Lista CVE - 2024 / Ottobre
Visualizzazione 901 - 1000 di 3571 CVE per Ottobre 2024 (Pagina 10 di 36)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-47416 | 2024-10-09 | Animate | Integer Overflow or Wraparound (CWE-190) |
| CVE-2024-47417 | 2024-10-09 | Animate | Heap-based Buffer Overflow (CWE-122) |
| CVE-2024-47415 | 2024-10-09 | Animate | Use After Free (CWE-416) |
| CVE-2024-47410 | 2024-10-09 | Animate | Stack-based Buffer Overflow (CWE-121) |
| CVE-2024-9575 | 2024-10-09 | Local File Inclusion in pretix-widget WordPress plugin |
| CVE-2024-45145 | 2024-10-09 | Lightroom Desktop | Out-of-bounds Read (CWE-125) |
| CVE-2024-47334 | 2024-10-09 | WordPress Zoho Flow for WordPress plugin <= 2.7.1 - SQL Injection vulnerability |
| CVE-2024-28168 | 2024-10-09 | Apache XML Graphics FOP: XML External Entity (XXE) Processing |
| CVE-2024-45720 | 2024-10-09 | Apache Subversion: Command line argument injection on Windows platforms |
| CVE-2024-9680 | 2024-10-09 | An attacker was able to achieve code execution in the... |
| CVE-2024-9286 | 2024-10-09 | SQLi in TRtek Software's Distant Education Platform |
| CVE-2024-45144 | 2024-10-09 | Substance3D - Stager | Out-of-bounds Write (CWE-787) |
| CVE-2024-45140 | 2024-10-09 | Substance3D - Stager | Out-of-bounds Write (CWE-787) |
| CVE-2024-45139 | 2024-10-09 | Substance3D - Stager | Heap-based Buffer Overflow (CWE-122) |
| CVE-2024-45152 | 2024-10-09 | Substance3D - Stager | Out-of-bounds Write (CWE-787) |
| CVE-2024-45141 | 2024-10-09 | Substance3D - Stager | Out-of-bounds Write (CWE-787) |
| CVE-2024-45143 | 2024-10-09 | Substance3D - Stager | Heap-based Buffer Overflow (CWE-122) |
| CVE-2024-45142 | 2024-10-09 | Substance3D - Stager | Write-what-where Condition (CWE-123) |
| CVE-2024-45138 | 2024-10-09 | Substance3D - Stager | Use After Free (CWE-416) |
| CVE-2024-46870 | 2024-10-09 | drm/amd/display: Disable DMCUB timeout for DCN35 |
| CVE-2024-46871 | 2024-10-09 | drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX |
| CVE-2024-47658 | 2024-10-09 | crypto: stm32/cryp - call finalize with bh disabled |
| CVE-2024-47659 | 2024-10-09 | smack: tcp: ipv4, fix incorrect labeling |
| CVE-2024-47660 | 2024-10-09 | fsnotify: clear PARENT_WATCHED flags lazily |
| CVE-2024-45136 | 2024-10-09 | InCopy | Unrestricted Upload of File with Dangerous Type (CWE-434) |
| CVE-2024-47661 | 2024-10-09 | drm/amd/display: Avoid overflow from uint32_t to uint8_t |
| CVE-2024-47662 | 2024-10-09 | drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection |
| CVE-2024-47663 | 2024-10-09 | staging: iio: frequency: ad9834: Validate frequency parameter value |
| CVE-2024-47664 | 2024-10-09 | spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware |
| CVE-2024-47665 | 2024-10-09 | i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup |
| CVE-2024-47666 | 2024-10-09 | scsi: pm80xx: Set phy->enable_completion only when we wait for it |
| CVE-2024-47667 | 2024-10-09 | PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) |
| CVE-2024-47668 | 2024-10-09 | lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() |
| CVE-2024-47669 | 2024-10-09 | nilfs2: fix state management in error path of log writing function |
| CVE-2024-8014 | 2024-10-09 | Telerik Reporting EntityDataSource Insecure Type Resolution |
| CVE-2024-45137 | 2024-10-09 | InDesign Desktop | Unrestricted Upload of File with Dangerous Type (CWE-434) |
| CVE-2024-8048 | 2024-10-09 | Telerik Reporting Insecure Expression Evaluation |
| CVE-2024-47422 | 2024-10-09 | Adobe Framemaker | Untrusted Search Path (CWE-426) |
| CVE-2024-47424 | 2024-10-09 | Adobe Framemaker | Integer Overflow or Wraparound (CWE-190) |
| CVE-2024-47421 | 2024-10-09 | Adobe Framemaker | Out-of-bounds Read (CWE-125) |
| CVE-2024-47423 | 2024-10-09 | Adobe Framemaker | Unrestricted Upload of File with Dangerous Type (CWE-434) |
| CVE-2024-47425 | 2024-10-09 | Adobe Framemaker | Integer Underflow (Wrap or Wraparound) (CWE-191) |
| CVE-2024-9671 | 2024-10-09 | System: pdf invoices of the developer users can be seen if the url is known |
| CVE-2024-9675 | 2024-10-09 | Buildah: buildah allows arbitrary directory mount |
| CVE-2024-7840 | 2024-10-09 | Improper neutralization special element in hyperlinks |
| CVE-2024-7293 | 2024-10-09 | Password policy for new users is not strong enough |
| CVE-2024-7294 | 2024-10-09 | Uncontrolled resource consumption of anonymous endpoints |
| CVE-2024-7292 | 2024-10-09 | Account Controller allows high count of login attempts |
| CVE-2024-47670 | 2024-10-09 | ocfs2: add bounds checking to ocfs2_xattr_find_entry() |
| CVE-2024-47671 | 2024-10-09 | USB: usbtmc: prevent kernel-usb-infoleak |
| CVE-2024-47672 | 2024-10-09 | wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead |
| CVE-2024-47673 | 2024-10-09 | wifi: iwlwifi: mvm: pause TCM when the firmware is stopped |
| CVE-2024-8015 | 2024-10-09 | Telerik Report Server Insecure Type Resolution |
| CVE-2024-43610 | 2024-10-09 | Copilot Studio Information Disclosure Vulnerability |
| CVE-2024-9463 | 2024-10-09 | Expedition: Unauthenticated OS Command Injection Vulnerability Leads to Firewall Credential Disclosure |
| CVE-2024-9464 | 2024-10-09 | Expedition: Authenticated OS Command Injection Vulnerability Leads to Firewall Admin Credential Disclosure |
| CVE-2024-9465 | 2024-10-09 | Expedition: SQL Injection Leads to Firewall Admin Credential Disclosure |
| CVE-2024-9466 | 2024-10-09 | Expedition: Cleartext Storage of Information Leads to Firewall Admin Credential Disclosure |
| CVE-2024-9467 | 2024-10-09 | Expedition: Reflected Cross-Site Scripting Vulnerability Leads to Expedition Session Disclosure |
| CVE-2024-9468 | 2024-10-09 | PAN-OS: Firewall Denial of Service (DoS) via a Maliciously Crafted Packet |
| CVE-2024-9469 | 2024-10-09 | Cortex XDR Agent: Local Windows User Can Disable the Agent |
| CVE-2024-9470 | 2024-10-09 | Cortex XSOAR: Information Disclosure Vulnerability |
| CVE-2024-9471 | 2024-10-09 | PAN-OS: Privilege Escalation (PE) Vulnerability in XML API |
| CVE-2024-9473 | 2024-10-09 | GlobalProtect App: Local Privilege Escalation (PE) Vulnerability |
| CVE-2024-47763 | 2024-10-09 | Wasmtime runtime crash when combining tail calls with trapping imports |
| CVE-2024-47813 | 2024-10-09 | Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations |
| CVE-2024-47812 | 2024-10-09 | Cross-site Scripting (XSS) on Special:RequestImportQueue when displaying request date in ImportDump |
| CVE-2024-47816 | 2024-10-09 | Users can impersonate import requesters if their actor IDs coincide in ImportDump |
| CVE-2024-47815 | 2024-10-09 | Cross-site Scripting in IncidentReporting |
