Lista CVE - 2024 / Novembre
Visualizzazione 901 - 1000 di 4054 CVE per Novembre 2024 (Pagina 10 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-50194 | 2024-11-08 | arm64: probes: Fix uprobes for big-endian kernels |
| CVE-2024-50195 | 2024-11-08 | posix-clock: Fix missing timespec64 check in pc_clock_settime() |
| CVE-2024-50196 | 2024-11-08 | pinctrl: ocelot: fix system hang on level based interrupts |
| CVE-2024-50197 | 2024-11-08 | pinctrl: intel: platform: fix error path in device_for_each_child_node() |
| CVE-2024-50198 | 2024-11-08 | iio: light: veml6030: fix IIO device retrieval from embedded device |
| CVE-2024-50199 | 2024-11-08 | mm/swapfile: skip HugeTLB pages for unuse_vma |
| CVE-2024-50200 | 2024-11-08 | maple_tree: correct tree corruption on spanning store |
| CVE-2024-50201 | 2024-11-08 | drm/radeon: Fix encoder->possible_clones |
| CVE-2024-50202 | 2024-11-08 | nilfs2: propagate directory read errors from nilfs_find_entry() |
| CVE-2024-7982 | 2024-11-08 | Registrations for The Events Calendar < 2.12.4 - Unauthenticated Stored XSS |
| CVE-2024-10994 | 2024-11-08 | Codezips Online Institute Management System edit_user.php unrestricted upload |
| CVE-2024-50203 | 2024-11-08 | bpf, arm64: Fix address emission with tag-based KASAN enabled |
| CVE-2024-50204 | 2024-11-08 | fs: don't try and remove empty rbtree node |
| CVE-2024-50205 | 2024-11-08 | ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() |
| CVE-2024-50206 | 2024-11-08 | net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init |
| CVE-2024-50207 | 2024-11-08 | ring-buffer: Fix reader locking when changing the sub buffer order |
| CVE-2024-50208 | 2024-11-08 | RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages |
| CVE-2024-50209 | 2024-11-08 | RDMA/bnxt_re: Add a check for memory allocation |
| CVE-2024-50210 | 2024-11-08 | posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() |
| CVE-2024-50211 | 2024-11-08 | udf: refactor inode_bmap() to handle error |
| CVE-2024-10995 | 2024-11-08 | Codezips Hospital Appointment System removeDoctorResult.php sql injection |
| CVE-2024-10996 | 2024-11-08 | 1000 Projects Bookstore Management System process_category_edit.php sql injection |
| CVE-2024-10269 | 2024-11-08 | Easy SVG Support <= 3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-10997 | 2024-11-08 | 1000 Projects Bookstore Management System book_list.php sql injection |
| CVE-2024-10998 | 2024-11-08 | 1000 Projects Bookstore Management System process_category_add.php sql injection |
| CVE-2024-10999 | 2024-11-08 | CodeAstro Real Estate Management System About Us Page aboutadd.php unrestricted upload |
| CVE-2024-11000 | 2024-11-08 | CodeAstro Real Estate Management System About Us Page aboutedit.php unrestricted upload |
| CVE-2024-24409 | 2024-11-08 | Privilege Escalation |
| CVE-2024-50588 | 2024-11-08 | Unprotected Exposed Firebird Database with default credentials |
| CVE-2024-10187 | 2024-11-08 | myCred <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_link Shortcode |
| CVE-2024-10839 | 2024-11-08 | XML External Entity |
| CVE-2024-10325 | 2024-11-08 | Elementor Header & Footer Builder <= 1.6.45 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-50589 | 2024-11-08 | Unprotected FHIR API |
| CVE-2024-50590 | 2024-11-08 | Local Privilege Escalation via Weak Service Binary Permissions |
| CVE-2024-50591 | 2024-11-08 | Local Privilege Escalation via Command Injection |
| CVE-2024-50593 | 2024-11-08 | Hardcoded Service Password |
| CVE-2024-50592 | 2024-11-08 | Local Privilege Escalation via Race Condition |
| CVE-2024-50378 | 2024-11-08 | Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli |
| CVE-2024-45765 | 2024-11-08 | Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper... |
| CVE-2024-45764 | 2024-11-08 | Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing... |
| CVE-2024-45763 | 2024-11-08 | Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper... |
| CVE-2024-9841 | 2024-11-08 | OpenText ArcSight Management Center and ArcSight Platform Stored XSS |
| CVE-2024-51997 | 2024-11-08 | The Attestation Results Token can be arbitrarily modified without being detected in Trustee |
| CVE-2024-21994 | 2024-11-08 | CVE-2024-21994 Denial of Service Vulnerability in StorageGRID (formerly StorageGRID Webscale) |
| CVE-2024-11026 | 2024-11-08 | Intelligent Apps Freenow App Keystore SSL.java hard-coded password |
| CVE-2024-52004 | 2024-11-08 | Remote code execution vulnerabilities in MediaCMS |
| CVE-2024-52002 | 2024-11-08 | Cross-Site Request Forgery (CSRF) in several iTop pages |
| CVE-2024-52001 | 2024-11-08 | Portal user is able to access forbidden services information in Combodo iTop |
| CVE-2024-52000 | 2024-11-08 | Reflected Cross-site Scripting exploit in Combodo iTop |
| CVE-2024-52009 | 2024-11-08 | Git credentials are exposed in atlantis logs |
| CVE-2024-52007 | 2024-11-08 | XXE vulnerability in XSLT parsing in `org.hl7.fhir.core` |
| CVE-2024-52311 | 2024-11-09 | data.all does not invalidate authentication token upon user logout |
| CVE-2024-10953 | 2024-11-09 | data.all authenticated users can perform mutating update operations on persisted notification records |
| CVE-2024-52313 | 2024-11-09 | data.all authenticated users can obtain incorrect object level authorizations |
| CVE-2024-52312 | 2024-11-09 | data.all authenticated users can perform restricted operations against DataSets and Environments |
| CVE-2024-52314 | 2024-11-09 | data.all admin user may access potentially sensitive data stored by producers via logs |
| CVE-2024-9270 | 2024-11-09 | Lenxel Core for Lenxel(LNX) LMS <= 1.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9262 | 2024-11-09 | User Meta – User Profile Builder and User management plugin <= 3.1 - Insecure Direct Object Reference to Sensitive Information Exposure |
| CVE-2024-10588 | 2024-11-09 | Debug Tool <= 2.2 - Missing Authorization to Information Exposure |
| CVE-2024-10284 | 2024-11-09 | CE21 Suite <= 2.2.0 - Authentication Bypass |
| CVE-2024-10586 | 2024-11-09 | Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation |
| CVE-2024-10285 | 2024-11-09 | CE21 Suite <= 2.2.0 - JWT Token Disclosure |
| CVE-2024-9775 | 2024-11-09 | Anih - Creative Agency WordPress Theme <= 2024 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-10294 | 2024-11-09 | CE21 Suite <= 2.2.0 - Missing Authorization to Unauthenticated Plugin Settings Change |
| CVE-2024-10779 | 2024-11-09 | Cowidgets – Elementor Addons <= 1.2.0 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-8960 | 2024-11-09 | Cowidgets – Elementor Addons <= 1.2.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-10673 | 2024-11-09 | Top Store <= 1.5.4 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation |
| CVE-2024-9226 | 2024-11-09 | Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages <= 1.7.6 - Reflected Cross-Site Scripting |
| CVE-2024-10674 | 2024-11-09 | Th Shop Mania <= 1.4.9 - Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation |
| CVE-2024-10625 | 2024-11-09 | WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Deletion |
| CVE-2024-10626 | 2024-11-09 | WooCommerce Support Ticket System <= 17.7 - Authenticated (Subscriber+) Arbitrary File Deletion |
| CVE-2024-10627 | 2024-11-09 | WooCommerce Support Ticket System <= 17.7 - Unauthenticated Arbitrary File Upload |
| CVE-2024-10693 | 2024-11-09 | SKT Addons for Elementor <= 3.3 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10770 | 2024-11-09 | Envo Extra <= 1.9.3 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10814 | 2024-11-09 | Code Embed <= 2.5 - Authenticated (Contributor+) Server-Side Request Forgery |
| CVE-2024-10669 | 2024-11-09 | Countdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10667 | 2024-11-09 | Content Slider Block – Create fully functional slider with Gutenberg block <= 3.1.5 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10470 | 2024-11-09 | WPLMS Learning Management System for WordPress <= 4.962 - Unauthenticated Arbitrary File Read and Deletion |
| CVE-2024-8756 | 2024-11-09 | Quform - WordPress Form Builder <= 2.20.0 - Unauthenticated Sensitive Information Exposure |
| CVE-2024-10683 | 2024-11-09 | Contact Form 7 - PayPal & Stripe Add-on <= 2.3.1 - Reflected Cross-Site Scripting |
| CVE-2024-9874 | 2024-11-09 | WordPress Poll Maker Plugin <= 5.4.6 - Authenticated (Administrator+) Time-Based SQL Injection |
| CVE-2024-10876 | 2024-11-09 | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.3 - Reflected Cross-Site Scripting |
| CVE-2024-10688 | 2024-11-09 | Attesa Extra <= 1.4.2 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10871 | 2024-11-09 | Category Ajax Filter <= 2.8.2 - Unauthenticated Local File Inclusion |
| CVE-2024-10547 | 2024-11-09 | WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload |
| CVE-2024-10801 | 2024-11-09 | WordPress User Extra Fields <= 16.5 - Unauthenticated Arbitrary File Upload |
| CVE-2024-10589 | 2024-11-09 | Leopard <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-10508 | 2024-11-09 | RegistrationMagic – User Registration Plugin with Custom Registration Forms <= 6.0.2.6 - Unauthenticated Privilege Escalation via Password Recovery |
| CVE-2024-51785 | 2024-11-09 | WordPress Responsive Filterable Portfolio plugin <= 1.0.22 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-51787 | 2024-11-09 | WordPress ElementsReady Addons for Elementor plugin <= 6.4.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51786 | 2024-11-09 | WordPress Realty by BestWebSoft plugin <= 1.1.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51784 | 2024-11-09 | WordPress FriendStore for WooCommerce plugin <= 1.4.2 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51783 | 2024-11-09 | WordPress Forms: 3rd-Party Post Again plugin <= 0.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51782 | 2024-11-09 | WordPress Loginplus plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51625 | 2024-11-09 | WordPress Quran Shortcode plugin <= 1.5 - SQL Injection vulnerability |
| CVE-2024-51621 | 2024-11-09 | WordPress Download-Mirror-Counter plugin <= 1.1 - SQL Injection vulnerability |
| CVE-2024-51620 | 2024-11-09 | WordPress Porsline plugin <= 1.0.2 - SQL Injection vulnerability |
| CVE-2024-51619 | 2024-11-09 | WordPress Market 360 Viewer plugin <= 1.01 - SQL Injection vulnerability |
| CVE-2024-51607 | 2024-11-09 | WordPress Golf Tracker plugin <= 0.7 - SQL Injection vulnerability |
| CVE-2024-51602 | 2024-11-09 | WordPress Simple Job Manager plugin <= 1.1 - SQL Injection vulnerability |