CVE List - 2024 / January
Showing 501 - 600 of 2591 CVEs for January 2024 (Page 6 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-35128 | 2024-01-08 | An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open... |
| CVE-2023-35994 | 2024-01-08 | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need... |
| CVE-2023-35995 | 2024-01-08 | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need... |
| CVE-2023-35996 | 2024-01-08 | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need... |
| CVE-2023-35997 | 2024-01-08 | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need... |
| CVE-2023-35992 | 2024-01-08 | An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory... |
| CVE-2023-35969 | 2024-01-08 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need... |
| CVE-2023-35970 | 2024-01-08 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need... |
| CVE-2023-35959 | 2024-01-08 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open... |
| CVE-2023-35960 | 2024-01-08 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open... |
| CVE-2023-35961 | 2024-01-08 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open... |
| CVE-2023-35962 | 2024-01-08 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open... |
| CVE-2023-35963 | 2024-01-08 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open... |
| CVE-2023-35964 | 2024-01-08 | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open... |
| CVE-2023-35955 | 2024-01-08 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to... |
| CVE-2023-35956 | 2024-01-08 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to... |
| CVE-2023-35957 | 2024-01-08 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to... |
| CVE-2023-35958 | 2024-01-08 | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to... |
| CVE-2023-35702 | 2024-01-08 | Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need... |
| CVE-2023-35703 | 2024-01-08 | Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need... |
| CVE-2023-35704 | 2024-01-08 | Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need... |
| CVE-2023-32650 | 2024-01-08 | An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption.... |
| CVE-2024-21650 | 2024-01-08 | XWiki Remote Code Execution vulnerability via user registration |
| CVE-2024-21747 | 2024-01-08 | WordPress WP ERP Plugin <= 1.12.8 is vulnerable to SQL Injection |
| CVE-2024-21745 | 2024-01-08 | WordPress Laybuy Payment Extension for WooCommerce Plugin <= 5.3.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2024-21744 | 2024-01-08 | WordPress Mapster WP Maps Plugin <= 1.2.38 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-52225 | 2024-01-08 | WordPress Taggbox Plugin <= 3.1 is vulnerable to PHP Object Injection |
| CVE-2023-52219 | 2024-01-08 | WordPress Gecka Terms Thumbnails Plugin <= 1.1 is vulnerable to PHP Object Injection |
| CVE-2023-52218 | 2024-01-08 | WordPress WooCommerce Tranzila Gateway Plugin <= 1.0.8 is vulnerable to PHP Object Injection |
| CVE-2022-2585 | 2024-01-08 | It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. |
| CVE-2023-52215 | 2024-01-08 | WordPress Barcode Scanner with Inventory & Order Manager Plugin <=1.5.1 is vulnerable to SQL Injection |
| CVE-2022-2586 | 2024-01-08 | It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. |
| CVE-2022-2588 | 2024-01-08 | It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value... |
| CVE-2022-2602 | 2024-01-08 | io_uring UAF, Unix SCM garbage collection |
| CVE-2022-3328 | 2024-01-08 | Race condition in snap-confine's must_mkdir_and_open_with_perms() |
| CVE-2023-1032 | 2024-01-08 | The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067. |
| CVE-2021-3600 | 2024-01-08 | It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker... |
| CVE-2023-52222 | 2024-01-08 | WordPress WooCommerce Plugin <= 8.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52208 | 2024-01-08 | WordPress Constant Contact Forms Plugin <= 2.4.2 is vulnerable to Sensitive Data Exposure |
| CVE-2023-6529 | 2024-01-08 | WP VR < 8.3.15 - Unauthenticated Plugin Downgrade leading to XSS |
| CVE-2023-6555 | 2024-01-08 | Email Subscription Popup < 1.2.20 - Reflected XSS |
| CVE-2023-6161 | 2024-01-08 | WP Crowdfunding < 2.1.9 - Reflected XSS |
| CVE-2023-6042 | 2024-01-08 | Getwid < 2.0.3 - Unauthenticated Arbitrary Email Sending to Admin |
| CVE-2023-6627 | 2024-01-08 | WP Go Maps < 9.0.28 - Unauthenticated Stored XSS |
| CVE-2023-6139 | 2024-01-08 | Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update |
| CVE-2023-5957 | 2024-01-08 | Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution |
| CVE-2018-25095 | 2024-01-08 | Duplicator < 1.3.0 - Unauthenticated RCE |
| CVE-2023-6383 | 2024-01-08 | Debug Log Manager < 2.3.0 - Sensitive Logs Exposure |
| CVE-2023-6528 | 2024-01-08 | Slider Revolution < 6.6.19 - Author+ Insecure Deserialization leading to RCE |
| CVE-2023-6141 | 2024-01-08 | Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS |
| CVE-2023-5235 | 2024-01-08 | Ovic Responsive WPBakery < 1.2.9 - Subscriber+ Option Update |
| CVE-2023-6140 | 2024-01-08 | Essential Real Estate < 4.4 - Subscriber+ Arbitrary File Upload |
