Lista CVE - 2024 / Novembre
Visualizzazione 2901 - 3000 di 4054 CVE per Novembre 2024 (Pagina 30 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-10899 | 2024-11-20 | WooCommerce Product Table Lite <= 3.8.6 - Unauthenticated Arbitrary Shortcode Execution & Reflected Cross-Site Scripting |
| CVE-2024-10855 | 2024-11-20 | Image Optimizer, Resizer and CDN – Sirv <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion |
| CVE-2024-10365 | 2024-11-20 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.0.3 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates |
| CVE-2024-52033 | 2024-11-20 | Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker... |
| CVE-2024-48895 | 2024-11-20 | Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a... |
| CVE-2024-47865 | 2024-11-20 | Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the... |
| CVE-2024-11176 | 2024-11-20 | Incorrect evaluation of effective permissions in M-Files Aino |
| CVE-2024-10127 | 2024-11-20 | Support for authentication bypass condition in M-Files LDAP authentication |
| CVE-2024-10126 | 2024-11-20 | Local file inclusion vulnerability in M-Files Server |
| CVE-2024-10665 | 2024-11-20 | Yaad Sarig Payment Gateway For WC <= 2.2.4 - Missing Authorization to Authenticated (Subscriber+) Log Read/Deletion |
| CVE-2024-10891 | 2024-11-20 | Save as PDF Plugin by Pdfcrowd <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11179 | 2024-11-20 | MStore API <= 4.15.7 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-11494 | 2024-11-20 | **UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL modem firmware version P-6101CSA6AP_20140331 could allow an unauthenticated attacker to read some device information via a crafted HTTP... |
| CVE-2024-10382 | 2024-11-20 | Arbitrary Code execution in Car App Android Jetpack Library |
| CVE-2024-45689 | 2024-11-20 | Moodle: unprotected access to sensitive information via dynamic tables |
| CVE-2024-45690 | 2024-11-20 | Moodle: idor when deleting oauth2 linked accounts |
| CVE-2024-45691 | 2024-11-20 | Moodle: lesson activity password bypass through php loose comparison |
| CVE-2024-48899 | 2024-11-20 | Moodle: idor when accessing list of course badges |
| CVE-2024-10872 | 2024-11-20 | Getwid – Gutenberg Blocks <= 2.0.12 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-52447 | 2024-11-20 | WordPress Contact Page With Google Map plugin <= 1.6.1 - Arbitrary File Deletion vulnerability |
| CVE-2024-52444 | 2024-11-20 | WordPress Opal Woo Custom Product Variation plugin <= 1.1.3 - Arbitrary File Deletion vulnerability |
| CVE-2024-52446 | 2024-11-20 | WordPress Buying Buddy IDX CRM plugin <= 1.1.12 - CSRF to PHP Object Injection vulnerability |
| CVE-2024-52445 | 2024-11-20 | WordPress QRMenu Restaurant QR Menu Lite plugin <= 1.0.3 - PHP Object Injection vulnerability |
| CVE-2024-52443 | 2024-11-20 | WordPress Geolocator plugin <= 1.1 - PHP Object Injection vulnerability |
| CVE-2024-52441 | 2024-11-20 | WordPress Quick Learn plugin <= 1.0.1 - PHP Object Injection vulnerability |
| CVE-2024-52440 | 2024-11-20 | WordPress Xpresslane Fast Checkout plugin <= 1.0.0 - PHP Object Injection vulnerability |
| CVE-2024-52439 | 2024-11-20 | WordPress Team Rosters plugin <= 4.6 - PHP Object Injection vulnerability |
| CVE-2024-52450 | 2024-11-20 | WordPress nBlocks plugin <= 1.0.2 - Local File Inclusion vulnerability |
| CVE-2024-52449 | 2024-11-20 | WordPress WordPress Bootscraper plugin <= 2.1.0 - Local File Inclusion vulnerability |
| CVE-2024-10520 | 2024-11-20 | WP Project Manager <= 2.6.14 - Missing Authorization to Project Milestone and Task Creation/Deletion |
| CVE-2024-52448 | 2024-11-20 | WordPress Ultimate Classified Listings plugin <= 1.4 - Local File Inclusion vulnerability |
| CVE-2024-52451 | 2024-11-20 | WordPress Post Ideas plugin <= 2 - CSRF to SQL Injection vulnerability |
| CVE-2024-11404 | 2024-11-20 | File Upload Bypass in django Filer |
| CVE-2024-52442 | 2024-11-20 | WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability |
| CVE-2024-52438 | 2024-11-20 | WordPress de:branding plugin <= 1.0.2 - Privilege Escalation vulnerability |
| CVE-2024-11406 | 2024-11-20 | Stored XSS in django CMS Attributes Fields |
| CVE-2024-52437 | 2024-11-20 | WordPress Banner System plugin <= 1.0.0 - Privilege Escalation vulnerability |
| CVE-2024-11495 | 2024-11-20 | Buffer overflow in OllyDbg |
| CVE-2024-9478 | 2024-11-20 | Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2. |
| CVE-2024-9479 | 2024-11-20 | Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2. |
| CVE-2024-10913 | 2024-11-20 | Clone <= 2.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialized_replace' |
| CVE-2024-11154 | 2024-11-20 | PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.15 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure |
| CVE-2024-52597 | 2024-11-20 | 2FAuth vulnerable to stored cross-site scripting via SVG upload and direct access render |
| CVE-2024-52598 | 2024-11-20 | 2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview |
| CVE-2024-52473 | 2024-11-20 | WordPress HTML5 Lyrics Karaoke Player plugin <= 2.4 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52472 | 2024-11-20 | WordPress Weather Atlas Widget plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52471 | 2024-11-20 | WordPress Extensions for Elementor plugin <= 2.0.37 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52470 | 2024-11-20 | WordPress Dynamic URL SEO plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-10094 | 2024-11-20 | Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code |
| CVE-2024-11484 | 2024-11-20 | Code4Berry Decoration Management System User Image update_image.php access control |
| CVE-2024-11485 | 2024-11-20 | Code4Berry Decoration Management System User userregister.php permission |
| CVE-2024-11486 | 2024-11-20 | Code4Berry Decoration Management System User Permission user_permission.php |
