CyberSecurityBoard
Sponsor Register Login

CVE-2024-0357

A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250124.

This Cyber News was published on www.tenable.com. Publication date: Wed, 10 Jan 2024 13:11:03 +0000


Cyber News related to CVE-2024-0357

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
4 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
10 months ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
10 months ago Cisa.gov
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
7 months ago Tenable.com
CVE-2024-0357 - A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument ...
1 year ago Tenable.com
CVE-2015-0357 - Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism ...
8 years ago
CVE-2015-3040 - Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism ...
6 years ago
CVE-2000-0357 - ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys. ...
16 years ago
CVE-2002-0357 - Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges. ...
16 years ago
CVE-2013-0357 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology. ...
11 years ago
CVE-2014-0357 - Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request from the iOS or Android application. ...
1 year ago
CVE-2004-0357 - Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote attackers to execute arbitrary code via (1) user.dll, (2) loadpageadmin.dll or (3) loadpageuser.dll. ...
7 years ago
CVE-2005-0357 - EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain ...
7 years ago
CVE-2007-0357 - Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver. ...
7 years ago
CVE-2010-0357 - Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject ...
7 years ago
CVE-2016-0357 - IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site. ...
7 years ago
CVE-2008-0357 - Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter. ...
7 years ago
CVE-2009-0357 - Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via ...
7 years ago
CVE-2003-0357 - Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors. ...
7 years ago
CVE-2001-0357 - FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters. ...
7 years ago
CVE-2017-0357 - A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption. ...
6 years ago
CVE-2006-0357 - Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, allows remote attackers to cause an unspecified denial of service via a long string that does not contain a valid FTP command. ...
6 years ago
CVE-2018-0357 - A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient ...
5 years ago
CVE-2019-0357 - The administrator of SAP HANA database, before versions 1.0 and 2.0, can misuse HANA to execute commands with operating system "root" privileges. ...
4 years ago
CVE-2021-0357 - In netdiag, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)