CVE-2024-2234

Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
3 months ago Cisa.gov

Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
3 months ago Cisa.gov

Over 29,000 QNAP devices vulnerable to code injection attacks - Tens of thousands of QNAP network-attached storage devices are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday. Remote threat actors can exploit this SQL injection vulnerability to inject malicious ...
1 year ago Bleepingcomputer.com

CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
3 weeks ago Tenable.com

The Top 24 Security Predictions for 2024 - Welcome to the second installment of this comprehensive annual look at global cybersecurity industry predictions from the top security industry vendors, technology magazines, expert thought leaders and many more. Last week, in part one of The Top 24 ...
6 months ago Securityboulevard.com

Securing Gold: Assessing Cyber Threats on Paris 2024 - The next Olympic Games hosted in Paris will take place from 26 July to 11 August 2024, while the Paralympic Games will be carried out from 28 August to 8 September 2024. Paris 2024 estimated the number of spectators for the next edition to be 9,7 ...
6 months ago Blog.sekoia.io

The Top 24 Security Predictions for 2024 - For 2024, top topics range from upcoming elections to regional wars to space exploration to advances in AI. And with technology playing a more central role in every area of life, annual cybersecurity prediction reports, cyber industry forecasts and ...
6 months ago Securityboulevard.com

Ransomware Attack Demands Reach a Staggering $5.2m in 2024 - The average extortion demand per ransomware attack was over $5.2m in the first half of 2024, according to a new analysis by Comparitech. This figure was calculated from 56 known ransom demands issued by threat actors from January-June 2024. The ...
3 days ago Infosecurity-magazine.com

CVE-2024-2234 - The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks ...
2 days ago

Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security - Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, ...
5 months ago Darkreading.com

Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability - On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in OpenSSH servers on glibc-based Linux systems. Using Palo Alto Networks Xpanse data, we observed 23 million instances of OpenSSH servers including all versions. ...
3 days ago Unit42.paloaltonetworks.com

CVE-2014-2234 - A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify callback function's documentation, which allows ...
10 years ago

CVE-2015-2234 - Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature ...
7 years ago

CVE-2009-2234 - Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter ($PHP_AUTH_USER) and (2) Password parameter ($PHP_AUTH_PW). ...
6 years ago

CVE-2012-2234 - Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action. ...
6 years ago

CVE-2010-2234 - Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL. ...
5 years ago

CVE-2008-2234 - Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow remote attackers to execute arbitrary code via a crafted "Authorization: Basic" HTTP header. ...
5 years ago

CVE-2002-2234 - NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the Malicious-URL blocking feature by splitting the URL into fragmented IP requests. ...
15 years ago

CVE-2004-2234 - Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. ...
15 years ago

CVE-2005-2234 - Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. ...
15 years ago

QNAP Releases Security Updates to Address Critical Vulnerability in NAS Devices - Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices. Tracked as CVE-2022-27596, the vulnerability has been rated 9.8 out of a maximum of 10 on the CVSS scoring scale. ...
1 year ago Thehackernews.com

CVE-2007-2234 - include/common.php in PunBB 1.2.14 and earlier does not properly handle a disabled ini_get function when checking the register_globals setting, which allows remote attackers to register global parameters, as demonstrated by an SQL injection attack on ...
5 years ago

CVE-2006-2234 - Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript URI in an img BBCode tag, or a JavaScript event in a (2) url BBCode tag or (3) color BBCode ...
5 years ago

CVE-2017-2234 - Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlier, Toshiba Home gateway HEM-GW26A firmware HEM-GW26A-FW-V1.2.0 and earlier may allow remote attackers to access a non-documented developer screen to perform operations on device ...
4 years ago

CVE-2021-2234 - Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network ...
3 years ago