Lista CVE - 2024 / Novembre
Visualizzazione 4001 - 4054 di 4054 CVE per Novembre 2024 (Pagina 41 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-11013 | 2024-11-29 | Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a... |
| CVE-2024-11014 | 2024-11-29 | Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack... |
| CVE-2024-50357 | 2024-11-29 | FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the... |
| CVE-2024-47094 | 2024-11-29 | Logging of sitesecret to automations log |
| CVE-2024-11990 | 2024-11-29 | Cross-Site Scripting (XSS) en SurgeMail de NetWin |
| CVE-2024-11992 | 2024-11-29 | Path traversal vulnerability in Quick.CMS |
| CVE-2024-49803 | 2024-11-29 | IBM Security Verify Access Appliance command execution |
| CVE-2024-49805 | 2024-11-29 | IBM Security Verify Access Appliance hard coded credentials |
| CVE-2024-49806 | 2024-11-29 | IBM Security Verify Access Appliance hard coded credentials |
| CVE-2024-49804 | 2024-11-29 | IBM Security Verify Access Appliance privilege escalation |
| CVE-2024-49360 | 2024-11-29 | Path traversal in Sandboxie |
| CVE-2024-52003 | 2024-11-29 | X-Forwarded-Prefix Header still allows for Open Redirect in traefik |
| CVE-2024-52800 | 2024-11-29 | Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI |
| CVE-2024-52801 | 2024-11-29 | Brute force takeover of OpenID Connect session cookies in sftpgo |
| CVE-2024-52809 | 2024-11-29 | Cross-site Scripting vulnerability with prototype pollution in vue-i18n |
| CVE-2024-52810 | 2024-11-29 | Prototype Pollution in @intlify/shared >=9.7.0 <= 10.0.4 |
| CVE-2024-53848 | 2024-11-29 | check-jsonschema default caching for remote schemas allows for cache confusion |
| CVE-2024-53861 | 2024-11-29 | Issuer field partial matches allowed in pyjwt |
| CVE-2024-53864 | 2024-11-29 | Cross-site Scripting in a field that is used in the Content name pattern in ibexa/admin-ui |
| CVE-2024-53865 | 2024-11-29 | Python package "zhmcclient" has passwords in clear text in its HMC and API logs |
| CVE-2024-53979 | 2024-11-29 | Ansible collection "ibm.ibm_zhmc" has passwords in clear text in log file and in output of some modules when specified as input |
| CVE-2024-53983 | 2024-11-29 | Server-side request forgery in Backstage Scaffolder plugin |
| CVE-2024-53980 | 2024-11-29 | Spoofed length byte traps CC2538 in endless loop |
| CVE-2024-11995 | 2024-11-29 | code-projects Farmacia pagamento.php cross site scripting |
| CVE-2024-43702 | 2024-11-30 | GPU DDK - MLIST/PM render state buffers writable allowing arbitrary writes to kernel memory pages |
| CVE-2024-43703 | 2024-11-30 | GPU DDK - Duplicate calls to RGXCreateFreeList on the same reservation leads to GPU UAF |
| CVE-2024-11252 | 2024-11-30 | Social Sharing Plugin – Sassy Social Share <= 3.3.69 - Reflected Cross-Site Scripting via heateor_mastodon_share Parameter |
| CVE-2024-11996 | 2024-11-30 | code-projects Farmacia editar-fornecedor.php cross site scripting |
| CVE-2024-11997 | 2024-11-30 | code-projects Farmacia vendas.php cross site scripting |
| CVE-2024-11998 | 2024-11-30 | code-projects Farmacia visualizer-forneccedor.chp sql injection |
| CVE-2024-12000 | 2024-11-30 | code-projects Blood Bank System Setting updatesettings.php cross site scripting |
| CVE-2024-12001 | 2024-11-30 | code-projects Wazifa System Setting updatesettings.php cross site scripting |
| CVE-2024-12002 | 2024-11-30 | Tenda FH451/FH1201/FH1202/FH1206 GetIPTV websReadEvent null pointer dereference |
| CVE-2024-53738 | 2024-11-30 | WordPress Asset CleanUp: Page Speed Booster plugin <=1.3.9.8 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-53739 | 2024-11-30 | WordPress Cryptocurrency Widgets For Elementor plugin <= 1.6.4 - Local File Inclusion vulnerability |
| CVE-2024-53768 | 2024-11-30 | WordPress Content Audit Exporter plugin <= 1.1 - Sensitive Data Exposure vulnerability |
| CVE-2024-53783 | 2024-11-30 | WordPress Ni WooCommerce Cost Of Goods plugin <= 3.2.8 - SQL Injection vulnerability |
| CVE-2024-53788 | 2024-11-30 | WordPress WordPress Portfolio Builder – Portfolio Gallery plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53787 | 2024-11-30 | WordPress Random Banner plugin <= 4.2.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53786 | 2024-11-30 | WordPress Cowidgets – Elementor Addons plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53778 | 2024-11-30 | WordPress Essential Breadcrumbs plugin <= 1.1.1 - CSRF to Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53774 | 2024-11-30 | WordPress Sparkle Elementor Kit plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53773 | 2024-11-30 | WordPress Znajdź Pracę z Praca.pl plugin <= 2.2.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53772 | 2024-11-30 | WordPress Mail Picker plugin <= 1.0.14 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53771 | 2024-11-30 | WordPress SimpleSchema plugin <= 1.7.6.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53767 | 2024-11-30 | WordPress Pixobe Cartography plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53766 | 2024-11-30 | WordPress Devnex Addons For Elementor plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53764 | 2024-11-30 | WordPress Softtemplates For Elementor plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53763 | 2024-11-30 | WordPress Best Addons for Elementor plugin <=1.0.5 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53760 | 2024-11-30 | WordPress Capitalize My Title WordPress plugin <= 0.5.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53758 | 2024-11-30 | WordPress WP MathJax plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53757 | 2024-11-30 | WordPress WP Find Your Nearest plugin <= 0.3.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53756 | 2024-11-30 | WordPress Vertical Carousel plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-45520 | 2024-12-01 | WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1 allows a remote Denial of Service because of memory corruption during scanning of a PE32 file. |
| CVE-2024-53752 | 2024-12-01 | WordPress Stripe Donation plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53750 | 2024-12-01 | WordPress PayPal Responder plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53749 | 2024-12-01 | WordPress Post Carousel Slider for Elementor plugin <= 1.4.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53748 | 2024-12-01 | WordPress WP Mermaid plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53747 | 2024-12-01 | WordPress Video Player for WPBakery plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53746 | 2024-12-01 | WordPress Elementor Button Plus plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53745 | 2024-12-01 | WordPress Social Sharing Buttons By Cosmos Farm plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53744 | 2024-12-01 | WordPress Elementor Image Gallery plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53743 | 2024-12-01 | WordPress Countdown Timer for Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53742 | 2024-12-01 | WordPress Multilevel Referral Affiliate Plugin for WooCommerce plugin <= 2.27 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-12007 | 2024-12-01 | code-projects Farmacia visualizar-produto.php sql injection |
| CVE-2024-31669 | 2024-12-02 | rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide. |
| CVE-2024-39343 | 2024-12-02 | An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not... |
| CVE-2024-39890 | 2024-12-02 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000,... |
| CVE-2024-52724 | 2024-12-02 | ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php. |
| CVE-2024-52732 | 2024-12-02 | Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of the zeqp system being reused. |
| CVE-2024-53364 | 2024-12-02 | A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious... |
| CVE-2024-53375 | 2024-12-02 | An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is... |
| CVE-2024-53459 | 2024-12-02 | Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter. |
| CVE-2024-53477 | 2024-12-02 | JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java |
| CVE-2024-53484 | 2024-12-02 | Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key. |
| CVE-2024-53564 | 2024-12-02 | A vulnerability was discovered in FreePBX 17.0.19.17. It does not verify the type of uploaded (valid FreePBX module) files, allowing high-privilege administrators to insert unwanted files. NOTE: the Supplier's position... |
| CVE-2024-53605 | 2024-12-02 | Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data. |
| CVE-2024-53617 | 2024-12-02 | A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in... |
| CVE-2024-53900 | 2024-12-02 | Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. |
| CVE-2024-53937 | 2024-12-02 | An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed... |
| CVE-2024-53938 | 2024-12-02 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account... |
| CVE-2024-53939 | 2024-12-02 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz... |
| CVE-2024-53940 | 2024-12-02 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted... |
| CVE-2024-53941 | 2024-12-02 | An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK... |
| CVE-2024-29645 | 2024-12-02 | Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function. |
| CVE-2024-53566 | 2024-12-02 | An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal. |
| CVE-2024-11856 | 2024-12-02 | HPE IceWall Products, Remote Unauthorized Data Modification |
| CVE-2024-20125 | 2024-12-02 | In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already... |
| CVE-2024-20129 | 2024-12-02 | In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2024-20128 | 2024-12-02 | In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2024-20127 | 2024-12-02 | In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2024-20130 | 2024-12-02 | In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20131 | 2024-12-02 | In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2024-20132 | 2024-12-02 | In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2024-20133 | 2024-12-02 | In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2024-20134 | 2024-12-02 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20135 | 2024-12-02 | In soundtrigger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20136 | 2024-12-02 | In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2024-20137 | 2024-12-02 | In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2024-20116 | 2024-12-02 | In cmdq, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |