CVE List - 2024 / January
Showing 801 - 900 of 2591 CVEs for January 2024 (Page 9 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-48246 | 2024-01-10 | The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. |
| CVE-2023-48247 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. |
| CVE-2023-48248 | 2024-01-10 | The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via... |
| CVE-2023-48249 | 2024-01-10 | The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP... |
| CVE-2023-48250 | 2024-01-10 | The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. |
| CVE-2024-0310 | 2024-01-10 | A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy... |
| CVE-2024-20710 | 2024-01-10 | Adobe Substance 3D Stager v2.1.1 Vulnerability I |
| CVE-2024-20715 | 2024-01-10 | Adobe Substance 3D Stager v2.1.1 Vulnerability VIII |
| CVE-2024-20714 | 2024-01-10 | Adobe Substance 3D Stager v2.1.1 Vulnerability V |
| CVE-2024-20713 | 2024-01-10 | Adobe Substance 3D Stager v2.1.1 Vulnerability IV |
| CVE-2024-20712 | 2024-01-10 | Adobe Substance 3D Stager v2.1.1 Vulnerability III |
| CVE-2024-20711 | 2024-01-10 | Adobe Substance 3D Stager v2.1.1 Vulnerability VII |
| CVE-2023-5455 | 2024-01-10 | Ipa: invalid csrf protection |
| CVE-2023-48251 | 2024-01-10 | The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. |
| CVE-2023-48252 | 2024-01-10 | The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. |
| CVE-2023-48253 | 2024-01-10 | The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to... |
| CVE-2023-48254 | 2024-01-10 | The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. |
| CVE-2023-48255 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP... |
| CVE-2023-48256 | 2024-01-10 | The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request. |
| CVE-2023-48257 | 2024-01-10 | The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can... |
| CVE-2023-48258 | 2024-01-10 | The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session. |
| CVE-2023-48259 | 2024-01-10 | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. |
| CVE-2023-48260 | 2024-01-10 | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. |
| CVE-2023-48261 | 2024-01-10 | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. |
| CVE-2023-48262 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
| CVE-2023-48263 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
| CVE-2023-48264 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
| CVE-2023-48265 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
| CVE-2023-48266 | 2024-01-10 | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
| CVE-2024-0389 | 2024-01-10 | SourceCodester Student Attendance System attendance_report.php sql injection |
| CVE-2023-6158 | 2024-01-10 | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the... |
| CVE-2023-49599 | 2024-01-10 | An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An... |
| CVE-2023-49810 | 2024-01-10 | A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can... |
| CVE-2023-50172 | 2024-01-10 | A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation... |
| CVE-2023-49589 | 2024-01-10 | An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password... |
| CVE-2023-47862 | 2024-01-10 | A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker... |
| CVE-2023-49715 | 2024-01-10 | A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code... |
| CVE-2023-47861 | 2024-01-10 | A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary... |
| CVE-2023-48728 | 2024-01-10 | A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript... |
| CVE-2023-48730 | 2024-01-10 | A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution.... |
| CVE-2023-49738 | 2024-01-10 | An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. |
| CVE-2023-49862 | 2024-01-10 | An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability... |
| CVE-2023-49863 | 2024-01-10 | An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability... |
| CVE-2023-49864 | 2024-01-10 | An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability... |
| CVE-2023-47171 | 2024-01-10 | An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file... |
| CVE-2023-41056 | 2024-01-10 | Redis vulnerable to integer overflow in certain payloads |
| CVE-2023-45139 | 2024-01-10 | fonttools XML External Entity Injection (XXE) Vulnerability |
| CVE-2023-29444 | 2024-01-10 | Uncontrolled Search Path Element in PTC's Kepware KEPServerEX |
| CVE-2023-37932 | 2024-01-10 | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from... |
| CVE-2023-37934 | 2024-01-10 | An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP... |
| CVE-2023-44250 | 2024-01-10 | An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an... |
| CVE-2023-46712 | 2024-01-10 | A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests. |
| CVE-2023-48783 | 2024-01-10 | An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote... |
| CVE-2023-29445 | 2024-01-10 | Uncontrolled Search Path Element in PTC's Kepware KEPServerEX |
| CVE-2023-29446 | 2024-01-10 | Improper Input Validation in PTC's Kepware KEPServerEX |
| CVE-2023-29447 | 2024-01-10 | Insufficiently Protected Credentials in PTC's Kepware KEPServerEX |
| CVE-2022-45793 | 2024-01-10 | Executable files writable by low-privileged users in Omron Sysmac Studio |
| CVE-2023-42941 | 2024-01-10 | The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a... |
| CVE-2024-0333 | 2024-01-10 | Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium... |
| CVE-2023-49295 | 2024-01-10 | quic-go's path validation mechanism can cause denial of service |
| CVE-2024-21638 | 2024-01-10 | Azure IPAM solution Elevation of Privilege Vulnerability |
| CVE-2023-40529 | 2024-01-10 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be... |
| CVE-2023-32378 | 2024-01-10 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to... |
| CVE-2023-32401 | 2024-01-10 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead... |
| CVE-2022-42839 | 2024-01-10 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read... |
| CVE-2022-47965 | 2024-01-10 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. |
| CVE-2023-40437 | 2024-01-10 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be... |
| CVE-2023-38610 | 2024-01-10 | A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to... |
| CVE-2023-42830 | 2024-01-10 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be... |
| CVE-2023-42871 | 2024-01-10 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code... |
| CVE-2023-42934 | 2024-01-10 | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may... |
| CVE-2023-42826 | 2024-01-10 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution. |
| CVE-2023-42870 | 2024-01-10 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary... |
| CVE-2023-42866 | 2024-01-10 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content... |
| CVE-2023-42831 | 2024-01-10 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An... |
| CVE-2023-38607 | 2024-01-10 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings. |
| CVE-2023-32436 | 2024-01-10 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. |
| CVE-2023-41987 | 2024-01-10 | This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. |
| CVE-2022-48577 | 2024-01-10 | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. |
| CVE-2023-41060 | 2024-01-10 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause... |
| CVE-2023-40411 | 2024-01-10 | This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data. |
| CVE-2022-47915 | 2024-01-10 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. |
| CVE-2023-42929 | 2024-01-10 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data. |
| CVE-2023-41974 | 2024-01-10 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel... |
| CVE-2023-42876 | 2024-01-10 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents. |
| CVE-2023-42933 | 2024-01-10 | This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges. |
| CVE-2023-40430 | 2024-01-10 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes without user consent. |
| CVE-2022-32931 | 2024-01-10 | This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information. |
| CVE-2023-28197 | 2024-01-10 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to... |
| CVE-2023-32366 | 2024-01-10 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and... |
| CVE-2023-40433 | 2024-01-10 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. |
| CVE-2023-40393 | 2024-01-10 | An authentication issue was addressed with improved state management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Photos in the Hidden Photos Album may be... |
| CVE-2023-41994 | 2024-01-10 | A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera extension may be able to access the camera view from apps other... |
| CVE-2023-40385 | 2024-01-10 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able... |
| CVE-2023-32424 | 2024-01-10 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may... |
| CVE-2022-46721 | 2024-01-10 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. |
| CVE-2022-48504 | 2024-01-10 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. |
| CVE-2023-42862 | 2024-01-10 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may... |
| CVE-2023-41075 | 2024-01-10 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS... |
| CVE-2022-46710 | 2024-01-10 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even... |