Lista CVE - 2024 / Dicembre
Visualizzazione 401 - 500 di 3433 CVE per Dicembre 2024 (Pagina 5 di 35)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-12180 | 2024-12-04 | DedeCMS article_add.php cross site scripting |
| CVE-2024-12181 | 2024-12-04 | DedeCMS SWF File uploads_add.php cross site scripting |
| CVE-2024-53982 | 2024-12-04 | Arbitrary file download in Zoo-Project Echo Example |
| CVE-2024-12182 | 2024-12-04 | DedeCMS soft_add.php cross site scripting |
| CVE-2024-12183 | 2024-12-04 | DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting |
| CVE-2018-9397 | 2024-12-04 | In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution... |
| CVE-2018-9398 | 2024-12-04 | In fm_set_stat of mediatek FM radio driver, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2018-9399 | 2024-12-04 | In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for... |
| CVE-2018-9400 | 2024-12-04 | In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touchscreen/mediatek/GT1151/gt1x_generic.c and gt1x_tools.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege... |
| CVE-2024-54221 | 2024-12-04 | WordPress FAT Services Booking plugin <= 5.6 - Unauthenticated SQL Injection vulnerability |
| CVE-2018-9402 | 2024-12-04 | In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This could lead to escalation of privileges in the kernel. |
| CVE-2018-9403 | 2024-12-04 | In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege in a... |
| CVE-2024-12185 | 2024-12-04 | code-projects Hotel Management System Administrator Login Password stack-based overflow |
| CVE-2024-12186 | 2024-12-04 | code-projects Hotel Management System Available Room hotelnew.c stack-based overflow |
| CVE-2018-9404 | 2024-12-04 | In oemCallback of ril.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2018-9407 | 2024-12-04 | In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data. |
| CVE-2018-9408 | 2024-12-04 | In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of Bounds Read due to a missing bounds check. This could lead to a local information disclosure with System... |
| CVE-2018-9416 | 2024-12-04 | In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2018-9439 | 2024-12-04 | In __unregister_prot_hook and packet_release of af_packet.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges... |
| CVE-2018-9462 | 2024-12-04 | In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2018-9463 | 2024-12-04 | In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2023-48010 | 2024-12-05 | STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain... |
| CVE-2023-50913 | 2024-12-05 | Oxide control plane software before 5 allows SSRF. |
| CVE-2024-30961 | 2024-12-05 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. |
| CVE-2024-30962 | 2024-12-05 | Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process |
| CVE-2024-30963 | 2024-12-05 | Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script. |
| CVE-2024-30964 | 2024-12-05 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial_pose_sub thread created by... |
| CVE-2024-37860 | 2024-12-05 | Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_amcl process |
| CVE-2024-37861 | 2024-12-05 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted... |
| CVE-2024-37862 | 2024-12-05 | Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner... |
| CVE-2024-37863 | 2024-12-05 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted... |
| CVE-2024-38910 | 2024-12-05 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to... |
| CVE-2024-38920 | 2024-12-05 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggerd via remotely sending a request... |
| CVE-2024-41579 | 2024-12-05 | DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability |
| CVE-2024-53442 | 2024-12-05 | whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. |
| CVE-2024-53457 | 2024-12-05 | A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected... |
| CVE-2024-53470 | 2024-12-05 | Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/gateway_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id... |
| CVE-2024-53471 | 2024-12-05 | Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/meio_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id... |
| CVE-2024-53472 | 2024-12-05 | WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (CSRF). |
| CVE-2024-53490 | 2024-12-05 | Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java. |
| CVE-2024-53523 | 2024-12-05 | JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function. |
| CVE-2024-54679 | 2024-12-05 | CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. |
| CVE-2024-53589 | 2024-12-05 | GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files. |
