Lista CVE - 2024 / Novembre
Visualizzazione 1801 - 1900 di 4054 CVE per Novembre 2024 (Pagina 19 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-26017 | 2024-11-13 | Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-27200 | 2024-11-13 | Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-29085 | 2024-11-13 | Improper access control for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2024-28169 | 2024-11-13 | Cleartext transmission of sensitive information for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable denial of service via adjacent access. |
| CVE-2024-31407 | 2024-11-13 | Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially enable escalation... |
| CVE-2024-29077 | 2024-11-13 | Improper access control in some JAM STAPL Player software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-29079 | 2024-11-13 | Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-32485 | 2024-11-13 | Improper Input Validation in some Intel(R) VROC software before version 8.6.0.2003 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-28950 | 2024-11-13 | Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-32048 | 2024-11-13 | Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Model Server software before version 2024.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| CVE-2024-34164 | 2024-11-13 | Uncontrolled search path element in some Intel(R) MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-32044 | 2024-11-13 | Improper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31.0.101.5319 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2024-34028 | 2024-11-13 | Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user to potentially enable escalation... |
| CVE-2024-32667 | 2024-11-13 | Out-of-bounds read for some OpenCL(TM) software may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-29083 | 2024-11-13 | Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-33624 | 2024-11-13 | Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an unauthenticated user to potentially enable denial of service via network access. |
| CVE-2024-33611 | 2024-11-13 | Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow a privileged user to potentially enable denial of service via local access. |
| CVE-2024-35245 | 2024-11-13 | Uncontrolled search path element in some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-28881 | 2024-11-13 | Uncontrolled search path for some Intel(R) Fortran Compiler Classic software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-31158 | 2024-11-13 | Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-31154 | 2024-11-13 | Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-41167 | 2024-11-13 | Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-40885 | 2024-11-13 | Use after free in the UEFI firmware of some Intel(R) Server M20NTP BIOS may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-39811 | 2024-11-13 | Improper input validation in firmware for some Intel(R) Server M20NTP Family UEFI may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-39609 | 2024-11-13 | Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-39285 | 2024-11-13 | Improper access control in UEFI firmware in some Intel(R) Server M20NTP Family may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2024-37024 | 2024-11-13 | Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3.11.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-33617 | 2024-11-13 | Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. |
| CVE-2024-28885 | 2024-11-13 | Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. |
| CVE-2024-31074 | 2024-11-13 | Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. |
| CVE-2024-35201 | 2024-11-13 | Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access. |
| CVE-2024-36253 | 2024-11-13 | Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-36276 | 2024-11-13 | Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-36482 | 2024-11-13 | Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-36282 | 2024-11-13 | Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local... |
| CVE-2024-34167 | 2024-11-13 | Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2024-36245 | 2024-11-13 | Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-37027 | 2024-11-13 | Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-34776 | 2024-11-13 | Out-of-bounds write in some Intel(R) SGX SDK software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-36275 | 2024-11-13 | NULL pointer dereference in some Intel(R) Optane(TM) PMem Management software versions before CR_MGMT_02.00.00.4040, CR_MGMT_03.00.00.0499 may allow a authenticated user to potentially enable denial of service via local access. |
| CVE-2024-21799 | 2024-11-13 | Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-38387 | 2024-11-13 | Uncontrolled search path in the Intel(R) Graphics Driver installers for versions 15.40 and 15.45 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-38668 | 2024-11-13 | Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard Edition software for Windows before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-38383 | 2024-11-13 | Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-36242 | 2024-11-13 | Protection mechanism failure in the SPP for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-38660 | 2024-11-13 | Protection mechanism failure in the SPP for some Intel(R) Xeon(R) processor family (E-Core) may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-37025 | 2024-11-13 | Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-36488 | 2024-11-13 | Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-36294 | 2024-11-13 | Insecure inherited permissions for some Intel(R) DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-32483 | 2024-11-13 | Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-34022 | 2024-11-13 | Improper Access Control in some Thunderbolt(TM) Share software before version 1.0.49.9 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-34165 | 2024-11-13 | Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-39368 | 2024-11-13 | Improper neutralization of special elements used in an SQL command ('SQL Injection') in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation... |
