Lista CVE - 2024 / Novembre
Visualizzazione 3101 - 3200 di 4054 CVE per Novembre 2024 (Pagina 32 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-53094 | 2024-11-21 | RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES |
| CVE-2024-53095 | 2024-11-21 | smb: client: Fix use-after-free of network namespace. |
| CVE-2024-49588 | 2024-11-21 | Multiple authenticated SQL injections in oracle-sidecar |
| CVE-2024-52615 | 2024-11-21 | Avahi: avahi wide-area dns uses constant source port |
| CVE-2024-52616 | 2024-11-21 | Avahi: avahi wide-area dns predictable transaction ids |
| CVE-2024-52052 | 2024-11-21 | Stream Target Remote Code Execution in Wowza Streaming Engine |
| CVE-2024-52053 | 2024-11-21 | Stored Cross-Site Scripting in Wowza Streaming Engine |
| CVE-2024-52054 | 2024-11-21 | Application Creation Path Traversal in Wowza Streaming Engine |
| CVE-2024-52055 | 2024-11-21 | Application Copy Path Traversal in Wowza Streaming Engine |
| CVE-2024-52056 | 2024-11-21 | Application Delete Path Traversal in Wowza Streaming Engine |
| CVE-2024-37782 | 2024-11-22 | An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username... |
| CVE-2024-37783 | 2024-11-22 | A reflected cross-site scripting (XSS) vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx. |
| CVE-2024-47863 | 2024-11-22 | An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x before 23.10.18, 23.04.x before 23.04.23, and 22.10.x before 22.10.26. A stored XSS was found in the... |
| CVE-2024-50657 | 2024-11-22 | An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method |
| CVE-2024-50965 | 2024-11-22 | Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script |
| CVE-2024-51072 | 2024-11-22 | An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to cause a Denial of Service (DoS) via ECU reset UDS service. NOTE: this is... |
| CVE-2024-51073 | 2024-11-22 | An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus. NOTE: this... |
| CVE-2024-51074 | 2024-11-22 | Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument cluster through... |
| CVE-2024-52726 | 2024-11-22 | CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information |
| CVE-2024-44786 | 2024-11-22 | Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors. |
| CVE-2024-52723 | 2024-11-22 | In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload. |
| CVE-2024-53438 | 2024-11-22 | EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper... |
| CVE-2024-31408 | 2024-11-22 | OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted... |
| CVE-2024-39290 | 2024-11-22 | Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address... |
| CVE-2024-45837 | 2024-11-22 | Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or... |
| CVE-2024-47142 | 2024-11-22 | AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform... |
| CVE-2024-38296 | 2024-11-22 | Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability.... |
| CVE-2024-11381 | 2024-11-22 | Control horas <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11104 | 2024-11-22 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.2 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update |
| CVE-2024-11355 | 2024-11-22 | Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Setting Exposure |
| CVE-2024-11601 | 2024-11-22 | Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) <= 2.6.1 - Cross-Site Request Forgery to Limited Arbitrary Options Update |
| CVE-2024-10034 | 2024-11-22 | Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery <= 3.2.4.2 - Authenticated (Editor+) Stored Cross-Site Scripting |
| CVE-2024-11225 | 2024-11-22 | Premium Packages – Sell Digital Products Securely <= 5.9.3 - Reflected Cross-Site Scripting via add_query_arg |
| CVE-2024-8735 | 2024-11-22 | MailMunch – Grow your Email List <= 3.1.8 - Reflected Cross-Site Scripting |
| CVE-2024-10666 | 2024-11-22 | Easy Twitter Feed – Twitter feeds plugin for WP <= 1.2.6 - Authenticated (Contributor+) Post Exposure |
| CVE-2024-9422 | 2024-11-22 | GEO My WordPress < 4.5 - Admin+ Arbitrary File Upload |
| CVE-2024-8932 | 2024-11-22 | OOB access in ldap_escape |
| CVE-2024-8929 | 2024-11-22 | Leak partial content of the heap through heap buffer over-read in mysqlnd |
| CVE-2024-7837 | 2024-11-22 | SQLi in Firmanet Software's ERP |
| CVE-2024-7882 | 2024-11-22 | SQLi in Special Minds' e-Commerce |
