CVE List - 2024 / January
Showing 601 - 700 of 2591 CVEs for January 2024 (Page 7 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-49236 | 2024-01-09 | A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during an sscanf of a... |
| CVE-2023-49237 | 2024-01-09 | An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of... |
| CVE-2023-49238 | 2024-01-09 | In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password.... |
| CVE-2023-50136 | 2024-01-09 | Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table. |
| CVE-2023-50585 | 2024-01-09 | Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. |
| CVE-2023-50643 | 2024-01-09 | An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. |
| CVE-2023-50930 | 2024-01-09 | An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack.... |
| CVE-2023-50931 | 2024-01-09 | An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack.... |
| CVE-2023-50932 | 2024-01-09 | An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack.... |
| CVE-2023-50974 | 2024-01-09 | In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of... |
| CVE-2023-51717 | 2024-01-09 | Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass. |
| CVE-2024-22368 | 2024-01-09 | The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints... |
| CVE-2024-21646 | 2024-01-09 | Azure IoT Platform Device SDK Remote Code Execution Vulnerability |
| CVE-2024-21734 | 2024-01-09 | URL Redirection vulnerability in SAP Marketing (Contacts App) |
| CVE-2024-21735 | 2024-01-09 | Improper Authorization check in SAP LT Replication Server |
| CVE-2024-21736 | 2024-01-09 | Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management) |
| CVE-2024-21737 | 2024-01-09 | Code Injection vulnerability in SAP Application Interface Framework (File Adapter) |
| CVE-2024-21738 | 2024-01-09 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP Platform |
| CVE-2024-22124 | 2024-01-09 | Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager |
| CVE-2024-22125 | 2024-01-09 | Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) |
| CVE-2023-39336 | 2024-01-09 | An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and... |
| CVE-2023-6594 | 2024-01-09 | The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization... |
| CVE-2023-6788 | 2024-01-09 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect... |
| CVE-2023-7219 | 2024-01-09 | Totolink N350RT cstecgi.cgi loginAuth stack-based overflow |
| CVE-2023-6842 | 2024-01-09 | The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and... |
| CVE-2023-6830 | 2024-01-09 | The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form... |
| CVE-2023-7220 | 2024-01-09 | Totolink NR1800X cstecgi.cgi loginAuth stack-based overflow |
| CVE-2023-6147 | 2024-01-09 | Possible XXE vulnerability in Jenkins Plugin for Qualys Policy Compliance |
| CVE-2023-6148 | 2024-01-09 | Possible XSS vulnerability in Jenkins Plugin for Qualys Policy Compliance |
| CVE-2023-6149 | 2024-01-09 | Possible XXE vulnerability in Jenkins Plugin for Qualys Web Application Security |
| CVE-2023-5376 | 2024-01-09 | TFTP Without Authentication |
| CVE-2024-22370 | 2024-01-09 | In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible |
| CVE-2023-49722 | 2024-01-09 | Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network. |
| CVE-2023-5347 | 2024-01-09 | Unauthenticated Firmware Upgrade |
| CVE-2023-42797 | 2024-01-09 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains... |
| CVE-2023-44120 | 2024-01-09 | A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user.... |
| CVE-2023-49121 | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files.... |
| CVE-2023-49122 | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files.... |
| CVE-2023-49123 | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files.... |
| CVE-2023-49124 | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated... |
| CVE-2023-49126 | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated... |
| CVE-2023-49127 | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated... |
| CVE-2023-49128 | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application contains an out of bounds write past the end of an allocated... |
| CVE-2023-49129 | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This... |
| CVE-2023-49130 | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files.... |
| CVE-2023-49131 | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files.... |
| CVE-2023-49132 | 2024-01-09 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files.... |
| CVE-2023-49251 | 2024-01-09 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login... |
