Lista CVE - 2024 / Novembre
Visualizzazione 3801 - 3900 di 4054 CVE per Novembre 2024 (Pagina 39 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-53635 | 2024-11-27 | A Reflected Cross Site Scripting (XSS) vulnerability was found in... |
| CVE-2024-53920 | 2024-11-27 | In elisp-mode.el in GNU Emacs before 30.1, a user who... |
| CVE-2024-11820 | 2024-11-27 | code-projects Crud Operation System add.php cross site scripting |
| CVE-2024-53676 | 2024-11-27 | A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote... |
| CVE-2024-5921 | 2024-11-27 | GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation |
| CVE-2024-52958 | 2024-11-27 | iota C.ai Conversational Platform - Improper Verification of Cryptographic Signature |
| CVE-2024-52959 | 2024-11-27 | iota C.ai Conversational Platform - Improper Control of Generation of Code ('Code Injection') |
| CVE-2024-11083 | 2024-11-27 | ProfilePress <= 4.15.18 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-11219 | 2024-11-27 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 3.0.6 - Unauthetnicated Path Traversal to Arbitrary Image View |
| CVE-2024-36467 | 2024-11-27 | Authentication privilege escalation via user groups due to missing authorization checks |
| CVE-2024-10895 | 2024-11-27 | Counter Up – Animated Number Counter & Milestone Showcase <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10580 | 2024-11-27 | Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unauthorized Form Submission |
| CVE-2024-10175 | 2024-11-27 | Pricing Tables For WPBakery Page Builder (formerly Visual Composer) <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via wdo_pricing_tables Shortcode |
| CVE-2024-11667 | 2024-11-27 | A directory traversal vulnerability in the web management interface of... |
| CVE-2024-52323 | 2024-11-27 | Sensitive Data Exposure |
| CVE-2024-11025 | 2024-11-27 | SMA: SQL injection in Sunny Central UP |
| CVE-2024-10521 | 2024-11-27 | WordPress Contact Forms by Cimatti <= 1.9.2 - Cross-Site Request Forgery via process_bulk_action Function |
| CVE-2024-11009 | 2024-11-27 | Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) <= 1.2.1 - Authenticated (Administrator+) SQL Injection via post_id Parameter |
| CVE-2024-36468 | 2024-11-27 | Stack buffer overflow in zbx_snmp_cache_handle_engineid |
| CVE-2024-42326 | 2024-11-27 | Use after free vulnerability in browser.c |
| CVE-2024-42327 | 2024-11-27 | SQL injection in user.get API |
| CVE-2024-42328 | 2024-11-27 | JS - Crash on empty HTTP server response |
| CVE-2024-42329 | 2024-11-27 | JS - Crash on unexpected HTTP server response |
| CVE-2024-42330 | 2024-11-27 | JS - Internal strings in HTTP headers |
| CVE-2024-42331 | 2024-11-27 | Use after free in browser_push_error |
| CVE-2024-42332 | 2024-11-27 | New line injection in Zabbix SNMP traps |
| CVE-2024-42333 | 2024-11-27 | Heap buffer over-read |
| CVE-2024-36464 | 2024-11-27 | Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported |
| CVE-2024-11862 | 2024-11-27 | Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier... |
| CVE-2024-11860 | 2024-11-27 | SourceCodester Best House Rental Management System POST Request ajax.php improper authorization |
| CVE-2024-21703 | 2024-11-27 | This Medium severity Security Misconfiguration vulnerability was introduced in version... |
| CVE-2024-54003 | 2024-11-27 | Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape... |
| CVE-2024-54004 | 2024-11-27 | Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not... |
| CVE-2024-7025 | 2024-11-27 | Integer overflow in Layout in Google Chrome prior to 129.0.6668.89... |
| CVE-2024-9369 | 2024-11-27 | Insufficient data validation in Mojo in Google Chrome prior to... |
| CVE-2024-47181 | 2024-11-27 | Unaligned memory access in RPL option processing in Contiki-NG |
| CVE-2024-41126 | 2024-11-27 | Out-of-bounds read when decoding SNMP messages in Contiki-NG |
| CVE-2024-41125 | 2024-11-27 | Out-of-bounds read in SNMP when decoding a string in Contiki-NG |
| CVE-2023-29001 | 2024-11-27 | Uncontrolled recursion due to insufficient validation of the IPv6 source routing header in Contiki-NG |
| CVE-2024-53855 | 2024-11-27 | User can view tickets from organizations they're not apart of in centurion_erp |
| CVE-2024-53264 | 2024-11-27 | Open Redirect Vulnerability in Loading Page in bunkerweb |
| CVE-2017-13316 | 2024-11-27 | In checkPermissions of RecognitionService.java, there is a possible permissions bypass... |
| CVE-2017-13319 | 2024-11-27 | In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread... |
| CVE-2017-13320 | 2024-11-27 | In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB read... |
| CVE-2024-53859 | 2024-11-27 | go-gh `auth.TokenForHost` violates GitHub host security boundary within a codespace |
| CVE-2024-53858 | 2024-11-27 | Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in the gh cli |
| CVE-2024-53260 | 2024-11-27 | Course Roster vulnerable to CSV Injection in Autolab |
