Security Vulnerabilities - CVEs Published In January 2024
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-01-05
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-01-05
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-01-05
nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-01-05
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-01-05
handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.032
Published
2024-01-05
route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.147
Published
2024-01-05
Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-01-05
Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-01-05
There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.
CVSS Score
3.9
EPSS Score
0.0
Published
2024-01-05