Cross Site Scripting (XSS vulnerability in 'Tail Event Logs' functionality in Nagios Nagios Cross-Platform Agent (NCPA) before 2.4.0 allows attackers to run arbitrary code via the name element when... |
| CVE-2023-24676 | 2024-01-24 | An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed... |
| CVE-2023-43317 | 2024-01-24 | An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component. |
| CVE-2023-43988 | 2024-01-24 | An issue in nature fitness saijo mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-43989 | 2024-01-24 | An issue in mokumoku chohu mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-43990 | 2024-01-24 | An issue in cherub-hair mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-43991 | 2024-01-24 | An issue in PRIMA CLINIC mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-43992 | 2024-01-24 | An issue in STOCKMAN GROUP mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-43994 | 2024-01-24 | An issue in Cleaning_makotoya mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-43995 | 2024-01-24 | An issue in picot.golf mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-43996 | 2024-01-24 | An issue in Q co ltd mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-43997 | 2024-01-24 | An issue in Yoruichi hobby base mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-43999 | 2024-01-24 | An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-44000 | 2024-01-24 | An issue in Otakara lapis totuka mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-44001 | 2024-01-24 | An issue in Ailand clinic mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-51711 | 2024-01-24 | An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed. |
| CVE-2023-51885 | 2024-01-24 | Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component. |
| CVE-2023-51886 | 2024-01-24 | Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \convertpath. |
| CVE-2023-51887 | 2024-01-24 | Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL. |
| CVE-2023-51889 | 2024-01-24 | Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL. |
| CVE-2023-51890 | 2024-01-24 | An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL. |
| CVE-2023-52038 | 2024-01-24 | An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function. |
| CVE-2023-52039 | 2024-01-24 | An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function. |
| CVE-2024-22720 | 2024-01-24 | Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature. |
| CVE-2024-22725 | 2024-01-24 | Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting. |
| CVE-2024-22751 | 2024-01-24 | D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function. |
| CVE-2022-4964 | 2024-01-24 | Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set. |
| CVE-2024-21765 | 2024-01-24 | Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support... |
| CVE-2024-22380 | 2024-01-24 | Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity... |
| CVE-2024-21796 | 2024-01-24 | Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE).... |
| CVE-2023-31037 | 2024-01-24 | NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this... |
| CVE-2024-22366 | 2024-01-24 | Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function... |
| CVE-2024-22372 | 2024-01-24 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the... |
| CVE-2024-0665 | 2024-01-24 | The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization... |
| CVE-2024-0854 | 2024-01-24 | URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.0.1-42218-7, 7.1.1-42962-7 and 7.2.1-69057-2 allows remote authenticated users to conduct phishing... |
| CVE-2024-22134 | 2024-01-24 | WordPress Contact Form 7 Extension For Mailchimp Plugin <= 0.5.70 is vulnerable to Server Side Request Forgery (SSRF) |
| CVE-2024-22309 | 2024-01-24 | WordPress ChatBot Plugin <= 5.1.0 is vulnerable to PHP Object Injection |
| CVE-2024-22284 | 2024-01-24 | WordPress Asgaros Forum Plugin <= 2.7.2 is vulnerable to PHP Object Injection |
| CVE-2024-22152 | 2024-01-24 | WordPress Product Import Export for WooCommerce Plugin <= 2.3.7 is vulnerable to Arbitrary File Upload |
| CVE-2024-22135 | 2024-01-24 | WordPress Order Export & Order Import for WooCommerce Plugin <= 2.4.3 is vulnerable to Arbitrary File Upload |
| CVE-2023-52221 | 2024-01-24 | WordPress Barcode Scanner with Inventory & Order Manager Plugin <= 1.5.1 is vulnerable to Arbitrary File Upload |
| CVE-2024-22308 | 2024-01-24 | WordPress Simple Membership Plugin <= 4.4.1 is vulnerable to Open Redirection |
| CVE-2024-22301 | 2024-01-24 | WordPress Albo Pretorio Online Plugin <= 4.6.6 is vulnerable to Sensitive Data Exposure |
| CVE-2024-22294 | 2024-01-24 | WordPress Download IP2Location Country Blocker Plugin <= 2.33.3 is vulnerable to Sensitive Data Exposure |
| CVE-2024-22154 | 2024-01-24 | WordPress SalesKing Plugin <= 1.6.15 is vulnerable to Sensitive Data Exposure |