| CVE-2017-9711 | 2024-11-22 | Permissions, Privileges, and Access Controls in Data |
| CVE-2021-30299 | 2024-11-22 | Improper Input Validation in Audio |
| CVE-2024-51766 | 2024-11-22 | HPE NonStop DISK UTIL, Local Denial of Service vulnerability |
| CVE-2024-41781 | 2024-11-22 | IBM PowerVM Hypervisor information disclosure |
| CVE-2024-41779 | 2024-11-22 | IBM Engineering Systems Design Rhapsody - Model Manager |
| CVE-2024-45719 | 2024-11-22 | Apache Answer: Predictable Authorization Token Using UUIDv1 |
| CVE-2024-49054 | 2024-11-22 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-50401 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-50400 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-50399 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-50398 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-50397 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-50396 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-50395 | 2024-11-22 | Media Streaming add-on |
| CVE-2024-48862 | 2024-11-22 | QuLog Center |
| CVE-2024-48861 | 2024-11-22 | QHora |
| CVE-2024-48860 | 2024-11-22 | QHora |
| CVE-2024-38647 | 2024-11-22 | QNAP AI Core |
| CVE-2024-38646 | 2024-11-22 | Notes Station 3 |
| CVE-2024-38645 | 2024-11-22 | Notes Station 3 |
| CVE-2024-38644 | 2024-11-22 | Notes Station 3 |
| CVE-2024-38643 | 2024-11-22 | Notes Station 3 |
| CVE-2024-37050 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-37049 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-37048 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-37047 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-37046 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-37045 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-37044 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-37043 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-37042 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-37041 | 2024-11-22 | QTS, QuTS hero |
| CVE-2024-32770 | 2024-11-22 | Photo Station |
| CVE-2024-32769 | 2024-11-22 | Photo Station |
| CVE-2024-32768 | 2024-11-22 | Photo Station |
| CVE-2024-32767 | 2024-11-22 | Photo Station |
| CVE-2023-24467 | 2024-11-22 | Possible Command Injection in OpenText iManager |
| CVE-2023-24466 | 2024-11-22 | Possible XML External Entity Injection in OpenText iManager |
| CVE-2022-26324 | 2024-11-22 | Possible XSS in iManager URL for access Component |
| CVE-2021-38135 | 2024-11-22 | Possible External service interaction Vulnerability in OpenText iManager |
| CVE-2021-38134 | 2024-11-22 | Possible Reflected and Stored XSS in OpenText iManager |
| CVE-2021-38119 | 2024-11-22 | Possible Reflected Cross-Site Scripting (XSS) Vulnerability in OpenText iManager |
| CVE-2021-38118 | 2024-11-22 | Possible Local Privilege Escalation Vulnerability in OpenText iManager |
| CVE-2021-38117 | 2024-11-22 | Possible Remote Code Execution Vulnerability OpenText iManager |
| CVE-2021-38116 | 2024-11-22 | Possible Command injection Vulnerability in OpenText iManager |
| CVE-2024-10863 | 2024-11-22 | Client-side audit exclusion vulnerability |
| CVE-2024-52793 | 2024-11-22 | XSS vulnerability in serveDir API of @std/http/file-server on POSIX systems |
| CVE-2024-52802 | 2024-11-22 | RIOT-OS missing dhcpv6_opt_t minimum header length check |
| CVE-2024-52804 | 2024-11-22 | Tornado has HTTP cookie parsing DoS vulnerability |
| CVE-2024-52814 | 2024-11-22 | Helm Lacks Granularity in Workflow Role |
| CVE-2024-10220 | 2024-11-22 | Arbitrary command execution through gitRepo volume |
| CVE-2024-11618 | 2024-11-22 | IPC Unigy Management System HTTP Request server-side request forgery |
| CVE-2024-52998 | 2024-11-22 | Substance3D - Stager | Out-of-bounds Read (CWE-125) |
| CVE-2024-53253 | 2024-11-22 | Sentry's improper error handling leaks Application Integration Client Secret |
| CVE-2023-39470 | 2024-11-22 | PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability |
| CVE-2023-51634 | 2024-11-22 | NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability |
| CVE-2023-51635 | 2024-11-22 | NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-51638 | 2024-11-22 | Allegra Hard-coded Credentials Authentication Bypass Vulnerability |
| CVE-2023-51639 | 2024-11-22 | Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability |
| CVE-2023-51640 | 2024-11-22 | Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability |