Lista CVE - 2024 / Ottobre
Visualizzazione 201 - 300 di 3570 CVE per Ottobre 2024 (Pagina 3 di 36)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-37822 | 2024-10-03 | The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. The WPA2-PSK generation... |
| CVE-2024-34535 | 2024-10-03 | In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header. |
| CVE-2024-41583 | 2024-10-03 | DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to stored Cross Site Scripting (XSS) by authenticated users due to poor sanitization of the router name. |
| CVE-2024-41584 | 2024-10-03 | DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to reflected XSS by authenticated users, caused by missing validation of the sFormAuthStr parameter. |
| CVE-2024-41585 | 2024-10-03 | DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject... |
| CVE-2024-41586 | 2024-10-03 | A stack-based Buffer Overflow vulnerability in DrayTek Vigor310 devices through 4.3.2.6 allows a remote attacker to execute arbitrary code via a long query string to the cgi-bin/ipfedr.cgi component. |
| CVE-2024-41588 | 2024-10-03 | The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST... |
| CVE-2024-41589 | 2024-10-03 | DrayTek Vigor310 devices through 4.3.2.6 use unencrypted HTTP for authentication requests. |
| CVE-2024-41590 | 2024-10-03 | Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor310 devices... |
| CVE-2024-41592 | 2024-10-03 | DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. |
| CVE-2024-41595 | 2024-10-03 | DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to change settings or cause a denial of service via .cgi pages because of missing bounds checks on read and write... |
| CVE-2024-41596 | 2024-10-03 | Buffer Overflow vulnerabilities exist in DrayTek Vigor310 devices through 4.3.2.6 (in the Vigor management UI) because of improper retrieval and handling of the CGI form parameters. |
| CVE-2024-45870 | 2024-10-03 | Bandisoft BandiView 7.05 is vulnerable to Incorrect Access Control in sub_0x3d80fc via a crafted POC file. |
| CVE-2024-45871 | 2024-10-03 | Bandisoft BandiView 7.05 is Incorrect Access Control via sub_0x232bd8 resulting in denial of service (DOS). |
| CVE-2024-45872 | 2024-10-03 | Bandisoft BandiView 7.05 is vulnerable to Buffer Overflow via sub_0x410d1d. The vulnerability occurs due to insufficient validation of PSD files. |
| CVE-2024-46658 | 2024-10-03 | Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability. |
| CVE-2024-41587 | 2024-10-03 | Stored XSS, by authenticated users, is caused by poor sanitization of the Login Page Greeting message in DrayTek Vigor310 devices through 4.3.2.6. |
| CVE-2024-41591 | 2024-10-03 | DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS. |
| CVE-2024-41593 | 2024-10-03 | DrayTek Vigor310 devices through 4.3.2.6 allow a remote attacker to execute arbitrary code via the function ft_payload_dns(), because a byte sign-extension operation occurs for the length argument of a _memcpy... |
| CVE-2024-41594 | 2024-10-03 | An issue in DrayTek Vigor310 devices through 4.3.2.6 allows an attacker to obtain sensitive information because the httpd server of the Vigor management UI uses a static string for seeding... |
| CVE-2024-47134 | 2024-10-03 | Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was... |
| CVE-2024-47135 | 2024-10-03 | Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which... |
| CVE-2024-47136 | 2024-10-03 | Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was... |
| CVE-2024-8352 | 2024-10-03 | Social Web Suite – Social Media Auto Post, Social Media Auto Publish <= 4.1.11 - Directory Traversal to Arbitrary File Download |
| CVE-2024-8159 | 2024-10-03 | Deep Freeze 9.00.020.5760 - Out-of-bounds read |
| CVE-2024-42504 | 2024-10-03 | HPE IceWall Agent products, Cross-Site Request Forgery (CSRF) |
| CVE-2024-47561 | 2024-10-03 | Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK) |
| CVE-2024-9313 | 2024-10-03 | Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as... |
| CVE-2024-47554 | 2024-10-03 | Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader |
| CVE-2024-9100 | 2024-10-03 | Local File Inclusion |
| CVE-2024-47618 | 2024-10-03 | Sulu vulnerable to XSS via uploaded SVG |
| CVE-2024-5803 | 2024-10-03 | Local privelage escalation via COM hijacking |
| CVE-2024-47617 | 2024-10-03 | Reflected XSS Vulnerability in Sulu Media Bundle |
| CVE-2024-47614 | 2024-10-03 | async-graphql vulnerable to Directive Overload |
| CVE-2024-9460 | 2024-10-03 | Codezips Online Shopping Portal index.php sql injection |
| CVE-2024-41922 | 2024-10-03 | A directory traversal vulnerability exists in the log files download functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An... |
| CVE-2024-39755 | 2024-10-03 | A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can lead to execute priviledged operation. An attacker can make... |
| CVE-2024-41163 | 2024-10-03 | A directory traversal vulnerability exists in the archive functionality of Veertu Anka Build 1.42.0. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can... |
| CVE-2024-36474 | 2024-10-03 | An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result... |
| CVE-2024-42415 | 2024-10-03 | An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result... |
| CVE-2024-25590 | 2024-10-03 | Crafted responses can lead to a denial of service due to cache inefficiencies in the Recursor |
| CVE-2024-8508 | 2024-10-03 | Unbounded name compression could lead to Denial of Service |
| CVE-2024-0123 | 2024-10-03 | NVIDIA CUDA toolkit for Windows and Linux contains a vulnerability in the nvdisasm command line tool where an attacker may cause an improper validation in input issue by tricking the... |
| CVE-2024-0124 | 2024-10-03 | NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on... |
| CVE-2024-0125 | 2024-10-03 | NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause a NULL pointer dereference by running nvdisasm on a... |
| CVE-2024-7826 | 2024-10-03 | Unhandled exception vulnerability that can cause the WRSA.exe service to crash and generate a crash dump |
| CVE-2024-7825 | 2024-10-03 | Type confusion that can cause the WRSA.exe service to crash and generate a crash dump |
| CVE-2024-7824 | 2024-10-03 | Type-confusion vulnerability that can cause the WRSA.exe service to crash and generate a crash dump |
| CVE-2024-47762 | 2024-10-03 | Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend |
| CVE-2024-41987 | 2024-10-03 | Cross-Site Request Forgery (CSRF) vulnerability in TEM Opera Plus FM Family Transmitter |
| CVE-2024-41988 | 2024-10-03 | Missing Authentication for Critical Function vulnerability in TEM Opera Plus FM Family Transmitter |
| CVE-2024-9266 | 2024-10-03 | Open Redirect |
| CVE-2024-41925 | 2024-10-03 | Optigo Networks ONS-S8 Spectra Aggregation Switch PHP Remote File Inclusion |
| CVE-2024-45367 | 2024-10-03 | Optigo Networks ONS-S8 Spectra Aggregation Switch Weak Authentication |
| CVE-2024-43699 | 2024-10-03 | Delta Electronics DIAEnergie SQL Injection |
| CVE-2024-42417 | 2024-10-03 | Delta Electronics DIAEnergie SQL Injection |
| CVE-2024-44204 | 2024-10-03 | A logic issue was addressed with improved validation. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. A user's saved passwords may be read aloud by VoiceOver. |
| CVE-2024-44207 | 2024-10-03 | This issue was addressed with improved checks. This issue is fixed in iOS 18.0.1 and iPadOS 18.0.1. Audio messages in Messages may be able to capture a few seconds of... |
| CVE-2023-26770 | 2024-10-04 | TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user. |
| CVE-2023-26771 | 2024-10-04 | Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it.... |
| CVE-2024-37868 | 2024-10-04 | File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the... |
| CVE-2024-37869 | 2024-10-04 | File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the... |
| CVE-2024-41512 | 2024-10-04 | A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter. |
| CVE-2024-41513 | 2024-10-04 | A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter. |
| CVE-2024-41514 | 2024-10-04 | A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter. |
| CVE-2024-41515 | 2024-10-04 | A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter. |
| CVE-2024-41516 | 2024-10-04 | A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter. |
| CVE-2024-44439 | 2024-10-04 | An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port. |
| CVE-2024-46077 | 2024-10-04 | itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_name parameters in travellers.php. |
| CVE-2024-46078 | 2024-10-04 | itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id. |
| CVE-2024-46409 | 2024-10-04 | A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter in the Calendar... |
| CVE-2024-46486 | 2024-10-04 | TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via the httpProcDataSrv function. |
| CVE-2024-47211 | 2024-10-04 | In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied... |
| CVE-2024-47850 | 2024-10-04 | CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added,... |
| CVE-2024-47855 | 2024-10-04 | util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string. |
| CVE-2024-47910 | 2024-10-04 | An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration... |
| CVE-2024-47911 | 2024-10-04 | In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands. |
| CVE-2024-47913 | 2024-10-04 | An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against... |
| CVE-2024-41511 | 2024-10-04 | A Path Traversal (Local File Inclusion) vulnerability in "BinaryFileRedirector.ashx" in CADClick v1.11.0 and before allows remote attackers to retrieve arbitrary local files via the "path" parameter. |
| CVE-2024-47854 | 2024-10-04 | An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back... |
| CVE-2024-8802 | 2024-10-04 | Clio Grow <= 1.0.2 - Reflected Cross-Site Scripting |
| CVE-2024-9345 | 2024-10-04 | Product Delivery Date for WooCommerce – Lite <= 2.7.3 - Reflected Cross-Site Scripting |
| CVE-2024-9353 | 2024-10-04 | Popularis Extra <= 1.2.6 - Reflected Cross-Site Scripting |
| CVE-2024-9372 | 2024-10-04 | WP Blocks Hub <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9349 | 2024-10-04 | Auto Amazon Links – Amazon Associates Affiliate Plugin <= 5.4.2 - Reflected Cross-Site Scripting |
| CVE-2024-9368 | 2024-10-04 | Aggregator Advanced Settings <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9421 | 2024-10-04 | Login Logout Shortcode <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter |
| CVE-2024-9204 | 2024-10-04 | Smart Custom 404 Error Page <= 11.4.7 - Reflected Cross-Site Scripting |
| CVE-2024-9375 | 2024-10-04 | WordPress Captcha Plugin by Captcha Bank <= 4.0.36 - Reflected Cross-Site Scripting |
| CVE-2024-9445 | 2024-10-04 | Display Medium Posts <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_medium_posts Shortcode |
| CVE-2024-9384 | 2024-10-04 | Quantity Dynamic Pricing & Bulk Discounts for WooCommerce <= 3.8.0 - Reflected Cross-Site Scripting |
| CVE-2024-8520 | 2024-10-04 | Ultimate Member <= 2.8.6 - Cross-Site Request Forgery to Membership Status Change |
| CVE-2024-8519 | 2024-10-04 | Ultimate Member <= 2.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9237 | 2024-10-04 | Fish and Ships <= 1.5.9 - Reflected Cross-Site Scripting |
| CVE-2024-8804 | 2024-10-04 | Code Embed <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9242 | 2024-10-04 | Memberful – Membership Plugin <= 1.73.7 - Authenticated (contributor+) Stored Cross-Site Scripting |
| CVE-2024-6442 | 2024-10-04 | Bluetooth: ASCS Unchecked tailroom of the response buffer |
| CVE-2024-6443 | 2024-10-04 | zephyr: out-of-bound read in utf8_trunc |
| CVE-2024-6444 | 2024-10-04 | Bluetooth: ots: missing buffer length check |
| CVE-2024-9306 | 2024-10-04 | WP Booking Calendar <= 10.6 - Authenticated (Admin+) Stored Cross-Site Scripting |