| CVE-2024-11487 | 2024-11-20 | Code4Berry Decoration Management System Between Dates Reports btndates_report.php sql injection |
| CVE-2024-52796 | 2024-11-20 | Password Pusher's rate limiter can be bypassed by forging proxy headers |
| CVE-2024-11488 | 2024-11-20 | 115cms web_user.html cross site scripting |
| CVE-2024-11489 | 2024-11-20 | 115cms file.html cross site scripting |
| CVE-2018-9468 | 2024-11-20 | In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permissions bypass. This could lead to local information disclosure and file rewriting with no additional... |
| CVE-2018-9469 | 2024-11-20 | In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a... |
| CVE-2024-11490 | 2024-11-20 | 115cms set.html cross site scripting |
| CVE-2024-11491 | 2024-11-20 | 115cms useradmin.html cross site scripting |
| CVE-2018-9470 | 2024-11-20 | In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no... |
| CVE-2018-9471 | 2024-11-20 | In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with... |
| CVE-2018-9472 | 2024-11-20 | In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in an unprivileged process with no additional execution... |
| CVE-2018-9474 | 2024-11-20 | In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2018-9475 | 2024-11-20 | In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote escalation of privilege via Bluetooth, if... |
| CVE-2018-9477 | 2024-11-20 | In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with... |
| CVE-2018-9478 | 2024-11-20 | In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution... |
| CVE-2024-11492 | 2024-11-20 | 115cms appurladd.html cross site scripting |
| CVE-2024-11493 | 2024-11-20 | 115cms pageAE.html cross site scripting |
| CVE-2018-9479 | 2024-11-20 | In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution... |
| CVE-2018-9480 | 2024-11-20 | In bta_hd_get_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth service with no additional execution... |
| CVE-2018-9481 | 2024-11-20 | In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure in the Bluetooth service with no additional execution... |
| CVE-2018-9482 | 2024-11-20 | In intr_data_copy_cb of btif_hd.cc, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure in the Bluetooth service with no... |
| CVE-2018-9483 | 2024-11-20 | In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over bluetooth with no additional... |
| CVE-2018-9484 | 2024-11-20 | In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2018-9485 | 2024-11-20 | In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over bluetooth with no additional... |
| CVE-2018-9486 | 2024-11-20 | In hidh_l2cif_data_ind of hidh_conn.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over bluetooth with no additional... |
| CVE-2018-9487 | 2024-11-20 | In setVpnForcedLocked of Vpn.java, there is a possible blocking of internet traffic through vpn due to a bad uid check. This could lead to local denial of service with no... |
| CVE-2024-52581 | 2024-11-20 | Litestar allows unbounded resource consumption (DoS vulnerability) |
| CVE-2024-9875 | 2024-11-20 | Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0 are affected by a privilege escalation vulnerability when the sudo command bundles feature is enabled. To remediate this vulnerability, upgrade... |
| CVE-2024-30896 | 2024-11-21 | InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to... |
| CVE-2024-45194 | 2024-11-21 | In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows execution of stored Cross-Site Scripting (XSS) payloads. An attacker with administrative access to the Zimbra... |
| CVE-2024-45512 | 2024-11-21 | An issue was discovered in webmail in Zimbra Collaboration (ZCS) through 10.1. An attacker can exploit this vulnerability by creating a folder in the Briefcase module with a malicious payload... |
| CVE-2024-45513 | 2024-11-21 | An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (XSS) vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject... |
| CVE-2024-45514 | 2024-11-21 | An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the... |
| CVE-2024-45517 | 2024-11-21 | An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability in the /h/rest endpoint of the Zimbra webmail and admin panel interfaces allows attackers to... |
| CVE-2024-48286 | 2024-11-21 | Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function. |
| CVE-2024-48747 | 2024-11-21 | An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file. |
| CVE-2024-51337 | 2024-11-21 | Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User Admin/user_manage_editProcess.php. |
| CVE-2024-51364 | 2024-11-21 | An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file. |
| CVE-2024-51366 | 2024-11-21 | An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file. |
| CVE-2024-51367 | 2024-11-21 | An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file. |
| CVE-2024-53333 | 2024-11-21 | TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter. |
| CVE-2024-53334 | 2024-11-21 | TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in infostat.cgi. |
| CVE-2024-53335 | 2024-11-21 | TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi. |
| CVE-2024-53425 | 2024-11-21 | A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application... |
| CVE-2024-53426 | 2024-11-21 | A heap-buffer-overflow vulnerability has been identified in ntopng 6.2 in the Flow::dissectMDNS function. |
| CVE-2024-53429 | 2024-11-21 | Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which leads to a crash. |
| CVE-2024-53432 | 2024-11-21 | While parsing certain malformed PLY files, PCL version 1.14.1 crashes due to an uncaught std::out_of_range exception in PCLPointCloud2::at. This issue could potentially be exploited to cause a denial-of-service (DoS) attack... |
| CVE-2024-48288 | 2024-11-21 | TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend. |