Lista CVE - 2024 / Novembre
Visualizzazione 601 - 700 di 4054 CVE per Novembre 2024 (Pagina 7 di 41)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-49772 | 2024-11-05 | Authenticated SQL injection in AM_ProjectTemplates controller in SuiteCRM |
| CVE-2024-49773 | 2024-11-05 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SuiteCRM |
| CVE-2024-49774 | 2024-11-05 | ModuleScanner flaws in SuiteCRM |
| CVE-2024-0134 | 2024-11-05 | NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host.... |
| CVE-2024-50332 | 2024-11-05 | Authenticated Blind SQL Injection in DeleteRelationShip in SuiteCRM |
| CVE-2024-50333 | 2024-11-05 | RCE in ModuleBuilder in SuiteCRM |
| CVE-2024-50335 | 2024-11-05 | Authenticated XSS in "Publish Key" Field Allowing Unauthorized Administrator User Creation in SuiteCRM |
| CVE-2024-51735 | 2024-11-05 | Stored Cross-site Scripting to RCE on Osmedeus Web Server |
| CVE-2024-51746 | 2024-11-05 | Use of incorrect Rekor entries during verification in gitsign |
| CVE-2024-51753 | 2024-11-05 | Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-remix |
| CVE-2024-51752 | 2024-11-05 | Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-nextjs |
| CVE-2024-7995 | 2024-11-05 | Autodesk VRED Design Privilege Escalation Vulnerability |
| CVE-2024-51745 | 2024-11-05 | Wasmtime doesn't fully sandbox all the Windows device filenames |
| CVE-2024-10084 | 2024-11-05 | Contact Form 7 – Dynamic Text Extension <= 4.5 - Information Disclosure via Shortcode |
| CVE-2024-51756 | 2024-11-05 | cap-std doesn't fully sandbox all the Windows device filenames |
| CVE-2024-42509 | 2024-11-05 | Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol |
| CVE-2024-47460 | 2024-11-05 | Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol |
| CVE-2024-47461 | 2024-11-05 | Authenticated Arbitrary Remote Command Execution (RCE) in Instant AOS-8 and AOS-10 |
| CVE-2024-47462 | 2024-11-05 | Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE) |
| CVE-2024-47463 | 2024-11-05 | Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE) |
| CVE-2024-47464 | 2024-11-05 | Authenticated Path Traversal Vulnerability Leads to a Remote Unauthorized Access to Files |
| CVE-2024-10028 | 2024-11-05 | Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin <= 2.2.13 - Sensitive Invormation Disclosure via procstat Log |
| CVE-2024-48325 | 2024-11-06 | Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDocuments" function of the "InstituicaoDocumentacaoController" class. The "instituicao_id" parameter in "/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao_id" is not properly sanitized, allowing an unauthenticated remote attacker... |
| CVE-2024-50637 | 2024-11-06 | UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used... |
| CVE-2024-51409 | 2024-11-06 | Buffer Overflow vulnerability in Tenda O3 v.1.0.0.5 allows a remote attacker to cause a denial of service via a network packet in a fixed format to a router running the... |
| CVE-2024-10647 | 2024-11-06 | WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.9.244 - Reflected Cross-Site Scripting via URL |
| CVE-2024-34673 | 2024-11-06 | Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service. |
| CVE-2024-34674 | 2024-11-06 | Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles. |
| CVE-2024-34675 | 2024-11-06 | Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen. |
| CVE-2024-34676 | 2024-11-06 | Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability. |
| CVE-2024-34677 | 2024-11-06 | Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate. |
| CVE-2024-34678 | 2024-11-06 | Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. |
| CVE-2024-34679 | 2024-11-06 | Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege. |
| CVE-2024-34680 | 2024-11-06 | Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information. |
| CVE-2024-34681 | 2024-11-06 | Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch. |
| CVE-2024-34682 | 2024-11-06 | Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode. |
| CVE-2024-49401 | 2024-11-06 | Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities. |
| CVE-2024-49402 | 2024-11-06 | Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles. |
| CVE-2024-49403 | 2024-11-06 | Improper access control in Samsung Voice Recorder prior to version 21.5.40.37 allows physical attackers to access recording files on the lock screen. |
| CVE-2024-49404 | 2024-11-06 | Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file... |
| CVE-2024-49405 | 2024-11-06 | Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario. |
| CVE-2024-49406 | 2024-11-06 | Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability. |
| CVE-2024-49407 | 2024-11-06 | Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles. |
| CVE-2024-49408 | 2024-11-06 | Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability. |
| CVE-2024-49409 | 2024-11-06 | Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this... |
| CVE-2024-7879 | 2024-11-06 | WP ULike < 4.7.5 - Admin+ Stored XSS via Widgets |
| CVE-2024-9934 | 2024-11-06 | Wp-ImageZoom <= 1.1.0 - Reflected XSS |
| CVE-2024-9307 | 2024-11-06 | mFolio Lite <= 1.2.1 - Missing Authorization to Authenticated (Author+) File Upload via EXE and SVG Files |
| CVE-2024-10535 | 2024-11-06 | Video Gallery for WooCommerce <= 1.31 - Missing Authorization to Unauthenticated Limited File Deletion |
| CVE-2024-10020 | 2024-11-06 | Heateor Social Login WordPress <= 1.1.35 - Authentication Bypass via Disqus OAuth provider |
| CVE-2024-10543 | 2024-11-06 | Tumult Hype Animations <= 1.9.14 - Missing Authorization |
| CVE-2024-9946 | 2024-11-06 | Social Share, Social Login and Social Comments Plugin – Super Socializer <= 7.13.68 - Authentication Bypass via Disqus OAuth provider |
| CVE-2024-6626 | 2024-11-06 | EleForms – All In One Form Integration including DB for Elementor <= 2.9.9.9 - Missing Authorization |
| CVE-2024-9681 | 2024-11-06 | HSTS subdomain overwrites parent cache entry |
| CVE-2024-52043 | 2024-11-06 | User enumeration in HubHub |
| CVE-2024-8614 | 2024-11-06 | WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-8615 | 2024-11-06 | WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload |
| CVE-2024-9902 | 2024-11-06 | Ansible-core: ansible-core user may read/write unauthorized content |
| CVE-2024-10715 | 2024-11-06 | MapPress Maps for WordPress <= 2.94.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Map Block |
| CVE-2024-10168 | 2024-11-06 | Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via woot_button Shortcode |
| CVE-2024-8323 | 2024-11-06 | Pricing Tables WordPress Plugin – Easy Pricing Tables <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fontFamily Attribute |
| CVE-2024-10186 | 2024-11-06 | Event Post <= 5.9.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via events_cal Shortcode |
| CVE-2024-10914 | 2024-11-06 | D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection |
| CVE-2024-10915 | 2024-11-06 | D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L account_mgr.cgi cgi_user_add os command injection |
| CVE-2020-11859 | 2024-11-06 | Potential Cross Site Scripting vulnerability in OpenText iManager |
| CVE-2024-35146 | 2024-11-06 | IBM Maximo Application Suite cross-site scripting |
| CVE-2024-10081 | 2024-11-06 | CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass... |
| CVE-2024-10082 | 2024-11-06 | CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from... |
| CVE-2024-6861 | 2024-11-06 | Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api |
| CVE-2024-10916 | 2024-11-06 | D-Link DNS-320/DNS-320LW/DNS-325/DNS-340L HTTP GET Request info.xml information disclosure |
| CVE-2024-10919 | 2024-11-06 | didi Super-Jacoco triggerUnitCover os command injection |
| CVE-2024-10920 | 2024-11-06 | mariazevedo88 travels-java-api JWT Secret JwtAuthenticationTokenFilter.java doFilterInternal hard-coded key |
| CVE-2024-10826 | 2024-11-06 | Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security... |
| CVE-2024-10827 | 2024-11-06 | Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-20371 | 2024-11-06 | Cisco Nexus 3550-F Switches Access Control List Programming Vulnerability |
| CVE-2024-20476 | 2024-11-06 | Cisco Identity Services Engine Authorization Bypass Vulnerability |
| CVE-2024-20445 | 2024-11-06 | Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability |
| CVE-2024-20457 | 2024-11-06 | Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability |
| CVE-2024-20484 | 2024-11-06 | Cisco Enterprise Chat and Email Denial of Service Vulnerability |
| CVE-2024-20487 | 2024-11-06 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabiliy |
| CVE-2024-20504 | 2024-11-06 | Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerabilities |
| CVE-2024-20507 | 2024-11-06 | Cisco Meeting Management Information Disclosure Vulnerability |
| CVE-2024-20511 | 2024-11-06 | Cisco Unified Communications Manager Cross-Site Scripting Vulnerability |
| CVE-2024-20514 | 2024-11-06 | Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability |
| CVE-2024-20525 | 2024-11-06 | Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability |
| CVE-2024-20527 | 2024-11-06 | Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability |
| CVE-2024-20528 | 2024-11-06 | Cisco Identity Services Engine Path Traversal Vulnerability |
| CVE-2024-20529 | 2024-11-06 | Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability |
| CVE-2024-20530 | 2024-11-06 | Cisco Identity Services Engine Reflected Cross-Site Scripting Vulnerability |
| CVE-2024-20531 | 2024-11-06 | Cisco Identity Services Engine XML External Entity Injection Vulnerability |
| CVE-2024-20532 | 2024-11-06 | Cisco Identity Services Engine Arbitrary File Read and Delete Vulnerability |
| CVE-2024-20533 | 2024-11-06 | Cisco IP Phone 6800, 7800, 8800, and 9800 Series with Multiplatform Firmware Stored Cross-Site Scripting Vulnerabilities |
| CVE-2024-20534 | 2024-11-06 | Cisco IP Phone 6800, 7800, 8800, and 9800 Series with Multiplatform Firmware Stored Cross-Site Scripting Vulnerability |
| CVE-2024-20536 | 2024-11-06 | Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability |
| CVE-2024-20537 | 2024-11-06 | Cisco Identity Services Engine Authorization Bypass Vulnerability |
| CVE-2024-20538 | 2024-11-06 | Cisco Identity Services Engine Cross-Site Scripting Vulnerability |
| CVE-2024-20539 | 2024-11-06 | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability |
| CVE-2024-20540 | 2024-11-06 | Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability |
| CVE-2024-10318 | 2024-11-06 | NGINX OpenID Connect Vulnerability |
| CVE-2024-20418 | 2024-11-06 | Cisco Ultra-Reliable Wireless Backhaul Software Command Injection Vulnerability |