Lista CVE - 2024 / Novembre
Visualizzazione 1201 - 1300 di 4054 CVE per Novembre 2024 (Pagina 13 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-51054 | 2024-11-11 | A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" POST request... |
| CVE-2024-51135 | 2024-11-11 | An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious... |
| CVE-2024-51186 | 2024-11-11 | D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. |
| CVE-2024-51187 | 2024-11-11 | TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page. |
| CVE-2024-51188 | 2024-11-11 | TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page. |
| CVE-2024-51189 | 2024-11-11 | TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page. |
| CVE-2024-51190 | 2024-11-11 | TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page. |
| CVE-2024-51213 | 2024-11-11 | Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a remote attacker to execute arbitrary code via the login.php component. |
| CVE-2024-52533 | 2024-11-11 | gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. |
| CVE-2024-52530 | 2024-11-11 | GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the... |
| CVE-2024-52531 | 2024-11-11 | GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. There is a plausible way to reach this remotely via soup_message_headers_get_content_type (e.g., an... |
| CVE-2024-52532 | 2024-11-11 | GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients. |
| CVE-2024-11060 | 2024-11-11 | Jinher Network Collaborative Management Platform 金和数字化智能办公平台 AcceptShow.aspx sql injection |
| CVE-2024-11061 | 2024-11-11 | Tenda AC10 fast_setting_wifi_set FUN_0044db3c stack-based overflow |
| CVE-2024-38826 | 2024-11-11 | CVE-2024-38826 Cloud Controller Denial of Service Attack |
| CVE-2024-51575 | 2024-11-11 | WordPress Extender All In One For Elementor plugin <= 1.0.3 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51574 | 2024-11-11 | WordPress Simple Goods plugin <= 0.1.3 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51573 | 2024-11-11 | WordPress ML Responsive Audio plugin <= 0.2 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51572 | 2024-11-11 | WordPress LH QR Codes plugin <= 1.06 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51571 | 2024-11-11 | WordPress MasterBip para Elementor plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51793 | 2024-11-11 | WordPress RepairBuddy plugin <= 3.8115 - Arbitrary File Upload vulnerability |
| CVE-2024-51792 | 2024-11-11 | WordPress Audio Record plugin <= 1.0 - Arbitrary File Upload vulnerability |
| CVE-2024-51791 | 2024-11-11 | WordPress Forms plugin <= 2.8.0 - Arbitrary File Upload vulnerability |
| CVE-2024-51790 | 2024-11-11 | WordPress HB AUDIO GALLERY plugin <= 3.0 - Arbitrary File Upload vulnerability |
| CVE-2024-51789 | 2024-11-11 | WordPress Image Classify plugin <= 1.0.0 - Arbitrary File Upload vulnerability |
| CVE-2024-51788 | 2024-11-11 | WordPress The Novel Design Store Directory plugin <= 4.3.0 - Arbitrary File Upload vulnerability |
| CVE-2024-51882 | 2024-11-11 | WordPress Gboy Custom Google Map plugin <= 1.2 - SQL Injection vulnerability |
| CVE-2024-51845 | 2024-11-11 | WordPress Share Buttons – Social Media plugin <= 1.0.2 - SQL Injection vulnerability |
| CVE-2024-51843 | 2024-11-11 | WordPress Horsemanager plugin <= 1.3 - SQL Injection vulnerability |
| CVE-2024-51837 | 2024-11-11 | WordPress WP Contest plugin <= 1.0.0 - SQL Injection vulnerability |
| CVE-2024-51820 | 2024-11-11 | WordPress L Squared Hub WP plugin <= 1.0 - SQL Injection vulnerability |
| CVE-2024-52358 | 2024-11-11 | WordPress Responsive Addons for Elementor plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52357 | 2024-11-11 | WordPress LIQUID BLOCKS plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52356 | 2024-11-11 | WordPress The Pack Elementor addons plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52355 | 2024-11-11 | WordPress OSM – OpenStreetMap plugin <= 6.1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52354 | 2024-11-11 | WordPress Web Stories Widgets For Elementor plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52353 | 2024-11-11 | WordPress Christian Science Bible Lesson Subjects plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52352 | 2024-11-11 | WordPress Postcasa Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52351 | 2024-11-11 | WordPress BU Slideshow plugin <= 2.3.10 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52350 | 2024-11-11 | WordPress CRM 2go plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-11016 | 2024-11-11 | Grand Vice info Webopac - SQL Injection |
| CVE-2024-11017 | 2024-11-11 | Grand Vice info Webopac - Arbitrary File Upload |
| CVE-2024-11018 | 2024-11-11 | Grand Vice info Webopac - Arbitrary File Upload |
| CVE-2024-11019 | 2024-11-11 | Grand Vice info Webopac7 - Reflected XSS |
| CVE-2024-11020 | 2024-11-11 | Grand Vice info Webopac7 - SQL Injection |
| CVE-2024-11021 | 2024-11-11 | Grand Vice info Webopac - Stored XSS |
| CVE-2024-11062 | 2024-11-11 | D-Link DSL6740C - OS Command Injection |
| CVE-2024-11063 | 2024-11-11 | D-Link DSL6740C - OS Command Injection |
| CVE-2024-11064 | 2024-11-11 | D-Link DSL6740C - OS Command Injection |
| CVE-2024-11065 | 2024-11-11 | D-Link DSL6740C - OS Command Injection |
| CVE-2024-11066 | 2024-11-11 | D-Link DSL6740C - OS Command Injection |
| CVE-2024-11067 | 2024-11-11 | D-Link DSL6740C - Arbitrary File Reading through Path Traversal |
| CVE-2024-11068 | 2024-11-11 | D-Link DSL6740C - Incorrect Use of Privileged APIs |
| CVE-2024-43427 | 2024-11-11 | Moodle: admin presets export tool includes some secrets that should not be exported |
| CVE-2024-43429 | 2024-11-11 | Moodle: user information visibility control issues in gradebook reports |
| CVE-2024-43430 | 2024-11-11 | Moodle: lack of access control when using external methods for quiz overrides |
| CVE-2024-43432 | 2024-11-11 | Moodle: authorization headers preserved between "emulated redirects" |
| CVE-2024-43433 | 2024-11-11 | Moodle: matrix user/power level management not always working as expected with suspended users |
| CVE-2024-43435 | 2024-11-11 | Moodle: can create global glossary without being admin |
| CVE-2024-43437 | 2024-11-11 | Moodle: xss risk when restoring malicious course backup file |
| CVE-2024-34014 | 2024-11-11 | Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin... |
| CVE-2024-34015 | 2024-11-11 | Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup... |
| CVE-2024-10345 | 2024-11-11 | Unauthenticated Denial of Service via Shutdown Function |
| CVE-2024-50263 | 2024-11-11 | fork: only invoke khugepaged, ksm hooks if no error |
| CVE-2024-10344 | 2024-11-11 | Unauthenticated Denial of Service via Refuse Function |
| CVE-2024-10314 | 2024-11-11 | Unauthenticated Denial of Service via Auto Generation Function |
| CVE-2024-11070 | 2024-11-11 | Sanluan PublicCMS Tag Type save cross site scripting |
| CVE-2024-47131 | 2024-11-11 | Delta Electronics DIAScreen Stack-based Buffer Overflow |
| CVE-2024-39605 | 2024-11-11 | Delta Electronics DIAScreen Stack-based Buffer Overflow |
| CVE-2024-39354 | 2024-11-11 | Delta Electronics DIAScreen Stack-based Buffer Overflow |
| CVE-2024-43439 | 2024-11-11 | Moodle: reflected xss via h5p error message |
| CVE-2024-45088 | 2024-11-11 | IBM Maximo Asset Management cross-site scripting |
| CVE-2024-10917 | 2024-11-11 | Eclipse OpenJ9 might return an incorrect value in JNI function GetStringUTFLength |
| CVE-2024-11073 | 2024-11-11 | SourceCodester Hospital Management System delete-account.php improper authorization |
| CVE-2024-45087 | 2024-11-11 | IBM WebSphere Application Server cross-site scripting |
| CVE-2024-11074 | 2024-11-11 | itsourcecode Tailoring Management System incadd.php sql injection |
| CVE-2024-11076 | 2024-11-11 | code-projects Job Recruitment activation.php sql injection |
| CVE-2024-11077 | 2024-11-11 | code-projects Job Recruitment index.php sql injection |
| CVE-2024-52288 | 2024-11-11 | RMAC revert to the beginning of the session in libosdp |
| CVE-2024-10315 | 2024-11-11 | Insecure Configuration in Gliffy Online |
| CVE-2024-52286 | 2024-11-11 | Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF |
| CVE-2024-51992 | 2024-11-11 | Method Exposure Vulnerability in Modals in orchid/platform |
| CVE-2024-51748 | 2024-11-11 | Remote code execution through language setting in kanboard |
| CVE-2024-51747 | 2024-11-11 | Arbitrary File Read and Delete in kanboard |
| CVE-2024-11078 | 2024-11-11 | code-projects Job Recruitment register.php cross site scripting |
| CVE-2024-51490 | 2024-11-11 | Stored Cross-Site Scripting in Ampache |
| CVE-2024-51489 | 2024-11-11 | Insufficient Message Token Validation in Ampache |
| CVE-2024-51488 | 2024-11-11 | Insufficient Validation in Delete Message in Ampache |
| CVE-2024-51487 | 2024-11-11 | Insufficient Validation in Catalog (Activation/Deactivation) in Ampache |
| CVE-2024-51486 | 2024-11-11 | Stored Cross-Site Scripting in Ampache |
| CVE-2024-51485 | 2024-11-11 | Insufficient Validation in Plugins (Activation/Deactivation) in Ampache |
| CVE-2024-51484 | 2024-11-11 | Insufficient Validation in Controllers (Activation/Deactivation) in Ampache |
| CVE-2024-23983 | 2024-11-11 | Access rules for PingAccess may be circumvented with URL-encoded characters |
| CVE-2024-11079 | 2024-11-11 | Ansible-core: unsafe tagging bypass via hostvars object in ansible-core |
| CVE-2021-27700 | 2024-11-12 | SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify... |
| CVE-2021-27701 | 2024-11-12 | SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery (CSRF) via the Socifi wifi portal. The application does not contain a CSRF token and request validation.... |
| CVE-2021-27702 | 2024-11-12 | Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard. |
| CVE-2021-27703 | 2024-11-12 | Sercomm Model Etisalat Model S3- AC2100 is affected by Cross Site Scripting (XSS) via the firmware update page. |
| CVE-2021-27704 | 2024-11-12 | Appspace 6.2.4 is affected by Incorrect Access Control via the Appspace Web Portal password reset page. |
| CVE-2023-52268 | 2024-11-12 | The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE:... |