Lista CVE - 2024 / Dicembre
Visualizzazione 201 - 300 di 3433 CVE per Dicembre 2024 (Pagina 3 di 35)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-9423 | 2024-12-02 | In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of... |
| CVE-2018-9426 | 2024-12-02 | In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak... |
| CVE-2018-9429 | 2024-12-02 | In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of... |
| CVE-2018-9430 | 2024-12-02 | In prop2cfg of btif_storage.cc, there is a possible out of... |
| CVE-2018-9431 | 2024-12-02 | In OSUInfo of OSUInfo.java, there is a possible escalation of... |
| CVE-2018-9435 | 2024-12-02 | In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of... |
| CVE-2024-29404 | 2024-12-03 | An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3... |
| CVE-2024-46624 | 2024-12-03 | An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers... |
| CVE-2024-46625 | 2024-12-03 | An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint... |
| CVE-2024-50948 | 2024-12-03 | An issue in mochiMQTT v2.6.3 allows attackers to cause a... |
| CVE-2024-51114 | 2024-12-03 | An issue in Beijing Digital China Yunke Information Technology Co.Ltd... |
| CVE-2024-51363 | 2024-12-03 | Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to... |
| CVE-2024-53502 | 2024-12-03 | Seecms v4.8 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-53921 | 2024-12-03 | An issue was discovered in the installer in Samsung Magician... |
| CVE-2024-45757 | 2024-12-03 | An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04,... |
| CVE-2024-48080 | 2024-12-03 | An issue in aedes v0.51.2 allows attackers to cause a... |
| CVE-2018-9441 | 2024-12-03 | In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of... |
| CVE-2018-9449 | 2024-12-03 | In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of... |
| CVE-2024-8748 | 2024-12-03 | A buffer overflow vulnerability in the packet parser of the... |
| CVE-2024-9197 | 2024-12-03 | A post-authentication buffer overflow vulnerability in the parameter "action" of... |
| CVE-2024-9200 | 2024-12-03 | A post-authentication command injection vulnerability in the "host" parameter of... |
| CVE-2024-9694 | 2024-12-03 | CMSMasters Elementor Addon <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-45068 | 2024-12-03 | Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA |
| CVE-2024-10484 | 2024-12-03 | Spectra – WordPress Gutenberg Blocks <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget |
| CVE-2024-49410 | 2024-12-03 | Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1... |
| CVE-2024-49411 | 2024-12-03 | Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1... |
| CVE-2024-49412 | 2024-12-03 | Improper input validation in Settings prior to SMR Dec-2024 Release... |
| CVE-2024-49413 | 2024-12-03 | Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR... |
| CVE-2024-49414 | 2024-12-03 | Authentication Bypass Using an Alternate Path in Dex Mode prior... |
| CVE-2024-49415 | 2024-12-03 | Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1... |
| CVE-2024-49416 | 2024-12-03 | Use of implicit intent for sensitive communication in SmartThings prior... |
| CVE-2024-49417 | 2024-12-03 | Use of implicit intent for sensitive communication in Smart Touch... |
| CVE-2024-49418 | 2024-12-03 | Insufficient verification of url authenticity in GamingHub prior to version... |
| CVE-2024-49419 | 2024-12-03 | Insufficient verification of url authenticity in GamingHub prior to version... |
| CVE-2024-49420 | 2024-12-03 | Improper handling of responses in GamingHub prior to version 6.1.04.6... |
| CVE-2024-49421 | 2024-12-03 | Path traversal in Quick Share Agent prior to version 3.5.14.47... |
| CVE-2024-10893 | 2024-12-03 | WP Booking Calendar < 10.6.5 - Admin+ Stored XSS |
| CVE-2024-9058 | 2024-12-03 | Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget |
| CVE-2024-11453 | 2024-12-03 | WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11707 | 2024-12-03 | My auctions allegro <= 3.6.17 - Reflected Cross-Site Scripting |
| CVE-2024-11898 | 2024-12-03 | Scratch & Win – Giveaways and Contests <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11461 | 2024-12-03 | Form Data Collector <= 2.2.3 - Reflected Cross-Site Scripting |
| CVE-2024-11853 | 2024-12-03 | jAlbum Bridge <= 2.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via ar Parameter |
| CVE-2024-11805 | 2024-12-03 | Quick License Manager – WooCommerce Plugin <= 2.4.17 - Reflected Cross-Site Scripting |
| CVE-2024-11732 | 2024-12-03 | BP Profile Shortcodes Extra <= 2.6.0 - Authenticated (Contributor+) SQL Injection via tab Parameter |
| CVE-2024-11844 | 2024-12-03 | IdeaPush <= 8.71 - Missing Authorization to Board Term Deletion |
| CVE-2024-11866 | 2024-12-03 | BMLT Tabbed Map <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-45106 | 2024-12-03 | Apache Ozone: Improper authentication when generating S3 secrets |
| CVE-2024-11325 | 2024-12-03 | AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting |
| CVE-2024-12062 | 2024-12-03 | Charity Addon for Elementor <= 1.3.2 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-11782 | 2024-12-03 | WP Mailster <= 1.8.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-47476 | 2024-12-03 | Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification... |
| CVE-2024-11326 | 2024-12-03 | Campaign Monitor Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting |
| CVE-2024-10074 | 2024-12-03 | Liteos_a has an use after free vulnerability |
| CVE-2024-12082 | 2024-12-03 | Ability Runtime has an out-of-bounds read permission bypass vulnerability |
| CVE-2024-42422 | 2024-12-03 | Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled... |
| CVE-2024-9978 | 2024-12-03 | Liteos_a has an out-of-bounds read vulnerability |
| CVE-2024-11200 | 2024-12-03 | Goodlayers Core <= 2.0.7 - Reflected Cross-Site Scripting via 'font-family' |
| CVE-2024-11391 | 2024-12-03 | Advanced File Manager <= 5.2.10 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-54000 | 2024-12-03 | Mobile Security Framework (MobSF) bypass of SSRF fix |
| CVE-2024-53999 | 2024-12-03 | Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality |
| CVE-2024-53257 | 2024-12-03 | Vitess allows HTML injection in /debug/querylogz & /debug/env |
| CVE-2021-29892 | 2024-12-03 | IBM Cognos Controller information disclosure |
| CVE-2024-25019 | 2024-12-03 | IBM Cognos Controller file upload |
| CVE-2024-40691 | 2024-12-03 | IBM Cognos Controller file upload |
| CVE-2024-25035 | 2024-12-03 | IBM Cognos Controller information disclosure |
| CVE-2024-25036 | 2024-12-03 | IBM Cognos Controller authentication bypass |
| CVE-2024-53863 | 2024-12-03 | Synapse can be forced to thumbnail unexpected file formats, invoking external, potentially untrustworthy decoders |
| CVE-2024-53867 | 2024-12-03 | Synapse Matrix has a partial room state leak via Sliding Sync |
| CVE-2024-52815 | 2024-12-03 | Synapse allows a a malformed invite to break the invitee's `/sync` |
| CVE-2024-52805 | 2024-12-03 | Synapse allows unsupported content types to lead to memory exhaustion |
| CVE-2024-37302 | 2024-12-03 | Synapse denial of service through media disk space consumption |
| CVE-2024-37303 | 2024-12-03 | Synapse unauthenticated writes to the media repository allow planting of problematic content |
| CVE-2024-45676 | 2024-12-03 | IBM Cognos Controller file upload |
| CVE-2024-41777 | 2024-12-03 | IBM Cognos Controller hard coded credentials |
| CVE-2024-41776 | 2024-12-03 | IBM Cognos Controller cross-site request forgery |
| CVE-2024-25020 | 2024-12-03 | IBM Cognos Controller file upload |
| CVE-2024-41775 | 2024-12-03 | IBM Cognos Controller information disclosure |
| CVE-2024-52544 | 2024-12-03 | Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow |
| CVE-2024-52545 | 2024-12-03 | Lorex 2K Indoor Wi-Fi Security Camera - Out of bounds heap read |
| CVE-2024-52546 | 2024-12-03 | Lorex 2K Indoor Wi-Fi Security Camera - Null pointer dereference |
| CVE-2024-52547 | 2024-12-03 | Lorex 2K Indoor Wi-Fi Security Camera - Stack buffer overflow |
| CVE-2024-52548 | 2024-12-03 | Lorex 2K Indoor Wi-Fi Security Camera - Code signing bypass |
| CVE-2024-12053 | 2024-12-03 | Type Confusion in V8 in Google Chrome prior to 131.0.6778.108... |
| CVE-2024-51771 | 2024-12-03 | Authenticated Remote Code Execution (RCE) via OGNL Injection in HPE Aruba Networking ClearPass Web-Based Management Interface |
| CVE-2024-51772 | 2024-12-03 | Authenticated Deserialization Vulnerability in ClearPass Policy Manager Web-Based Management Interface Leading to a Remote Command Execution (RCE) |
| CVE-2024-51773 | 2024-12-03 | Authenticated Stored Cross-Site Scripting (XSS) in HPE Aruba Networking ClearPass Policy Manager Web-based Management Interface |
| CVE-2024-53672 | 2024-12-03 | Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface |
| CVE-2024-54131 | 2024-12-03 | Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3) |
| CVE-2024-37574 | 2024-12-04 | The GriceMobile com.grice.call application 4.5.2 for Android enables any installed... |
| CVE-2024-37575 | 2024-12-04 | The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed... |
| CVE-2024-39163 | 2024-12-04 | binux pyspider up to v0.3.10 was discovered to contain a... |
| CVE-2024-39219 | 2024-12-04 | An issue in Aginode GigaSwitch V5 before version 7.06G allows... |
| CVE-2024-48453 | 2024-12-04 | An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to... |
| CVE-2024-50947 | 2024-12-04 | An issue in kmqtt v0.2.7 allows attackers to cause a... |
| CVE-2024-51210 | 2024-12-04 | Firepad through 1.5.11 allows remote attackers, who have knowledge of... |
| CVE-2024-52676 | 2024-12-04 | Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross... |
| CVE-2024-53614 | 2024-12-04 | A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows... |
| CVE-2024-54661 | 2024-12-04 | readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. |
| CVE-2024-54674 | 2024-12-04 | app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting... |