| CVE-2024-28028 | 2024-11-13 | Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2024-39766 | 2024-11-13 | Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via... |
| CVE-2024-36284 | 2024-11-13 | Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2024-31695 | 2024-11-14 | A misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS v2.85.4, allows attackers to bypass authentication when adding a new fingerprint. |
| CVE-2024-39707 | 2024-11-14 | Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is... |
| CVE-2024-40579 | 2024-11-14 | Cross Site Scripting vulnerability in Virtuozzo Hybrid Server for WHMCS Open Source v.1.7.1 allows a remote attacker to obtain sensitive information via modification of the hostname parameter. |
| CVE-2024-41206 | 2024-11-14 | A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file. |
| CVE-2024-41209 | 2024-11-14 | A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file. |
| CVE-2024-41217 | 2024-11-14 | A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file. |
| CVE-2024-48284 | 2024-11-14 | A Reflected Cross-Site Scripting (XSS) vulnerability was found in the /search-result.php page of the PHPGurukul User Registration & Login and User Management System 3.2. This vulnerability allows remote attackers to... |
| CVE-2024-49776 | 2024-11-14 | A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file. |
| CVE-2024-49777 | 2024-11-14 | A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file. |
| CVE-2024-49778 | 2024-11-14 | A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file. |
| CVE-2024-50823 | 2024-11-14 | A SQL Injection vulnerability was found in /admin/login.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. |
| CVE-2024-50824 | 2024-11-14 | A SQL Injection vulnerability was found in /admin/class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. |
| CVE-2024-50825 | 2024-11-14 | A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter. |
| CVE-2024-50826 | 2024-11-14 | A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters. |
| CVE-2024-50827 | 2024-11-14 | A SQL Injection vulnerability was found in /admin/add_subject.php in kashipara E-learning Management System Project 1.0 via the subject_code parameter. |
| CVE-2024-50828 | 2024-11-14 | A SQL Injection vulnerability was found in /admin/edit_department.php in kashipara E-learning Management System Project 1.0 via the d parameter. |
| CVE-2024-50829 | 2024-11-14 | A SQL Injection vulnerability was found in /admin/edit_subject.php in kashipara E-learning Management System Project 1.0 via the unit parameter. |
| CVE-2024-50830 | 2024-11-14 | A SQL Injection vulnerability was found in /admin/calendar_of_events.php in kashipara E-learning Management System Project 1.0 via the date_start, date_end, and title parameters. |
| CVE-2024-50831 | 2024-11-14 | A SQL Injection was found in /admin/admin_user.php in kashipara E-learning Management System Project 1.0 via the username and password parameters. |
| CVE-2024-50832 | 2024-11-14 | A SQL Injection vulnerability was found in /admin/edit_class.php in kashipara E-learning Management System Project 1.0 via the class_name parameter. |
| CVE-2024-50833 | 2024-11-14 | A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters. |
| CVE-2024-50834 | 2024-11-14 | A SQL Injection was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0 via the firstname and lastname parameters. |
| CVE-2024-50835 | 2024-11-14 | A SQL Injection vulnerability was found in /admin/edit_student.php in KASHIPARA E-learning Management System Project 1.0 via the cys, un, ln, fn, and id parameters. |
| CVE-2024-50836 | 2024-11-14 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and... |
| CVE-2024-50837 | 2024-11-14 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/admin_user.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and... |
| CVE-2024-50838 | 2024-11-14 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and... |
| CVE-2024-50839 | 2024-11-14 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/add_subject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subject_code and... |
| CVE-2024-50840 | 2024-11-14 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the class_name parameter. |
| CVE-2024-50841 | 2024-11-14 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/calendar_of_events.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the date_start, date_end,... |
| CVE-2024-50842 | 2024-11-14 | A Stored Cross-Site Scripting (XSS) vulnerability was found in /admin/school_year.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the school_year parameter. |
| CVE-2024-50843 | 2024-11-14 | A Directory listing issue was found in PHPGurukul User Registration & Login and User Management System 3.2, which allows remote attackers attacker to access sensitive files and directories via /loginsystem/assets. |
| CVE-2024-50968 | 2024-11-14 | A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a... |
| CVE-2024-51156 | 2024-11-14 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component 'erp.07fly.net:80/admin/SysNotifyUser/del.html?id=93'. |
| CVE-2024-52613 | 2024-11-14 | A heap-based buffer under-read in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) via a crafted MOV video file. |
| CVE-2024-5083 | 2024-11-14 | Nexus Repository 2 - Stored XSS |
| CVE-2024-5082 | 2024-11-14 | Nexus Repository 2 - Remote Code Execution |
| CVE-2023-34049 | 2024-11-14 | Salt security advisory release - 2023-OCT-27 |
| CVE-2024-10146 | 2024-11-14 | Simple File List < 6.1.13 - Reflected Cross-Site Scripting |
| CVE-2024-9186 | 2024-11-14 | Automation By Autonami < 3.3.0 - Unauthenticated SQLi |
| CVE-2024-11206 | 2024-11-14 | Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information. |
| CVE-2024-7787 | 2024-11-14 | Reflected XSS in ITG Computer Technology's vSRM Supplier Relationship Management System |
| CVE-2024-9472 | 2024-11-14 | PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Traffic |
| CVE-2024-2551 | 2024-11-14 | PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted Packet |
| CVE-2024-5919 | 2024-11-14 | PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability |