CVE List - 2024 / January
Showing 701 - 800 of 2591 CVEs for January 2024 (Page 8 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-20663 | 2024-01-09 | Windows Message Queuing Client (MSMQC) Information Disclosure |
| CVE-2024-20664 | 2024-01-09 | Microsoft Message Queuing Information Disclosure Vulnerability |
| CVE-2024-21316 | 2024-01-09 | Windows Server Key Distribution Service Security Feature Bypass |
| CVE-2024-20681 | 2024-01-09 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
| CVE-2024-20686 | 2024-01-09 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-20687 | 2024-01-09 | Microsoft AllJoyn API Denial of Service Vulnerability |
| CVE-2024-20692 | 2024-01-09 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability |
| CVE-2024-21306 | 2024-01-09 | Microsoft Bluetooth Driver Spoofing Vulnerability |
| CVE-2024-21309 | 2024-01-09 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2024-21310 | 2024-01-09 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2024-21311 | 2024-01-09 | Windows Cryptographic Services Information Disclosure Vulnerability |
| CVE-2024-21312 | 2024-01-09 | .NET Framework Denial of Service Vulnerability |
| CVE-2024-21314 | 2024-01-09 | Microsoft Message Queuing Information Disclosure Vulnerability |
| CVE-2024-21318 | 2024-01-09 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-21320 | 2024-01-09 | Windows Themes Spoofing Vulnerability |
| CVE-2022-48618 | 2024-01-09 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and... |
| CVE-2024-0341 | 2024-01-09 | Inis GET Request File.php path traversal |
| CVE-2024-21319 | 2024-01-09 | Microsoft Identity Denial of service vulnerability |
| CVE-2024-21668 | 2024-01-09 | Insertion of Sensitive Information into Log File in react-native-mmkv |
| CVE-2024-21664 | 2024-01-09 | Parsing JSON serialized payload without protected field can lead to segfault |
| CVE-2023-7032 | 2024-01-09 | A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. |
| CVE-2024-0342 | 2024-01-09 | Inis Sqlite.php sql injection |
| CVE-2024-0343 | 2024-01-09 | CodeAstro Simple House Rental System Login Panel cross site scripting |
| CVE-2024-0344 | 2024-01-09 | soxft TimeMail check.php sql injection |
| CVE-2024-0345 | 2024-01-09 | CodeAstro Vehicle Booking System User Registration usr-register.php cross site scripting |
| CVE-2024-0346 | 2024-01-09 | CodeAstro Vehicle Booking System Feedback Page user-give-feedback.php cross site scripting |
| CVE-2024-0347 | 2024-01-09 | SourceCodester Engineers Online Portal signup_teacher.php weak password |
| CVE-2023-6476 | 2024-01-09 | Cri-o: pods are able to break out of resource confinement on cgroupv2 |
| CVE-2024-0348 | 2024-01-09 | SourceCodester Engineers Online Portal File Upload resource consumption |
| CVE-2023-5770 | 2024-01-09 | HTML injection in email body through email subject |
| CVE-2023-34332 | 2024-01-09 | Untrusted Pointer Dereference in BMC |
| CVE-2023-3043 | 2024-01-09 | Stack-based Buffer Overflow BMC |
| CVE-2023-34333 | 2024-01-09 | Untrusted Pointer Dereference |
| CVE-2023-37293 | 2024-01-09 | stack-based buffer overflow |
| CVE-2023-37294 | 2024-01-09 | Heap-based Buffer Overflow |
| CVE-2023-37295 | 2024-01-09 | Heap-based Buffer Overflow |
| CVE-2023-37296 | 2024-01-09 | Stack-based Buffer Overflow |
| CVE-2023-37297 | 2024-01-09 | heap memory overflow |
| CVE-2024-0349 | 2024-01-09 | SourceCodester Engineers Online Portal missing secure attribute |
| CVE-2024-0350 | 2024-01-09 | SourceCodester Engineers Online Portal session expiration |
| CVE-2024-0351 | 2024-01-09 | SourceCodester Engineers Online Portal session fixiation |
| CVE-2024-0352 | 2024-01-09 | Likeshop HTTP POST Request File.php userFormImage unrestricted upload |
| CVE-2024-0354 | 2024-01-09 | unknown-o download-station index.php path traversal |
| CVE-2024-0355 | 2024-01-09 | PHPGurukul Dairy Farm Shop Management System add-category.php sql injection |
| CVE-2022-46025 | 2024-01-10 | Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the... |
| CVE-2023-31488 | 2024-01-10 | Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a... |
| CVE-2023-51957 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. |
| CVE-2023-51958 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. |
| CVE-2023-51961 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv. |
| CVE-2023-51972 | 2024-01-10 | Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. |
