Lista CVE - 2024 / Ottobre
Visualizzazione 1 - 100 di 3570 CVE per Ottobre 2024 (Pagina 1 di 36)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-25658 | 2024-10-01 | Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP users' usernames and... |
| CVE-2024-25659 | 2024-10-01 | In Infinera TNMS (Transcend Network Management System) 19.10.3, an insecure default configuration of the internal SFTP server on Linux servers allows remote attacker to access files and directories outside the... |
| CVE-2024-25661 | 2024-10-01 | In Infinera TNMS (Transcend Network Management System) 19.10.3, cleartext storage of sensitive information in memory of the desktop application TNMS Client allows guest OS administrators to obtain various users' passwords... |
| CVE-2024-31835 | 2024-10-01 | Cross Site Scripting vulnerability in flatpress CMS Flatpress v1.3 allows a remote attacker to execute arbitrary code via a crafted payload to the file name parameter. |
| CVE-2024-41276 | 2024-10-01 | A vulnerability in Kaiten version 57.131.12 and earlier allows attackers to bypass the PIN code authentication mechanism. The application requires users to input a 6-digit PIN code sent to their... |
| CVE-2024-42514 | 2024-10-01 | A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate access control... |
| CVE-2024-44610 | 2024-10-01 | PCAN-Ethernet Gateway FD before 1.3.0 and PCAN-Ethernet Gateway before 2.11.0 are vulnerable to Command injection via shell metacharacters in a Software Update to processing.php. |
| CVE-2024-44744 | 2024-10-01 | An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and... |
| CVE-2024-45967 | 2024-10-01 | Pagekit 1.0.18 is vulnerable to Cross Site Scripting (XSS) in index.php/admin/site/widget. |
| CVE-2024-45999 | 2024-10-01 | A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the get_station_info()function located in the file /application/models/Oqrs_model.php. The vulnerability is exploitable via the station_id parameter. |
| CVE-2024-46079 | 2024-10-01 | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the Descricao parameter. |
| CVE-2024-46080 | 2024-10-01 | Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. |
| CVE-2024-46081 | 2024-10-01 | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS,... |
| CVE-2024-46082 | 2024-10-01 | Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters. |
| CVE-2024-46083 | 2024-10-01 | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into... |
| CVE-2024-46084 | 2024-10-01 | Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function. |
| CVE-2024-25660 | 2024-10-01 | The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges. |
| CVE-2024-46258 | 2024-10-01 | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function at cute_png.h. |
| CVE-2024-46259 | 2024-10-01 | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cute_png.h. |
| CVE-2024-46261 | 2024-10-01 | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_make32() function at cute_png.h. |
| CVE-2024-46263 | 2024-10-01 | cute_png v1.05 was discovered to contain a stack overflow via the cp_dynamic() function at cute_png.h. |
| CVE-2024-46264 | 2024-10-01 | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_png.h. |
| CVE-2024-46267 | 2024-10-01 | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_block() function at cute_png.h. |
| CVE-2024-46274 | 2024-10-01 | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_stored() function at cute_png.h. |
| CVE-2024-46276 | 2024-10-01 | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_chunk() function at cute_png.h. |
| CVE-2024-9358 | 2024-10-01 | ThingsBoard HTTP RPC API resource consumption |
| CVE-2024-47560 | 2024-10-01 | RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed... |
| CVE-2024-47396 | 2024-10-01 | WordPress Move Addons for Elementor plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-9359 | 2024-10-01 | code-projects Restaurant Reservation System addcompany.php sql injection |
| CVE-2024-8981 | 2024-10-01 | Broken Link Checker <= 2.4.0 - Reflected Cross-Site Scripting |
| CVE-2024-9360 | 2024-10-01 | code-projects Restaurant Reservation System updatebal.php sql injection |
| CVE-2024-47295 | 2024-10-01 | Insecure initial password configuration issue in SEIKO EPSON Web Config allows a remote unauthenticated attacker to set an arbitrary password and operate the device with an administrative privilege. As for... |
| CVE-2024-0116 | 2024-10-01 | NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit... |
| CVE-2024-21489 | 2024-10-01 | Versions of the package uplot before 1.6.31 are vulnerable to Prototype Pollution via the uplot.assign function due to missing check if the attribute resolves to the object prototype. |
| CVE-2024-21531 | 2024-10-01 | All versions of the package git-shallow-clone are vulnerable to Command injection due to missing sanitization or mitigation flags in the process variable of the gitShallowClone function. |
| CVE-2024-8107 | 2024-10-01 | Slider Revolution <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9145 | 2024-10-01 | Local command injection in Wiz Code Visual Studio Code extension |
| CVE-2024-9108 | 2024-10-01 | Wechat Social login <= 1.3.0 - Unauthenticated Arbitrary File Upload |
| CVE-2024-9119 | 2024-10-01 | SVG Complete <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9269 | 2024-10-01 | Relogo <= 0.4.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-7432 | 2024-10-01 | Unseen Blog <= 1.0.0 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-9106 | 2024-10-01 | Wechat Social login <= 1.3.0 - Authentication Bypass |
| CVE-2024-7869 | 2024-10-01 | 123.chat - Video Chat <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-9274 | 2024-10-01 | Elastik Page Builder <= 0.27.4 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-7433 | 2024-10-01 | Empowerment <= 1.0.2 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-8718 | 2024-10-01 | Gravity Forms Toolbar <= 1.7.0 - Reflected Cross-Site Scripting |
| CVE-2024-8720 | 2024-10-01 | RumbleTalk Live Group Chat – HTML5 <= 6.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9272 | 2024-10-01 | R Animated Icon Plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-8548 | 2024-10-01 | KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions |
| CVE-2024-8632 | 2024-10-01 | KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Unauthenticated Ticket Reply Exposure |
| CVE-2024-8990 | 2024-10-01 | Geo Mashup <= 1.13.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via geo_mashup_visible_posts_list Shortcode |
| CVE-2024-9304 | 2024-10-01 | LocateAndFilter <= 1.6.14 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-8675 | 2024-10-01 | Soumettre.fr <= 2.1.2 - Missing Authorization |
| CVE-2024-8989 | 2024-10-01 | Stars Testimonials <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via stars_testimonials Shortcode |
| CVE-2024-9267 | 2024-10-01 | Easy WordPress Subscribe – Optin Hound <= 1.4.3 - Reflected Cross-Site Scripting via add_query_arg Parameter |
| CVE-2024-7434 | 2024-10-01 | UltraPress <= 1.2.1 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-8727 | 2024-10-01 | DK PDF <= 1.9.6 - Reflected Cross-Site Scripting |
| CVE-2024-8728 | 2024-10-01 | Easy Load More <= 1.0.3 - Reflected Cross-Site Scripting |
| CVE-2024-9241 | 2024-10-01 | PDF Image Generator <= 1.5.6 - Reflected Cross-Site Scripting |
| CVE-2024-9209 | 2024-10-01 | WP Search Analytics <= 1.4.10 - Reflected Cross-Site Scripting |
| CVE-2024-9224 | 2024-10-01 | Hello World <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read |
| CVE-2024-8799 | 2024-10-01 | Custom Banners <= 3.3 - Reflected Cross-Site Scripting |
| CVE-2024-9228 | 2024-10-01 | Loggedin – Limit Active Logins <= 1.3.1 - Reflected Cross-Site Scripting |
| CVE-2024-8288 | 2024-10-01 | Guten Post Layout – An Advanced Post Grid Collection for WordPress Gutenberg <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute |
| CVE-2024-8793 | 2024-10-01 | Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More <= 2.7.2.1 - Reflected Cross-Site Scripting |
| CVE-2024-9220 | 2024-10-01 | LH Copy Media File <= 1.08 - Reflected Cross-Site Scripting |
| CVE-2024-9018 | 2024-10-01 | WP Easy Gallery <= 4.8.5 - Authenticated (Contributor+) SQL Injection via key Parameter |
| CVE-2024-8786 | 2024-10-01 | Auto Featured Image from Title <= 2.3 - Reflected Cross-Site Scripting |
| CVE-2024-8324 | 2024-10-01 | XO Slider <= 3.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9265 | 2024-10-01 | Echo RSS Feed Post Generator <= 5.4.6 - Unauthenticated Privilege Escalation |
| CVE-2024-8430 | 2024-10-01 | Spice Starter Sites <= 1.2.5 - Missing Authorization to Unauthenticated Demo Content Import |
| CVE-2024-9289 | 2024-10-01 | WordPress & WooCommerce Affiliate Program <= 8.4.1 - Authentication Bypass to Account Takeover and Privilege Escalation |
| CVE-2024-9118 | 2024-10-01 | QS Dark Mode Plugin <= 2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9060 | 2024-10-01 | AVIF & SVG Uploader <= 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2023-3441 | 2024-10-01 | Exposure of Sensitive Information Due to Incompatible Policies in GitLab |
| CVE-2024-9405 | 2024-10-01 | An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the... |
| CVE-2024-30132 | 2024-10-01 | Missing default HTTP security headers affect HCL Nomad server on Domino |
| CVE-2023-7273 | 2024-10-01 | Cross Site Request Forgery in Kiteworks OwnCloud |
| CVE-2024-25632 | 2024-10-01 | Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances |
| CVE-2024-45408 | 2024-10-01 | eLabFTW contains a direct and indirect information disclosure |
| CVE-2024-41673 | 2024-10-01 | Decidim has a cross-site scripting vulnerability in the version control page |
| CVE-2024-9392 | 2024-10-01 | A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird <... |
| CVE-2024-9393 | 2024-10-01 | An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to... |
| CVE-2024-9394 | 2024-10-01 | An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to... |
| CVE-2024-9396 | 2024-10-01 | It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox... |
| CVE-2024-9397 | 2024-10-01 | A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131,... |
| CVE-2024-9398 | 2024-10-01 | By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects... |
| CVE-2024-9399 | 2024-10-01 | A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR... |
| CVE-2024-9400 | 2024-10-01 | A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox <... |
| CVE-2024-9401 | 2024-10-01 | Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with... |
| CVE-2024-9402 | 2024-10-01 | Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2024-9391 | 2024-10-01 | A user who enables full-screen mode on a specially crafted web page could potentially be prevented from exiting full screen mode. This may allow spoofing of other sites as the... |
| CVE-2024-9395 | 2024-10-01 | A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. *This bug only affects Firefox for Android. Other versions... |
| CVE-2024-9403 | 2024-10-01 | Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2024-47534 | 2024-10-01 | Incorrect delegation lookups can make go-tuf download the wrong artifact |
| CVE-2024-47604 | 2024-10-01 | XSS vulnerability in NuGetGallery HTML attributes handling |
| CVE-2024-47071 | 2024-10-01 | OSS Endpoint Manager allows unauthorized access to read system files |
| CVE-2024-47608 | 2024-10-01 | Logicytics vulnerable to shell injections |
| CVE-2024-9355 | 2024-10-01 | Golang-fips: golang fips zeroed buffer |
| CVE-2024-9341 | 2024-10-01 | Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library |