CVE List - 2024 / January
Showing 101 - 200 of 2591 CVEs for January 2024 (Page 2 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-0189 | 2024-01-02 | RRJ Nueva Ecija Engineer Online Portal Create Message teacher_message.php cross site scripting |
| CVE-2024-0193 | 2024-01-02 | Kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation |
| CVE-2024-0190 | 2024-01-02 | RRJ Nueva Ecija Engineer Online Portal Quiz add_quiz.php cross site scripting |
| CVE-2022-3010 | 2024-01-02 | Predictable SSH credentials in Priva TopControl Suite |
| CVE-2023-48419 | 2024-01-02 | An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in EoP |
| CVE-2023-7192 | 2024-01-02 | Kernel: refcount leak in ctnetlink_create_conntrack() |
| CVE-2024-0191 | 2024-01-02 | RRJ Nueva Ecija Engineer Online Portal file information disclosure |
| CVE-2023-49794 | 2024-01-02 | The logic of get apk path in KernelSU module can be bypassed |
| CVE-2024-0192 | 2024-01-02 | RRJ Nueva Ecija Engineer Online Portal Add Downloadable downloadable.php unrestricted upload |
| CVE-2023-50711 | 2024-01-02 | `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access |
| CVE-2023-51652 | 2024-01-02 | OWASP.AntiSamy mXSS when preserving comments |
| CVE-2024-21623 | 2024-01-02 | Arbitrary Expression Injection in github workflow leads to Command execution & leaking secrets |
| CVE-2024-0194 | 2024-01-02 | CodeAstro Internet Banking System Profile Picture pages_account.php unrestricted upload |
| CVE-2024-0195 | 2024-01-02 | spider-flow FunctionController.java FunctionService.saveFunction code injection |
| CVE-2024-21627 | 2024-01-02 | Some attribute not escaped in Validate::isCleanHTML method |
| CVE-2024-21628 | 2024-01-02 | XSS can be stored in DB from "add a message form" in order detail page (FO) |
| CVE-2023-4164 | 2024-01-02 | There is a possible information disclosure due to a missing permission check in Pixel Watch |
| CVE-2024-21629 | 2024-01-02 | Erroneous handling of `record_external_operation` error return |
| CVE-2023-6339 | 2024-01-02 | Google Nest WiFi Pro root code-execution & user-data compromise |
| CVE-2024-21632 | 2024-01-02 | omniauth-microsoft_graph vulnerable to account takeover (nOAuth) |
| CVE-2024-0196 | 2024-01-02 | Magic-Api code injection |
| CVE-2023-48418 | 2024-01-02 | User Build misconfiguration resulting in local escalation of privilege |
| CVE-2023-39655 | 2024-01-03 | A host header injection vulnerability exists in the NPM package... |
| CVE-2023-42358 | 2024-01-03 | An issue was discovered in O-RAN Software Community ric-plt-e2mgr in... |
| CVE-2023-46929 | 2024-01-03 | An issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui... |
| CVE-2023-47473 | 2024-01-03 | Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before... |
| CVE-2023-50092 | 2024-01-03 | APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable... |
| CVE-2023-50093 | 2024-01-03 | APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable... |
| CVE-2023-50921 | 2024-01-03 | An issue was discovered on GL.iNet devices through 4.5.0. Attackers... |
| CVE-2023-37607 | 2024-01-03 | Directory Traversal in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00... |
| CVE-2023-37608 | 2024-01-03 | An issue in Automatic Systems SOC FL9600 FirstLane V06 lego_T04E00... |
| CVE-2023-45559 | 2024-01-03 | An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send... |
| CVE-2023-46308 | 2024-01-03 | In Plotly plotly.js before 2.25.2, plot API calls have a... |
| CVE-2023-49442 | 2024-01-03 | Deserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and... |
| CVE-2023-50090 | 2024-01-03 | Arbitrary File Write vulnerability in the saveReportFile method of ureport2... |
| CVE-2023-50922 | 2024-01-03 | An issue was discovered on GL.iNet devices through 4.5.0. Attackers... |
| CVE-2023-41779 | 2024-01-03 | Illegal Memory Access Vulnerability of ZTE's ZXCLOUD iRAI |
| CVE-2023-50351 | 2024-01-03 | Insecure key rotation affects MyXalytics |
| CVE-2023-50350 | 2024-01-03 | A broken cryptographic algorithm impacts MyXalytics |
| CVE-2023-41780 | 2024-01-03 | Unsafe DLL Loading Vulnerability in ZTE ZXCLOUD iRAI |
| CVE-2023-50348 | 2024-01-03 | Improper Error Handling affects DRYiCE MyXalytics |
| CVE-2023-41776 | 2024-01-03 | Local Privilege Escalation Vulnerability of ZTE's ZXCLOUD iRAI |
| CVE-2023-50346 | 2024-01-03 | An information disclosure affects DRYiCE MyXalytics |
| CVE-2023-50345 | 2024-01-03 | Open Redirect affects DRYiCE MyXalytics |
| CVE-2023-41783 | 2024-01-03 | Command Injection Vulnerability of ZTE's ZXCLOUD iRAI |
