Lista CVE - 2024 / Dicembre
Visualizzazione 2401 - 2500 di 3433 CVE per Dicembre 2024 (Pagina 25 di 35)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-25042 | 2024-12-18 | IBM Cognos Analytics cross-site scripting |
| CVE-2024-56051 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5 - Student+ Remote Code Execution (RCE) vulnerability |
| CVE-2024-56055 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary Directory Deletion vulnerability |
| CVE-2024-56049 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.2 - Subscriber+ Arbitrary File Deletion vulnerability |
| CVE-2024-54383 | 2024-12-18 | WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Broken Authentication vulnerability |
| CVE-2024-55953 | 2024-12-18 | Dataease Mysql JDBC Connection Parameters Not Verified Leads to Deserialization and Arbitrary File Read Vulnerability |
| CVE-2024-55952 | 2024-12-18 | Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability |
| CVE-2024-54381 | 2024-12-18 | WordPress Advance Menu Manager plugin <= 3.1.1 - Settings Change vulnerability |
| CVE-2024-56057 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary File Upload vulnerability |
| CVE-2024-56054 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability |
| CVE-2024-56052 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability |
| CVE-2024-56050 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ Arbitrary File Upload vulnerability |
| CVE-2024-56048 | 2024-12-18 | WordPress WPLMS plugin <= 1.9.9 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-56053 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.3 - Instructor+ SQL Injection vulnerability |
| CVE-2024-56047 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ SQL Injection vulnerability |
| CVE-2024-47038 | 2024-12-18 | In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed.... |
| CVE-2024-47039 | 2024-12-18 | OOB Read in the android.hardware.boot.IBootControl/default service |
| CVE-2024-47040 | 2024-12-18 | Use After Free in the android.hardware.radio.sap.ISap/slot2 service |
| CVE-2024-53269 | 2024-12-18 | Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy |
| CVE-2024-53270 | 2024-12-18 | HTTP/1: sending overload crashes when the request is reset beforehand in envoy |
| CVE-2024-53271 | 2024-12-18 | HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy |
| CVE-2024-52593 | 2024-12-18 | Missing validation allows spoofed "origin" links in Misskey |
| CVE-2024-52592 | 2024-12-18 | Missing validation allows spoofed poll updates in Misskey |
| CVE-2024-52591 | 2024-12-18 | Missing validation allows spoofed profiles and notes in Misskey |
| CVE-2024-12741 | 2024-12-18 | Deserialization Of Untrusted Data Vulnerability In NI DAQExpress Project File |
| CVE-2024-52590 | 2024-12-18 | Missing validation allows spoofed profiles in Misskey |
| CVE-2024-52579 | 2024-12-18 | Server-Side Request Forgery vulnerability in various APIs in Misskey |
| CVE-2024-49363 | 2024-12-18 | Uncontrolled Recursion and Asymmetric Resource Consumption (Amplification) in media/file proxy in Misskey |
| CVE-2024-51470 | 2024-12-18 | IBM MQ denial of service |
| CVE-2024-12686 | 2024-12-18 | Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA) |
| CVE-2024-56145 | 2024-12-18 | RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms |
| CVE-2024-45338 | 2024-12-18 | Non-linear parsing of case-insensitive content in golang.org/x/net/html |
| CVE-2024-56140 | 2024-12-18 | Bypass of CSRF Middleware in Astro |
| CVE-2024-12692 | 2024-12-18 | Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-12693 | 2024-12-18 | Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium... |
| CVE-2024-12694 | 2024-12-18 | Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-12695 | 2024-12-18 | Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security... |
| CVE-2022-40732 | 2024-12-18 | An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version... |
| CVE-2022-40733 | 2024-12-18 | An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version... |
| CVE-2024-39804 | 2024-12-18 | A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's access privileges, leading to a permission bypass. A malicious application could inject... |
| CVE-2024-41138 | 2024-12-18 | A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to... |
| CVE-2024-41145 | 2024-12-18 | A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to... |
| CVE-2024-41159 | 2024-12-18 | A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject... |
| CVE-2024-41165 | 2024-12-18 | A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject... |
| CVE-2024-42004 | 2024-12-18 | A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious... |
| CVE-2024-42220 | 2024-12-18 | A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook's access privileges, leading to a permission bypass. A malicious application could inject... |