| CVE-2024-12187 | 2024-12-05 | 1000 Projects Library Management System showbook.php sql injection |
| CVE-2024-12188 | 2024-12-05 | 1000 Projects Library Management System stu.php sql injection |
| CVE-2024-54014 | 2024-12-05 | Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead... |
| CVE-2024-10881 | 2024-12-05 | LUNA RADIO PLAYER <= 6.24.11.07 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-10178 | 2024-12-05 | Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget |
| CVE-2024-42195 | 2024-12-05 | HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection |
| CVE-2024-11429 | 2024-12-05 | Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials <= 3.3.3 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-10937 | 2024-12-05 | Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins <= 2.0.58 - Sensitive Information Exposure |
| CVE-2024-11420 | 2024-12-05 | Blocksy <= 2.0.77 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11341 | 2024-12-05 | Simple Redirection <= 1.5 - Cross-Site Request Forgery to Arbitrary Site Redirect |
| CVE-2024-10848 | 2024-12-05 | NewsMunch <= 1.0.35 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11779 | 2024-12-05 | WIP WooCarousel Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10056 | 2024-12-05 | Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode |
| CVE-2024-10777 | 2024-12-05 | AnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-11324 | 2024-12-05 | Accounting for WooCommerce <= 1.6.6 - Reflected Cross-Site Scripting |
| CVE-2024-45841 | 2024-12-05 | Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier. If an attacker with the guest account of the affected... |
| CVE-2024-47133 | 2024-12-05 | UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands. |
| CVE-2024-52564 | 2024-12-05 | Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of... |
| CVE-2022-41137 | 2024-12-05 | Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore |
| CVE-2024-52270 | 2024-12-05 | PDF Document Spoofing in DropBox Sign(HelloSign) |
| CVE-2024-54126 | 2024-12-05 | Insufficient Integrity Verification Vulnerability in TP-Link Archer C50 |
| CVE-2024-54127 | 2024-12-05 | Exposure of Wi-Fi Credentials in Plaintext in TP-Link Archer C50 |
| CVE-2024-6515 | 2024-12-05 | unauthorized file access |
| CVE-2024-6516 | 2024-12-05 | Cross Site Scripting XSS |
| CVE-2024-6784 | 2024-12-05 | SSRF Server Side Request Forgery |
| CVE-2024-11316 | 2024-12-05 | Filesize Check |
| CVE-2024-12094 | 2024-12-05 | Information Disclosure Vulnerability in Tinxy |
| CVE-2024-11317 | 2024-12-05 | PHP Session Fixation |
| CVE-2024-48839 | 2024-12-05 | Remote Code Execution, RCE |
| CVE-2024-48840 | 2024-12-05 | Unauthorized Access |
| CVE-2024-48843 | 2024-12-05 | Denial of Service, DoS |
| CVE-2024-48844 | 2024-12-05 | Denial of Service, DoS |
| CVE-2024-48845 | 2024-12-05 | Weak Password Rules/Strength |
| CVE-2024-48846 | 2024-12-05 | Cross Side Request Forgery, CSRF |
| CVE-2024-48847 | 2024-12-05 | MD5 bypass operation |
| CVE-2024-51541 | 2024-12-05 | Local File Inclusion |
| CVE-2024-51542 | 2024-12-05 | Configuration Download |
| CVE-2024-51543 | 2024-12-05 | Information Disclosure |
| CVE-2024-51544 | 2024-12-05 | Service Control |
| CVE-2024-51545 | 2024-12-05 | Username Enumeration |
| CVE-2024-51546 | 2024-12-05 | Credentails Disclosure |
| CVE-2024-51548 | 2024-12-05 | Dangerous File Upload |
| CVE-2024-51549 | 2024-12-05 | Absolute Path Traversal |
| CVE-2024-51550 | 2024-12-05 | Data Validation / Sanitization |
| CVE-2024-51551 | 2024-12-05 | Default Credentials |
| CVE-2024-51554 | 2024-12-05 | off-by-one-error |
| CVE-2024-51555 | 2024-12-05 | Force Change of Default Credentials |
| CVE-2024-12227 | 2024-12-05 | MSI Dragon Center IOCTL NTIOLib_X64.sys MmUnMapIoSpace null pointer dereference |
| CVE-2024-12228 | 2024-12-05 | PHPGurukul Complaint Management System user-search.php sql injection |
| CVE-2024-40763 | 2024-12-05 | Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code... |
| CVE-2024-45318 | 2024-12-05 | A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. |
| CVE-2024-45319 | 2024-12-05 | A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication. |
| CVE-2024-53702 | 2024-12-05 | Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the... |
| CVE-2024-52271 | 2024-12-05 | PDF Document Spoofing in Documenso |
| CVE-2024-53703 | 2024-12-05 | A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially... |
| CVE-2024-12229 | 2024-12-05 | PHPGurukul Complaint Management System complaint-search.php sql injection |
| CVE-2024-12230 | 2024-12-05 | PHPGurukul Complaint Management System subcategory.php sql injection |