| CVE-2020-26627 | 2024-01-10 | A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark'... |
| CVE-2020-26628 | 2024-01-10 | A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to... |
| CVE-2020-26629 | 2024-01-10 | A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. |
| CVE-2020-26630 | 2024-01-10 | A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field... |
| CVE-2023-31446 | 2024-01-10 | In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup. |
| CVE-2023-41603 | 2024-01-10 | D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently... |
| CVE-2023-48864 | 2024-01-10 | SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php. |
| CVE-2023-49394 | 2024-01-10 | Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. |
| CVE-2023-49427 | 2024-01-10 | Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function. |
| CVE-2023-49471 | 2024-01-10 | Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers... |
| CVE-2023-50120 | 2024-01-10 | MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2023-50916 | 2024-01-10 | Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure... |
| CVE-2023-51123 | 2024-01-10 | An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the... |
| CVE-2023-51126 | 2024-01-10 | Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. NOTE: The vendor has stated that with the introduction... |
| CVE-2023-51127 | 2024-01-10 | FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary... |
| CVE-2023-51252 | 2024-01-10 | PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded,... |
| CVE-2023-51952 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. |
| CVE-2023-51953 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. |
| CVE-2023-51954 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. |
| CVE-2023-51955 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. |
| CVE-2023-51956 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv |
| CVE-2023-51959 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv. |
| CVE-2023-51960 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. |
| CVE-2023-51962 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo. |
| CVE-2023-51963 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. |
| CVE-2023-51964 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. |
| CVE-2023-51965 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. |
| CVE-2023-51966 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. |
| CVE-2023-51967 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo. |
| CVE-2023-51968 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo. |
| CVE-2023-51969 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo. |
| CVE-2023-51970 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. |
| CVE-2023-51971 | 2024-01-10 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo. |
| CVE-2023-52064 | 2024-01-10 | Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. |
| CVE-2024-0356 | 2024-01-10 | Mandelo ssm_shiro_blog Backend updateRoles access control |
| CVE-2024-0357 | 2024-01-10 | coderd-repos Eva HTTP POST Request page sql injection |
| CVE-2024-0358 | 2024-01-10 | DeShang DSO2O install.php access control |
| CVE-2024-0359 | 2024-01-10 | code-projects Simple Online Hotel Reservation System login.php sql injection |
| CVE-2024-0360 | 2024-01-10 | PHPGurukul Hospital Management System edit-doctor-specialization.php sql injection |
| CVE-2024-0361 | 2024-01-10 | PHPGurukul Hospital Management System contact.php sql injection |
| CVE-2024-0362 | 2024-01-10 | PHPGurukul Hospital Management System change-password.php sql injection |
| CVE-2024-0363 | 2024-01-10 | PHPGurukul Hospital Management System patient-search.php sql injection |
| CVE-2024-0364 | 2024-01-10 | PHPGurukul Hospital Management System query-details.php sql injection |
| CVE-2024-21643 | 2024-01-10 | Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability |
| CVE-2023-41781 | 2024-01-10 | XSS Vulnerability in ZTE MF258 Products |
| CVE-2023-49619 | 2024-01-10 | Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions. |
| CVE-2023-48242 | 2024-01-10 | The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP... |
| CVE-2023-48243 | 2024-01-10 | The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request.... |
| CVE-2023-48244 | 2024-01-10 | The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. |
| CVE-2023-48245 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. |