| CVE-2023-50344 | 2024-01-03 | Unauthenticated File Downloads affect DRYiCE MyXalytics |
| CVE-2023-50343 | 2024-01-03 | Improper Access Control (Controller APIs) affects DRYiCE MyXalytics |
| CVE-2023-50342 | 2024-01-03 | Insecure Direct Object Reference (IDOR) affects DRYiCE MyXalytics |
| CVE-2023-50341 | 2024-01-03 | Improper Access Control affects DRYiCE MyXalytics |
| CVE-2023-45723 | 2024-01-03 | Path Traversal which allows file upload capability affects DRYiCE MyXalytics |
| CVE-2023-45724 | 2024-01-03 | Unauthenticated File Upload affects DRYiCE MyXalytics |
| CVE-2023-45722 | 2024-01-03 | Path Traversal Arbitrary File Read affects DRYiCE MyXalytics |
| CVE-2023-6629 | 2024-01-03 | The POST SMTP Mailer – Email log, Delivery Failure Notifications... |
| CVE-2023-7027 | 2024-01-03 | The POST SMTP Mailer – Email log, Delivery Failure Notifications... |
| CVE-2023-6524 | 2024-01-03 | The MapPress Maps for WordPress plugin for WordPress is vulnerable... |
| CVE-2023-6600 | 2024-01-03 | The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin... |
| CVE-2023-6980 | 2024-01-03 | The WP SMS – Messaging & SMS Notification for WordPress,... |
| CVE-2023-6981 | 2024-01-03 | The WP SMS – Messaging & SMS Notification for WordPress,... |
| CVE-2023-6986 | 2024-01-03 | The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia... |
| CVE-2024-0207 | 2024-01-03 | Out-of-bounds Read in Wireshark |
| CVE-2024-0208 | 2024-01-03 | Improper Handling of Missing Values in Wireshark |
| CVE-2024-0209 | 2024-01-03 | NULL Pointer Dereference in Wireshark |
| CVE-2024-0210 | 2024-01-03 | Uncontrolled Recursion in Wireshark |
| CVE-2024-0211 | 2024-01-03 | Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark |
| CVE-2023-38674 | 2024-01-03 | FPE in paddle.nanmedian |
| CVE-2023-38675 | 2024-01-03 | FPE in paddle.linalg.matrix_rank |
| CVE-2023-38676 | 2024-01-03 | Segfault in paddle.dot |
| CVE-2023-38677 | 2024-01-03 | FPE in paddle.linalg.eig |
| CVE-2023-38678 | 2024-01-03 | Segfault in paddle.mode |
| CVE-2023-52302 | 2024-01-03 | Segfault in paddle.nextafter |
| CVE-2023-52303 | 2024-01-03 | Segfault in paddle.put_along_axis |
| CVE-2023-52304 | 2024-01-03 | Stack overflow in paddle.searchsorted |
| CVE-2023-52305 | 2024-01-03 | FPE in paddle.topk |
| CVE-2023-52306 | 2024-01-03 | FPE in paddle.lerp |
| CVE-2023-52307 | 2024-01-03 | Stack overflow in paddle.linalg.lu_unpack |
| CVE-2023-52308 | 2024-01-03 | FPE in paddle.amin |
| CVE-2023-52309 | 2024-01-03 | Heap buffer overflow in paddle.repeat_interleave |
| CVE-2023-52310 | 2024-01-03 | Command injection in get_online_pass_interval |
| CVE-2023-52311 | 2024-01-03 | Command injection in _wget_download |
| CVE-2023-52312 | 2024-01-03 | Null pointer dereference in paddle.crop |
| CVE-2023-52313 | 2024-01-03 | FPE in paddle.argmin and paddle.argmax |
| CVE-2023-52314 | 2024-01-03 | Command injection in convert_shape_compare |
| CVE-2023-7068 | 2024-01-03 | The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping... |
| CVE-2023-6747 | 2024-01-03 | The Best WordPress Gallery Plugin – FooGallery plugin for WordPress... |
| CVE-2023-6984 | 2024-01-03 | The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates)... |
| CVE-2023-6621 | 2024-01-03 | Post SMTP < 2.8.7 - Reflected Cross-Site Scripting |
| CVE-2024-0201 | 2024-01-03 | The Product Expiry for WooCommerce plugin for WordPress is vulnerable... |
| CVE-2023-51785 | 2024-01-03 | Apache InLong: Arbitrary File Read Vulnerability in Apache InLong Manager |
| CVE-2023-51784 | 2024-01-03 | Apache InLong: Remote Code Execution vulnerability in Apache InLong Manager |
| CVE-2024-21907 | 2024-01-03 | Improper Handling of Exceptional Conditions in Newtonsoft.Json |
| CVE-2023-30617 | 2024-01-03 | Leverage the kruise-daemon pod to list all secrets in the entire cluster |
| CVE-2023-46738 | 2024-01-03 | Authenticated users can crash the CubeFS servers with maliciously crafted requests |
| CVE-2024-21908 | 2024-01-03 | Cross-site scripting vulnerability in TinyMCE |
| CVE-2024-21909 | 2024-01-03 | Denial of service in CBOR library |
| CVE-2024-21910 | 2024-01-03 | Cross-site scripting vulnerability in TinyMCE plugins |
| CVE-2024-21911 | 2024-01-03 | Cross-site scripting vulnerability in TinyMCE |
| CVE-2023-46739 | 2024-01-03 | Timing attack can leak user passwords |
| CVE-2023-46740 | 2024-01-03 | Insecure random string generator used for sensitive data |
| CVE-2023-46741 | 2024-01-03 | CubeFS leaks magic secret key when starting Blobstore access service |
| CVE-2023-46742 | 2024-01-03 | CubeFS leaks users key in logs |