| CVE-2023-5911 | 2024-01-08 | WP Custom Cursors <= 3.2 - Admin+ Stored XSS |
| CVE-2023-6750 | 2024-01-08 | Clone < 2.4.3 - Unauthenticated Backup Download |
| CVE-2023-6845 | 2024-01-08 | CommentTweets <= 0.6 - Settings Update via CSRF |
| CVE-2023-6505 | 2024-01-08 | Prime Mover < 1.9.3 - Directory Listing to Sensitive Data Exposure |
| CVE-2023-52190 | 2024-01-08 | WordPress Coupon Referral Program Plugin <= 1.7.2 is vulnerable to Sensitive Data Exposure |
| CVE-2023-6532 | 2024-01-08 | WP Blogs' Planetarium <= 1.0 - Settings Update via CSRF |
| CVE-2023-6631 | 2024-01-08 | Subnet Solutions Inc. PowerSYSTEM Center Unquoted Search Path or Element |
| CVE-2023-52207 | 2024-01-08 | WordPress HTML5 MP3 Player with Playlist Free Plugin <= 3.0.0 is vulnerable to PHP Object Injection |
| CVE-2023-52205 | 2024-01-08 | WordPress HTML5 SoundCloud Player Plugin <= 2.8.0 is vulnerable to PHP Object Injection |
| CVE-2023-52200 | 2024-01-08 | WordPress ARMember Plugin <= 4.0.22 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection |
| CVE-2023-52216 | 2024-01-08 | WordPress JS & CSS Script Optimizer Plugin <= 0.3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-52213 | 2024-01-08 | WordPress Rate Star Review Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-52206 | 2024-01-08 | WordPress Page Builder: Live Composer Plugin <= 1.5.25 is vulnerable to PHP Object Injection |
| CVE-2023-52204 | 2024-01-08 | WordPress Randomize Plugin <= 1.4.3 is vulnerable to SQL Injection |
| CVE-2023-52203 | 2024-01-08 | WordPress CformsII Plugin <= 15.0.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-52201 | 2024-01-08 | WordPress pTypeConverter Plugin <= 0.2.8.1 is vulnerable to SQL Injection |
| CVE-2023-51508 | 2024-01-08 | WordPress Database Cleaner Plugin <= 0.9.8 is vulnerable to Sensitive Data Exposure |
| CVE-2023-51490 | 2024-01-08 | WordPress Defender Security Plugin <= 4.1.0 is vulnerable to Sensitive Data Exposure |
| CVE-2023-52198 | 2024-01-08 | WordPress Private Google Calendars Plugin <= 20231125 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-52197 | 2024-01-08 | WordPress Ads Invalid Click Protection Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-52196 | 2024-01-08 | WordPress CPT Bootstrap Carousel Plugin <= 1.12 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-51408 | 2024-01-08 | WordPress WP Optin Wheel Plugin <= 1.4.3 is vulnerable to Sensitive Data Exposure |
| CVE-2023-51406 | 2024-01-08 | WordPress FastDup Plugin <= 2.1.7 is vulnerable to Sensitive Data Exposure |
| CVE-2022-45354 | 2024-01-08 | WordPress Download Monitor Plugin <= 4.7.60 is vulnerable to Sensitive Data Exposure |
| CVE-2023-52202 | 2024-01-08 | WordPress HTML5 MP3 Player with Folder Feedburner Plugin <= 2.8.0 is vulnerable to PHP Object Injection |
| CVE-2023-52142 | 2024-01-08 | WordPress Events Shortcodes & Templates For The Events Calendar Plugin <= 2.3.1 is vulnerable to SQL Injection |
| CVE-2023-7218 | 2024-01-08 | Totolink N350RT cstecgi.cgi loginAuth stack-based overflow |
| CVE-2022-34344 | 2024-01-08 | WordPress Wholesale Suite Plugin <= 2.1.5 is vulnerable to Broken Access Control |
| CVE-2022-36352 | 2024-01-08 | WordPress ProfileGrid Plugin <= 5.0.3 is vulnerable to Broken Access Control |
| CVE-2022-40696 | 2024-01-08 | WordPress Advanced Custom Fields Plugin 3.1.1-6.0.2 is vulnerable to Sensitive Data Exposure |
| CVE-2024-21651 | 2024-01-08 | XWiki Denial of Service attack through attachments |
| CVE-2024-21648 | 2024-01-08 | XWiki has no right protection on rollback action |
| CVE-2024-21663 | 2024-01-08 | Remote code execution on ReconServer due to improper input sanitization on the prips command |
| CVE-2022-28975 | 2024-01-09 | A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field. |
| CVE-2023-26998 | 2024-01-09 | Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page. |
| CVE-2023-26999 | 2024-01-09 | An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. |
| CVE-2023-27000 | 2024-01-09 | Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s). |
| CVE-2023-27098 | 2024-01-09 | TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. |
| CVE-2023-36629 | 2024-01-09 | The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read. |
| CVE-2023-38827 | 2024-01-09 | Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code via presentonesearchresultsform.do. |
| CVE-2023-46906 | 2024-01-09 | juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated. |
| CVE-2023-47992 | 2024-01-09 | An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code. |
| CVE-2023-47993 | 2024-01-09 | A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service. |
| CVE-2023-47994 | 2024-01-09 | An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code. |
| CVE-2023-47995 | 2024-01-09 | Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service. |
| CVE-2023-47996 | 2024-01-09 | An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service. |
| CVE-2023-47997 | 2024-01-09 | An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service. |
| CVE-2023-49235 | 2024-01-09 | An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute... |