| CVE-2017-13321 | 2024-11-27 | In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of... |
| CVE-2024-53860 | 2024-11-27 | Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler |
| CVE-2017-13323 | 2024-11-27 | In String16 of String16.cpp, there is a possible out of... |
| CVE-2018-9349 | 2024-11-27 | In mv_err_cost of mcomp.c there is a possible out of... |
| CVE-2018-9350 | 2024-11-27 | In ih264d_assign_pic_num of ih264d_utils.c there is a possible out of... |
| CVE-2018-9351 | 2024-11-27 | In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is a possible out of... |
| CVE-2018-9352 | 2024-11-27 | In ihevcd_allocate_dynamic_bufs of ihevcd_api.c there is a possible resource exhaustion... |
| CVE-2018-9353 | 2024-11-27 | In ihevcd_parse_slice_data of ihevcd_parse_slice.c there is a possible heap buffer... |
| CVE-2018-9354 | 2024-11-27 | In VideoFrameScheduler.cpp of VideoFrameScheduler::PLL::fit, there is a possible remote denial... |
| CVE-2024-11787 | 2024-11-27 | Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-11789 | 2024-11-27 | Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-11790 | 2024-11-27 | Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-11791 | 2024-11-27 | Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-11792 | 2024-11-27 | Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-11793 | 2024-11-27 | Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-11794 | 2024-11-27 | Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-11795 | 2024-11-27 | Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-11796 | 2024-11-27 | Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-11797 | 2024-11-27 | Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-11798 | 2024-11-27 | Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-11799 | 2024-11-27 | Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-11800 | 2024-11-27 | Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-11801 | 2024-11-27 | Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-11802 | 2024-11-27 | Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-11803 | 2024-11-27 | Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-11933 | 2024-11-27 | Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2018-9374 | 2024-11-27 | In installPackageLI of PackageManagerService.java, there is a possible permissions bypass.... |
| CVE-2018-9377 | 2024-11-28 | In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to... |
| CVE-2024-38309 | 2024-11-28 | There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0... |
| CVE-2024-53008 | 2024-11-28 | Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists... |
| CVE-2024-38389 | 2024-11-28 | There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and... |
| CVE-2024-38658 | 2024-11-28 | There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and... |
| CVE-2024-46939 | 2024-11-28 | Game Extension Engine Path Traversal Vulnerability |
| CVE-2024-11918 | 2024-11-28 | Image Alt Text <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Image Alt Text Update |
| CVE-2024-10473 | 2024-11-28 | Logo Slider < 4.5.0 - Author+ Stored XSS |
| CVE-2024-10493 | 2024-11-28 | Element Pack Elementor Addons < 5.10.3 - Contributor+ Stored XSS |
| CVE-2024-10510 | 2024-11-28 | adBuddy+ (AdBlocker Detection) by NetfunkDesign <= 1.1.3 - Admin+ Stored XSS |
| CVE-2024-10896 | 2024-11-28 | Logo Slider < 4.5.0 - Contributor+ Stored XSS |
| CVE-2024-11925 | 2024-11-28 | WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation |
| CVE-2024-36466 | 2024-11-28 | Unauthenticated Zabbix frontend takeover when SSO is being used |
| CVE-2024-11761 | 2024-11-28 | LegalWeb Cloud <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11788 | 2024-11-28 | StreamWeasels YouTube Integration <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11203 | 2024-11-28 | EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name' |
| CVE-2024-8066 | 2024-11-28 | File Manager Pro – Filester <= 1.8.6- Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-11431 | 2024-11-28 | Ragic Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9669 | 2024-11-28 | File Manager Pro – Filester <= 1.8.5 - Authenticated (Administrator+) Local JavaScript File Inclusion |
| CVE-2024-11333 | 2024-11-28 | HLS Player <= 1.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11366 | 2024-11-28 | SEO Landing Page Generator <= 1.66.2 - Reflected Cross-Site Scripting |
| CVE-2024-11685 | 2024-11-28 | Kudos Donations – Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scripting via 'add_query_arg' |
| CVE-2024-11458 | 2024-11-28 | FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting |
| CVE-2024-11786 | 2024-11-28 | Login with Vipps and MobilePay <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11684 | 2024-11-28 | Kudos Donations – Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scripting |
| CVE-2024-52283 | 2024-11-28 | Missing sanitation of inputs allowed arbitrary users to conduct a... |