Lista CVE - 2024 / Ottobre
Visualizzazione 501 - 600 di 3570 CVE per Ottobre 2024 (Pagina 6 di 36)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-44022 | 2024-10-06 | WordPress Review & testimonial widgets plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44010 | 2024-10-06 | WordPress Full frame theme <= 2.7.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47650 | 2024-10-06 | WordPress WP-WebAuthn plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-47350 | 2024-10-06 | WordPress YITH WooCommerce Ajax Search plugin <= 2.8.0 - SQL Injection vulnerability |
| CVE-2024-47338 | 2024-10-06 | WordPress WPExperts Square For GiveWP plugin <= 1.3 - SQL Injection vulnerability |
| CVE-2024-9555 | 2024-10-06 | D-Link DIR-605L formSetEasy_Wizard buffer overflow |
| CVE-2024-9556 | 2024-10-06 | D-Link DIR-605L formSetEnableWizard buffer overflow |
| CVE-2024-9557 | 2024-10-06 | D-Link DIR-605L formSetWanPPPoE buffer overflow |
| CVE-2024-9558 | 2024-10-06 | D-Link DIR-605L formSetWanPPTP buffer overflow |
| CVE-2024-9559 | 2024-10-06 | D-Link DIR-605L formWlanSetup buffer overflow |
| CVE-2024-9560 | 2024-10-06 | ESAFENET CDG Catelogs;logindojojs delCatelogs sql injection |
| CVE-2024-9561 | 2024-10-06 | D-Link DIR-605L formSetWAN_Wizard52 buffer overflow |
| CVE-2024-9562 | 2024-10-06 | D-Link DIR-605L formSetWizard2 buffer overflow |
| CVE-2024-9563 | 2024-10-06 | D-Link DIR-605L formWlanSetup_Wizard buffer overflow |
| CVE-2024-42831 | 2024-10-07 | A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted... |
| CVE-2024-44068 | 2024-10-07 | An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads... |
| CVE-2024-44674 | 2024-10-07 | D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used... |
| CVE-2024-45873 | 2024-10-07 | A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. |
| CVE-2024-45874 | 2024-10-07 | A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe. |
| CVE-2024-45894 | 2024-10-07 | BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request. |
| CVE-2024-45919 | 2024-10-07 | A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in /AssignToMe/SetAction, an... |
| CVE-2024-45932 | 2024-10-07 | Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2. |
| CVE-2024-45933 | 2024-10-07 | OnlineNewsSite v1.0 is vulnerable to Cross Site Scripting (XSS) which allows attackers to execute arbitrary code via the Title and summary fields in the /admin/post/edit/ endpoint. |
| CVE-2024-46040 | 2024-10-07 | IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. The lack of validation of the authentication token at the IoT Haat during the Access Point Pairing mode... |
| CVE-2024-46041 | 2024-10-07 | IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay. |
| CVE-2024-46076 | 2024-10-07 | RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code. |
| CVE-2024-46278 | 2024-10-07 | Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console. |
| CVE-2024-46300 | 2024-10-07 | itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Full Name field in registration.php. |
| CVE-2024-46325 | 2024-10-07 | TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. |
| CVE-2024-46446 | 2024-10-07 | Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs that bypass user identity checks. Parameters can then be passed through the POST method, resulting... |
| CVE-2024-28709 | 2024-10-07 | Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. |
| CVE-2024-28710 | 2024-10-07 | Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message... |
| CVE-2024-9564 | 2024-10-07 | D-Link DIR-605L formWlanWizardSetup buffer overflow |
| CVE-2024-9565 | 2024-10-07 | D-Link DIR-605L formSetPassword buffer overflow |
| CVE-2024-20090 | 2024-10-07 | In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20091 | 2024-10-07 | In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2024-20092 | 2024-10-07 | In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20093 | 2024-10-07 | In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2024-20100 | 2024-10-07 | In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2024-20101 | 2024-10-07 | In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2024-20103 | 2024-10-07 | In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User... |
| CVE-2024-20094 | 2024-10-07 | In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction... |
| CVE-2024-20095 | 2024-10-07 | In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2024-20096 | 2024-10-07 | In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2024-20097 | 2024-10-07 | In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2024-20098 | 2024-10-07 | In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20099 | 2024-10-07 | In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20102 | 2024-10-07 | In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction... |
| CVE-2024-47335 | 2024-10-07 | WordPress Bit Form plugin <= 2.13.11 - SQL Injection vulnerability |
| CVE-2024-47344 | 2024-10-07 | WordPress uListing plugin <= 2.1.5 - Sensitive Data Exposure vulnerability |
| CVE-2024-45153 | 2024-10-07 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-42027 | 2024-10-07 | The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources. |
| CVE-2024-21455 | 2024-10-07 | Untrusted Pointer Dereference in DSP Service |
| CVE-2024-23369 | 2024-10-07 | Improper Restriction of Operations within the Bounds of a Memory Buffer in HLOS |
| CVE-2024-23370 | 2024-10-07 | Use After Free in Automotive Multimedia |
| CVE-2024-23374 | 2024-10-07 | Stack-based Buffer Overflow in Power Management IC |
| CVE-2024-23375 | 2024-10-07 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in RIL |
| CVE-2024-23376 | 2024-10-07 | Use After Free in ComputerVision |
| CVE-2024-23378 | 2024-10-07 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Audio |
| CVE-2024-23379 | 2024-10-07 | Double Free in DSP Services |
| CVE-2024-33049 | 2024-10-07 | Buffer Over-read in WLAN Host Communication |
| CVE-2024-33064 | 2024-10-07 | Buffer Over-read in WLAN Host Communication |
| CVE-2024-33065 | 2024-10-07 | Improper Input Validation in Camera |
| CVE-2024-33066 | 2024-10-07 | Improper Input Validation in WLAN Resource Manager |
| CVE-2024-33069 | 2024-10-07 | Use After Free in WLAN Host |
| CVE-2024-33070 | 2024-10-07 | Buffer Over-read in WLAN Host Communication |
| CVE-2024-33071 | 2024-10-07 | Buffer Over-read in WLAN Host Communication |
| CVE-2024-33073 | 2024-10-07 | Buffer Over-read in WLAN Host Communication |
| CVE-2024-38397 | 2024-10-07 | Buffer Over-read in WLAN Host Communication |
| CVE-2024-38399 | 2024-10-07 | Use After Free in Graphics |
| CVE-2024-38425 | 2024-10-07 | Improper Authorization in Performance |
| CVE-2024-43047 | 2024-10-07 | Use After Free in DSP Service |
| CVE-2024-9566 | 2024-10-07 | D-Link DIR-619L B1 formDeviceReboot buffer overflow |
| CVE-2024-9567 | 2024-10-07 | D-Link DIR-619L B1 formAdvFirewall buffer overflow |
| CVE-2024-9576 | 2024-10-07 | Improper access control in Linux Workbooth Distro |
| CVE-2024-9568 | 2024-10-07 | D-Link DIR-619L B1 formAdvNetwork buffer overflow |
| CVE-2024-9571 | 2024-10-07 | Cross-Site Scripting vulnerability in SOPlanning |
| CVE-2024-9572 | 2024-10-07 | Cross-Site Scripting vulnerability in SOPlanning |
| CVE-2024-9573 | 2024-10-07 | SQL Injection vulnerability in SOPlanning |
| CVE-2024-9574 | 2024-10-07 | SQL Injection vulnerability in SOPlanning |
| CVE-2024-9569 | 2024-10-07 | D-Link DIR-619L B1 formEasySetPassword buffer overflow |
| CVE-2023-6361 | 2024-10-07 | A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow... |
| CVE-2023-6362 | 2024-10-07 | A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow... |
| CVE-2024-9570 | 2024-10-07 | D-Link DIR-619L B1 formEasySetTimezone buffer overflow |
| CVE-2024-27458 | 2024-10-07 | HP Hotkey Support – Escalation of Privilege |
| CVE-2024-47555 | 2024-10-07 | Missing Authentication - User & System Configuration |
| CVE-2024-47556 | 2024-10-07 | Pre-Auth RCE via Path Traversal |
| CVE-2024-47557 | 2024-10-07 | Pre-Auth RCE via Path Traversal |
| CVE-2024-47558 | 2024-10-07 | Authenticated RCE via Path Traversal |
| CVE-2024-47559 | 2024-10-07 | Authenticated RCE via Path Traversal |
| CVE-2024-47975 | 2024-10-07 | Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially... |
| CVE-2024-47976 | 2024-10-07 | Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access. |
| CVE-2024-47971 | 2024-10-07 | Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial of service. |
| CVE-2024-47972 | 2024-10-07 | Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource. |
| CVE-2024-31227 | 2024-10-07 | Denial-of-service due to malformed ACL selectors in Redis |
| CVE-2024-31228 | 2024-10-07 | Denial-of-service due to unbounded pattern matching in Redis |
| CVE-2024-31449 | 2024-10-07 | Lua library commands may lead to stack overflow and RCE in Redis |
| CVE-2024-47079 | 2024-10-07 | Unauthorized usage of remote hardware module because of missing channel verification |
| CVE-2024-45293 | 2024-10-07 | XML External Entity Reference (XXE) in PHPSpreadsheet's XLSX reader |
| CVE-2024-45292 | 2024-10-07 | PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks |