CyberSecurityBoard
Sponsor Register Login

CVE-2024-0440

Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.

Publication date: Mon, 26 Feb 2024 22:27:00 +0000


Cyber News related to CVE-2024-0440

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
4 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
11 months ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
11 months ago Cisa.gov
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
8 months ago Tenable.com
CVE-2024-0440 - Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files. ...
11 months ago
CVE-2000-0440 - NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option. ...
16 years ago
CVE-2002-0440 - Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning if Content-length equals 0" option enabled allows malicious web servers to bypass content scanning via a Content-length header set to 0, which is often ignored by HTTP ...
16 years ago
CVE-2005-0440 - ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL. ...
13 years ago
CVE-2014-0440 - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect availability via vectors related to PIA Core Technology. ...
11 years ago
CVE-2015-0440 - Unspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Information Manager Console. ...
9 years ago
CVE-1999-0440 - The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. ...
8 years ago
CVE-2016-0440 - Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to NFSv4. Per Oracle: Unsupported Solaris 11.x versions should be upgraded to a supported release or patch set. Refer to the ...
8 years ago
CVE-2015-7600 - Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section. ...
8 years ago
CVE-2009-0440 - IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related ...
7 years ago
CVE-2011-0440 - Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs. ...
7 years ago
CVE-2012-0440 - Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for ...
7 years ago
CVE-2008-0440 - AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts. ...
7 years ago
CVE-2001-0440 - Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands. ...
7 years ago
CVE-2003-0440 - The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. ...
7 years ago
CVE-2006-0440 - Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a ...
6 years ago
CVE-2017-0440 - An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a ...
5 years ago
CVE-2018-0440 - A vulnerability in the web interface of Cisco Data Center Network Manager could allow an authenticated application administrator to execute commands on the underlying operating system with root-level privileges. The vulnerability is due to incomplete ...
5 years ago
CVE-2022-0440 - The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie ...
2 years ago
CVE-2013-0440 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 7, allows remote attackers to affect availability via ...
2 years ago
CVE-2020-0440 - In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)