| CVE-2023-49252 | 2024-01-09 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker... |
| CVE-2023-49621 | 2024-01-09 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker... |
| CVE-2023-51438 | 2024-01-09 | A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows),... |
| CVE-2023-51439 | 2024-01-09 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions... |
| CVE-2023-51744 | 2024-01-09 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions... |
| CVE-2023-51745 | 2024-01-09 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions... |
| CVE-2023-51746 | 2024-01-09 | A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions... |
| CVE-2024-0206 | 2024-01-09 | A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved... |
| CVE-2024-0213 | 2024-01-09 | A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS),... |
| CVE-2023-7221 | 2024-01-09 | Totolink T6 HTTP POST Request main buffer overflow |
| CVE-2023-7222 | 2024-01-09 | Totolink X2000R HTTP POST Request boa formTmultiAP buffer overflow |
| CVE-2023-7223 | 2024-01-09 | Totolink T6 cstecgi.cgi access control |
| CVE-2022-36763 | 2024-01-09 | Heap Buffer Overflow in Tcg2MeasureGptTable |
| CVE-2022-36764 | 2024-01-09 | Heap Buffer Overflow in Tcg2MeasurePeImage |
| CVE-2022-36765 | 2024-01-09 | Integer Overflow in CreateHob |
| CVE-2023-6129 | 2024-01-09 | POLY1305 MAC implementation corrupts vector registers on PowerPC |
| CVE-2024-22165 | 2024-01-09 | Denial of Service in Splunk Enterprise Security of the Investigations manager through Investigation creation |
| CVE-2024-22164 | 2024-01-09 | Denial of Service of an Investigation in Splunk Enterprise Security through Investigation attachments |
| CVE-2024-0340 | 2024-01-09 | Kernel: information disclosure in vhost/vhost.c:vhost_new_msg() |
| CVE-2024-0226 | 2024-01-09 | Stored Cross-Site Scripting in Synopsys Seeker |
| CVE-2024-20666 | 2024-01-09 | BitLocker Security Feature Bypass Vulnerability |
| CVE-2024-20674 | 2024-01-09 | Windows Kerberos Security Feature Bypass Vulnerability |
| CVE-2024-20677 | 2024-01-09 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2024-20676 | 2024-01-09 | Azure Storage Mover Remote Code Execution Vulnerability |
| CVE-2024-20654 | 2024-01-09 | Microsoft ODBC Driver Remote Code Execution Vulnerability |
| CVE-2024-20657 | 2024-01-09 | Windows Group Policy Elevation of Privilege Vulnerability |
| CVE-2024-20658 | 2024-01-09 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability |
| CVE-2024-20680 | 2024-01-09 | Windows Message Queuing Client (MSMQC) Information Disclosure |
| CVE-2024-20682 | 2024-01-09 | Windows Cryptographic Services Remote Code Execution Vulnerability |
| CVE-2024-20683 | 2024-01-09 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-20690 | 2024-01-09 | Windows Nearby Sharing Spoofing Vulnerability |
| CVE-2024-20691 | 2024-01-09 | Windows Themes Information Disclosure Vulnerability |
| CVE-2024-20694 | 2024-01-09 | Windows CoreMessaging Information Disclosure Vulnerability |
| CVE-2024-20696 | 2024-01-09 | Windows libarchive Remote Code Execution Vulnerability |
| CVE-2024-20697 | 2024-01-09 | Windows libarchive Remote Code Execution Vulnerability |
| CVE-2024-20698 | 2024-01-09 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-20699 | 2024-01-09 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-20700 | 2024-01-09 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2024-21305 | 2024-01-09 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability |
| CVE-2024-21307 | 2024-01-09 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2024-21313 | 2024-01-09 | Windows TCP/IP Information Disclosure Vulnerability |
| CVE-2024-21325 | 2024-01-09 | Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability |
| CVE-2024-20672 | 2024-01-09 | .NET Denial of Service Vulnerability |
| CVE-2024-0056 | 2024-01-09 | Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability |
| CVE-2024-0057 | 2024-01-09 | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability |
| CVE-2024-20652 | 2024-01-09 | Windows HTML Platforms Security Feature Bypass Vulnerability |
| CVE-2024-20653 | 2024-01-09 | Microsoft Common Log File System Elevation of Privilege Vulnerability |
| CVE-2024-20655 | 2024-01-09 | Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability |
| CVE-2024-20656 | 2024-01-09 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2024-20660 | 2024-01-09 | Microsoft Message Queuing Information Disclosure Vulnerability |
| CVE-2024-20661 | 2024-01-09 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| CVE-2024-20662 | 2024-01-09 | Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability |