Lista CVE - 2024 / Novembre
Visualizzazione 2301 - 2400 di 4054 CVE per Novembre 2024 (Pagina 24 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-51051 | 2024-11-18 | AVSCMS v8.2.0 was discovered to contain weak default credentials for... |
| CVE-2024-51053 | 2024-11-18 | An arbitrary file upload vulnerability in the component /main/fileupload.php of... |
| CVE-2024-52912 | 2024-11-18 | Bitcoin Core before 0.21.0 allows a network split that is... |
| CVE-2024-52913 | 2024-11-18 | In Bitcoin Core before 0.21.0, an attacker could prevent a... |
| CVE-2024-52914 | 2024-11-18 | In Bitcoin Core before 0.18.0, a node could be stalled... |
| CVE-2024-52915 | 2024-11-18 | Bitcoin Core before 0.20.0 allows remote attackers to cause a... |
| CVE-2024-52916 | 2024-11-18 | Bitcoin Core before 0.15.0 allows a denial of service (OOM... |
| CVE-2024-52917 | 2024-11-18 | Bitcoin Core before 22.0 has a miniupnp infinite loop in... |
| CVE-2024-52918 | 2024-11-18 | Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to... |
| CVE-2024-52919 | 2024-11-18 | Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow... |
| CVE-2024-52920 | 2024-11-18 | Bitcoin Core before 0.20.0 allows remote attackers to cause a... |
| CVE-2024-52921 | 2024-11-18 | In Bitcoin Core before 25.0, a peer can affect the... |
| CVE-2024-52922 | 2024-11-18 | In Bitcoin Core before 25.1, an attacker can cause a... |
| CVE-2024-52926 | 2024-11-18 | Delinea Privilege Manager before 12.0.2 mishandles the security of the... |
| CVE-2024-52940 | 2024-11-18 | AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is... |
| CVE-2024-52941 | 2024-11-18 | An issue was discovered in Veritas Enterprise Vault before 15.1... |
| CVE-2024-52942 | 2024-11-18 | An issue was discovered in Veritas Enterprise Vault before 15.1... |
| CVE-2024-52944 | 2024-11-18 | An issue was discovered in Veritas Enterprise Vault before 15.1... |
| CVE-2024-52945 | 2024-11-18 | An issue was discovered in Veritas NetBackup before 10.5. This... |
| CVE-2024-52946 | 2024-11-18 | An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper... |
| CVE-2024-52947 | 2024-11-18 | A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows... |
| CVE-2024-44756 | 2024-11-18 | NUS-M9 ERP Management Software v3.0.0 was discovered to contain a... |
| CVE-2024-52943 | 2024-11-18 | An issue was discovered in Veritas Enterprise Vault before 15.1... |
| CVE-2024-11305 | 2024-11-18 | Altenergy Power Control Software status_zigbee get_status_zigbee sql injection |
| CVE-2024-11306 | 2024-11-18 | Altenergy Power Control Software database improper authorization |
| CVE-2024-38828 | 2024-11-18 | CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter |
| CVE-2024-43704 | 2024-11-18 | GPU DDK - PowerVR: PVRSRVAcquireProcessHandleBase can cause psProcessHandleBase reuse when PIDs are reused |
| CVE-2024-11308 | 2024-11-18 | TRCore DVC - Use of Hard-coded Cryptographic Key |
| CVE-2024-5030 | 2024-11-18 | CM Table Of Contents – WordPress TOC Plugin < 1.2.3 - Settings Reset via CSRF |
| CVE-2024-11309 | 2024-11-18 | TRCore DVC - Arbitrary File Read through Path Traversal |
| CVE-2024-11310 | 2024-11-18 | TRCore DVC - Arbitrary File Read through Path Traversal |
| CVE-2024-11311 | 2024-11-18 | TRCore DVC - Arbitrary File Upload through Path Traversal |
| CVE-2024-11312 | 2024-11-18 | TRCore DVC - Arbitrary File Upload through Path Traversal |
| CVE-2024-11313 | 2024-11-18 | TRCore DVC - Arbitrary File Upload through Path Traversal |
| CVE-2024-11314 | 2024-11-18 | TRCore DVC - Arbitrary File Upload through Path Traversal |
| CVE-2024-22067 | 2024-11-18 | ZTE NH8091 product has an improper permission control vulnerability |
| CVE-2024-11315 | 2024-11-18 | TRCore DVC - Arbitrary File Upload through Path Traversal |
| CVE-2024-49574 | 2024-11-18 | SQL Injection |
| CVE-2024-48962 | 2024-11-18 | Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) |
| CVE-2024-47208 | 2024-11-18 | Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE |
| CVE-2024-45505 | 2024-11-18 | Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities |
| CVE-2024-45791 | 2024-11-18 | Apache HertzBeat: Exposure sensitive token via http GET method with query string |
| CVE-2024-41151 | 2024-11-18 | Apache HertzBeat: RCE by notice template injection vulnerability |
| CVE-2024-41968 | 2024-11-18 | WAGO: Docker Settings Manipulation in Multiple Devices |
| CVE-2024-41967 | 2024-11-18 | WAGO: Boot Mode Manipulation in Multiple Devices |
| CVE-2024-41969 | 2024-11-18 | WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices |
| CVE-2024-42383 | 2024-11-18 | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-41970 | 2024-11-18 | WAGO: Unauthorized Diagnostic Data Exposure in Multiple Devices |
| CVE-2024-41971 | 2024-11-18 | WAGO: Arbitrary File Overwrite in Multiple Devices |
| CVE-2024-42384 | 2024-11-18 | Integer Overflow or Wraparound in Mongoose Web Server library |
| CVE-2024-41972 | 2024-11-18 | WAGO: Arbitrary File Overwrite Leading to Privileged File Read in Multiple Devices |
| CVE-2024-42385 | 2024-11-18 | Improper Neutralization of Delimiters in Mongoose Web Server library |
| CVE-2024-41973 | 2024-11-18 | WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices |
| CVE-2024-42386 | 2024-11-18 | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-41974 | 2024-11-18 | WAGO: BACNet Service Property Modification Due to Permission Misconfiguration in Multiple Devices |
| CVE-2024-42387 | 2024-11-18 | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42388 | 2024-11-18 | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42389 | 2024-11-18 | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42390 | 2024-11-18 | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42391 | 2024-11-18 | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42392 | 2024-11-18 | Improper Neutralization of Delimiters in Mongoose Web Server library |
| CVE-2023-39176 | 2024-11-18 | Kernel: ksmbd: transform header out-of-bounds read information disclosure vulnerability |
| CVE-2023-39179 | 2024-11-18 | Kernel: ksmbd: read request out-of-bounds read information disclosure vulnerability |
| CVE-2023-39180 | 2024-11-18 | Kernel: ksmbd: read request memory leak denial-of-service vulnerability |
| CVE-2024-11023 | 2024-11-18 | Session Hijacking in Firebase JavaScript SDK |
| CVE-2024-48896 | 2024-11-18 | Moodle: users' names returned in messaging error message |
| CVE-2024-48897 | 2024-11-18 | Moodle: idor in edit/delete rss feed |
| CVE-2024-48898 | 2024-11-18 | Moodle: some users can delete audiences of other reports |
| CVE-2024-48901 | 2024-11-18 | Moodle: idor when fetching report schedules |
| CVE-2024-52316 | 2024-11-18 | Apache Tomcat: Authentication bypass when using Jakarta Authentication API |
| CVE-2024-52317 | 2024-11-18 | Apache Tomcat: Request/response mix-up with HTTP/2 |
| CVE-2024-11319 | 2024-11-18 | Stored XSS in Open Source Project "django-cms" |
| CVE-2024-52318 | 2024-11-18 | Apache Tomcat: Incorrect JSP tag recycling leads to XSS |
| CVE-2024-3370 | 2024-11-18 | SQLi in Egebilgi Software's Website Template |
| CVE-2024-11303 | 2024-11-18 | Path Traversal |
| CVE-2024-9526 | 2024-11-18 | Stored XSS in Kubeflow Pipeline View |
| CVE-2024-11318 | 2024-11-18 | IDOR vulnerability in AbsysNet |
| CVE-2024-8781 | 2024-11-18 | Container Escape Vulnerability in TR7's Application Security Platform (ASP) |
| CVE-2024-52434 | 2024-11-18 | WordPress Popup by Supsystic plugin <= 1.10.29 - Remote Code Execution (RCE) vulnerability |
| CVE-2024-52429 | 2024-11-18 | WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability |
| CVE-2024-52427 | 2024-11-18 | WordPress Event Tickets with Ticket Scanner plugin <= 2.3.11 - Remote Code Execution (RCE) vulnerability |
| CVE-2024-52433 | 2024-11-18 | WordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerability |
| CVE-2024-52432 | 2024-11-18 | WordPress NIX Anti-Spam Light plugin <= 0.0.4 - PHP Object Injection vulnerability |
| CVE-2024-11304 | 2024-11-18 | Multiple Stored Cross-Site Scripting |
| CVE-2024-52430 | 2024-11-18 | WordPress Lis Video Gallery plugin <= 0.2.1 - PHP Object Injection vulnerability |
| CVE-2024-52428 | 2024-11-18 | WordPress Ads Booster by Ads Pro plugin <= 1.12 - Local File Inclusion vulnerability |
| CVE-2024-52436 | 2024-11-18 | WordPress Post SMTP plugin <= 2.9.9 - SQL Injection vulnerability |
| CVE-2024-52435 | 2024-11-18 | WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.3 - SQL Injection vulnerability |
| CVE-2024-52431 | 2024-11-18 | WordPress WP Video Robot plugin <= 1.20.0 - SQL Injection vulnerability |
| CVE-2024-37155 | 2024-11-18 | OpenCTI May Bypass Introspection Restriction |
| CVE-2021-1465 | 2024-11-18 | A vulnerability in the web-based management interface of Cisco SD-WAN... |
| CVE-2024-52426 | 2024-11-18 | WordPress Linear plugin <= 2.7.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52425 | 2024-11-18 | WordPress Drozd – Addons for Elementor plugin <= 1.1.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2021-1462 | 2024-11-18 | Cisco SD-WAN vManage Software Privilege Escalation Vulnerability |
| CVE-2021-1444 | 2024-11-18 | Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software Web Services Interface Cross-Site Scripting Vulnerability |
| CVE-2021-1461 | 2024-11-18 | Cisco SD-WAN Software Signature Verification Bypass Vulnerability |
| CVE-2021-1440 | 2024-11-18 | Cisco IOS XR Software BGP Resource Public Key Infrastructure Denial of Service Vulnerability |
| CVE-2021-1424 | 2024-11-18 | Cisco ASR 5000 Series Software (StarOS) ipsecmgr Process Denial of Service Vulnerability |
| CVE-2021-1425 | 2024-11-18 | Cisco Cisco Email Security Appliance and Content Security Management Appliance Information Disclosure Vulnerability |
| CVE-2021-1410 | 2024-11-18 | Cisco Webex Meetings Unauthorized Distribution List Update Vulnerability |