| CVE-2024-47833 | 2024-10-09 | Session Cookie without Secure and HTTPOnly flags in taipy |
| CVE-2024-7038 | 2024-10-09 | Information Disclosure in open-webui/open-webui |
| CVE-2024-47832 | 2024-10-09 | XML Signature Bypass via differential XML parsing in ssoready |
| CVE-2024-47828 | 2024-10-09 | Cross-Site Request Forgery in ampache |
| CVE-2024-3656 | 2024-10-09 | Keycloak: unguarded admin rest api endpoints allows low privilege users to use administrative functionalities |
| CVE-2024-38817 | 2024-10-09 | VMware NSX contains a command injection vulnerability. A malicious actor... |
| CVE-2024-38818 | 2024-10-09 | VMware NSX contains a local privilege escalation vulnerability. An authenticated... |
| CVE-2024-38815 | 2024-10-09 | VMware NSX contains a content spoofing vulnerability. An unauthenticated malicious... |
| CVE-2024-7037 | 2024-10-09 | Arbitrary File Write/Delete Leading to RCE in open-webui/open-webui |
| CVE-2024-7041 | 2024-10-09 | IDOR in open-webui/open-webui |
| CVE-2024-39515 | 2024-10-09 | Junos OS and Junos OS Evolved: With BGP traceoptions enabled, receipt of specifically malformed BGP update causes RPD crash |
| CVE-2024-39516 | 2024-10-09 | Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash |
| CVE-2024-39525 | 2024-10-09 | Junos OS and Junos OS Evolved: When BGP traceoptions is enabled, receipt of specially crafted BGP packet causes RPD crash |
| CVE-2024-30118 | 2024-10-09 | HCL Connections is susceptible to a sensitive information disclosure vulnerability |
| CVE-2024-8264 | 2024-10-09 | Sensitive information in agent log file when detailed logging is enabled with Robot Schedule Enterprise prior to version 3.05 |
| CVE-2024-35202 | 2024-10-10 | Bitcoin Core before 25.0 allows remote attackers to cause a... |
| CVE-2024-48957 | 2024-10-10 | execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access... |
| CVE-2024-48958 | 2024-10-10 | execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access... |
| CVE-2024-48949 | 2024-10-10 | The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before... |
| CVE-2024-7048 | 2024-10-10 | IDOR in open-webui/open-webui |
| CVE-2024-9457 | 2024-10-10 | WP Builder <= 3.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9072 | 2024-10-10 | GDPR-Extensions-com – Consent Manager <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9519 | 2024-10-10 | UserPlus <= 2.0 - Authenticated (Editor+) Registration Form Update to Privilege Escalation |
| CVE-2024-9205 | 2024-10-10 | Maximum Products per User for WooCommerce <= 4.2.8 - Reflected Cross-Site Scripting |
| CVE-2024-8513 | 2024-10-10 | QA Analytics <= 4.1.0.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-8987 | 2024-10-10 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via youzify_media Shortcode |
| CVE-2024-9518 | 2024-10-10 | UserPlus <= 2.0 - Unauthenticated Privilege Escalation |
| CVE-2024-9522 | 2024-10-10 | WP Users Masquerade <= 2.0.0 - Authentication Bypass |
| CVE-2024-9066 | 2024-10-10 | Marketing and SEO Booster <= 1.9.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9064 | 2024-10-10 | Elementor Inline SVG <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9065 | 2024-10-10 | WP Helper Premium <= 4.6.1 - Missing Authorization in whp_smtp_send_mail_test |