| CVE-2024-43106 | 2024-12-18 | A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject... |
| CVE-2022-44514 | 2024-12-18 | Acrobat Reader | Use After Free (CWE-416) |
| CVE-2022-44515 | 2024-12-18 | Acrobat Reader | Out-of-bounds Read (CWE-125) |
| CVE-2022-44513 | 2024-12-18 | Acrobat Reader | Out-of-bounds Write (CWE-787) |
| CVE-2022-44520 | 2024-12-18 | Acrobat Reader | Use After Free (CWE-416) |
| CVE-2022-44516 | 2024-12-18 | Acrobat Reader | Out-of-bounds Read (CWE-125) |
| CVE-2022-44512 | 2024-12-18 | Acrobat Reader | Out-of-bounds Write (CWE-787) |
| CVE-2022-44519 | 2024-12-18 | Acrobat Reader | Use After Free (CWE-416) |
| CVE-2022-44517 | 2024-12-18 | Acrobat Reader | Out-of-bounds Read (CWE-125) |
| CVE-2022-44518 | 2024-12-18 | Acrobat Reader | Use After Free (CWE-416) |
| CVE-2023-21586 | 2024-12-18 | Acrobat Reader | NULL Pointer Dereference (CWE-476) |
| CVE-2021-20553 | 2024-12-18 | IBM Sterling B2B Integrator Standard Edition cross-site scripting |
| CVE-2021-29827 | 2024-12-18 | IBM InfoSphere Information Server clickjacking |
| CVE-2024-55603 | 2024-12-18 | Insufficient session invalidation in Kanboard |
| CVE-2024-54663 | 2024-12-19 | An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing... |
| CVE-2024-54790 | 2024-12-19 | A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter. |
| CVE-2024-54982 | 2024-12-19 | An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authentication via a crafted NAS message. NOTE: Quectel disputes this because the issue is in the chipset... |
| CVE-2024-54983 | 2024-12-19 | An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message. |
| CVE-2024-54984 | 2024-12-19 | An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message. NOTE: this is disputed by the supplier. |
| CVE-2024-55081 | 2024-12-19 | An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input. |
| CVE-2024-55082 | 2024-12-19 | A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request. |
| CVE-2024-55196 | 2024-12-19 | Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers. |
| CVE-2021-39081 | 2024-12-19 | IBM Cognos Analytics Mobile information disclosure |
| CVE-2022-33954 | 2024-12-19 | IBM Robotic Process Automation information disclosure |
| CVE-2023-30443 | 2024-12-19 | IBM Db2 denial of service |
| CVE-2024-35141 | 2024-12-19 | IBM Security Verify Access privilege escalation |
| CVE-2023-23357 | 2024-12-19 | QuLog Center |
| CVE-2023-23356 | 2024-12-19 | QuFirewall |
| CVE-2023-23354 | 2024-12-19 | QuLog Center |
| CVE-2022-27600 | 2024-12-19 | QTS, QuTS hero, QuTScloud |
| CVE-2022-27595 | 2024-12-19 | QVPN Device Client |
| CVE-2024-51532 | 2024-12-19 | Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification... |
| CVE-2024-10548 | 2024-12-19 | WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API |
| CVE-2024-12121 | 2024-12-19 | Broken Link Checker | Finder <= 2.5.0 - Authenticated (Author+) Blind Server-Side Request Forgery |
| CVE-2024-11984 | 2024-12-19 | SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type |
| CVE-2024-11740 | 2024-12-19 | Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-11768 | 2024-12-19 | Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files |
| CVE-2024-12560 | 2024-12-19 | Button Block – Get fully customizable & multi-functional buttons <= 1.1.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication |
| CVE-2024-4229 | 2024-12-19 | Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to... |
| CVE-2024-4230 | 2024-12-19 | External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a... |
| CVE-2020-12819 | 2024-12-19 | A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid... |
| CVE-2021-26093 | 2024-12-19 | An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the... |
| CVE-2024-12569 | 2024-12-19 | Sensitive Information in Driver’s Log File |
| CVE-2023-4617 | 2024-12-19 | Gaining remote control over Govee devices |
| CVE-2024-11616 | 2024-12-19 | Double-fetch heap overflow |
| CVE-2020-12820 | 2024-12-19 | Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the... |
| CVE-2020-15934 | 2024-12-19 | An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root... |
| CVE-2021-26115 | 2024-12-19 | An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via... |
| CVE-2024-12331 | 2024-12-19 | File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation |
| CVE-2024-12626 | 2024-12-19 | AutomatorWP <= 5.0.9 - Reflected Cross-Site Scripting via a-0-o-search_field_value |
| CVE-2024-37962 | 2024-12-19 | WordPress Fusion Page Builder plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-45818 | 2024-12-19 | Deadlock in x86 HVM standard VGA handling |
| CVE-2024-45819 | 2024-12-19 | libxl leaks data to PVH guests via ACPI tables |
| CVE-2021-32589 | 2024-12-19 | A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below,... |