Lista CVE - 2024 / Maggio
Visualizzazione 2401 - 2500 di 4994 CVE per Maggio 2024 (Pagina 25 di 50)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-46280 | 2024-05-14 | A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC... |
| CVE-2024-27939 | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files of any unauthenticated user. An attacker could leverage this... |
| CVE-2024-27940 | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker... |
| CVE-2024-27941 | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected client systems do not properly sanitize input data before sending it to the SQL server. An... |
| CVE-2024-27942 | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any unauthenticated client to disconnect any active user from the server. An attacker could... |
| CVE-2024-27943 | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload generic files to the root installation directory of the... |
| CVE-2024-27944 | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow a privileged user to upload firmware files to the root installation directory of the... |
| CVE-2024-27945 | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import feature of the affected systems allow a privileged user to upload files to the root... |
| CVE-2024-27946 | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files overwrites files with the same name in the installation directory of the affected systems. The filename... |
| CVE-2024-27947 | 2024-05-14 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems could allow log messages to be forwarded to a specific client under certain circumstances. An... |
| CVE-2024-30206 | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All... |
| CVE-2024-30207 | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All... |
| CVE-2024-30208 | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All... |
| CVE-2024-30209 | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All... |
| CVE-2024-31484 | 2024-05-14 | A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communication (All versions < V06.02), ETA4 Ethernet Interface... |
| CVE-2024-31485 | 2024-05-14 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.30), SICORE Base system (All versions < V1.3.0). The web interface of affected devices is vulnerable to command... |
| CVE-2024-31486 | 2024-05-14 | A vulnerability has been identified in OPUPI0 AMQP/MQTT (All versions < V5.30). The affected devices stores MQTT client passwords without sufficient protection on the devices. An attacker with remote shell... |
| CVE-2024-31980 | 2024-05-14 | A vulnerability has been identified in Parasolid V35.1 (All versions < V35.1.256), Parasolid V36.0 (All versions < V36.0.210), Parasolid V36.1 (All versions < V36.1.185). The affected application contains an out... |
| CVE-2024-32055 | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing... |
| CVE-2024-32057 | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to... |
| CVE-2024-32058 | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an... |
| CVE-2024-32059 | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing... |
| CVE-2024-32060 | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing... |
| CVE-2024-32061 | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing... |
| CVE-2024-32062 | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to... |
| CVE-2024-32063 | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to... |
| CVE-2024-32064 | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing... |
| CVE-2024-32065 | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing... |
| CVE-2024-32066 | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing... |
| CVE-2024-32635 | 2024-05-14 | A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions... |
| CVE-2024-32636 | 2024-05-14 | A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions... |
| CVE-2024-32637 | 2024-05-14 | A vulnerability has been identified in JT2Go (All versions < V2312.0005), Teamcenter Visualization V14.2 (All versions < V14.2.0.12), Teamcenter Visualization V14.3 (All versions < V14.3.0.10), Teamcenter Visualization V2312 (All versions... |
| CVE-2024-32639 | 2024-05-14 | A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0011). The affected application contains an out of bounds write past the end of an allocated buffer... |
| CVE-2024-32740 | 2024-05-14 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains undocumented users and credentials. An attacker could misuse the credentials to compromise the... |
| CVE-2024-32741 | 2024-05-14 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and... |
| CVE-2024-32742 | 2024-05-14 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains an unrestricted USB port. An attacker with local access to the device could... |
| CVE-2024-33489 | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This... |
| CVE-2024-33490 | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure... |
| CVE-2024-33491 | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure... |
| CVE-2024-33492 | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure... |
| CVE-2024-33493 | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure... |
| CVE-2024-33494 | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All... |
| CVE-2024-33495 | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All... |
| CVE-2024-33496 | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All... |
| CVE-2024-33497 | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All... |
| CVE-2024-33498 | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All... |
| CVE-2024-33499 | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All... |
| CVE-2024-33577 | 2024-05-14 | A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the... |
| CVE-2024-33583 | 2024-05-14 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All... |
| CVE-2024-33647 | 2024-05-14 | A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an... |
| CVE-2024-34085 | 2024-05-14 | A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions... |
| CVE-2024-34086 | 2024-05-14 | A vulnerability has been identified in JT2Go (All versions < V2312.0001), Teamcenter Visualization V14.1 (All versions < V14.1.0.13), Teamcenter Visualization V14.2 (All versions < V14.2.0.10), Teamcenter Visualization V14.3 (All versions... |
| CVE-2024-34771 | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This... |
| CVE-2024-34772 | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 4). The affected applications contain an out of bounds read past the end of an allocated structure... |
| CVE-2024-34773 | 2024-05-14 | A vulnerability has been identified in Solid Edge (All versions < V224.0 Update 2). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could... |
| CVE-2024-32077 | 2024-05-14 | Apache Airflow: XSS vulnerability in Task Instance Log/Log Details |
| CVE-2024-4624 | 2024-05-14 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.20 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4473 | 2024-05-14 | Sydney Toolbox <= 1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via aThemes: Portfolio Widget |
| CVE-2024-4333 | 2024-05-14 | Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.3 - Authenticated (Contributor+) DOM-Based Cross-Site Scripting |
| CVE-2024-22267 | 2024-05-14 | VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code... |
| CVE-2024-22268 | 2024-05-14 | VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able... |
| CVE-2024-22269 | 2024-05-14 | VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged... |
| CVE-2024-22270 | 2024-05-14 | VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be... |
| CVE-2024-1913 | 2024-05-14 | An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. The vulnerability could potentially be exploited to perform... |
| CVE-2024-3372 | 2024-05-14 | MongoDB Server may have unexpected application behaviour due to invalid BSON |
| CVE-2024-3374 | 2024-05-14 | MongoDB Server (mongod) may crash when generating ftdc |
| CVE-2024-33863 | 2024-05-14 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/Cdn/GetFile local file inclusion. |
| CVE-2024-33864 | 2024-05-14 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation... |
| CVE-2024-33865 | 2024-05-14 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/{GUID] endpoints. |
| CVE-2024-33866 | 2024-05-14 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/{GUID] XSS. |
| CVE-2024-33867 | 2024-05-14 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is a hardcoded password salt. |
| CVE-2024-33868 | 2024-05-14 | An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection. |
| CVE-2024-1914 | 2024-05-14 | An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. The vulnerability could potentially be exploited to perform unauthorized actions by an... |
| CVE-2024-32977 | 2024-05-14 | OctoPrint Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled |
| CVE-2024-35009 | 2024-05-14 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6. |
| CVE-2024-35010 | 2024-05-14 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6. |
| CVE-2024-35011 | 2024-05-14 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close. |
| CVE-2024-35012 | 2024-05-14 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close. |
| CVE-2024-34355 | 2024-05-14 | TYPO3 vulnerable to an HTML Injection in the History Module |
| CVE-2024-34356 | 2024-05-14 | TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module |
| CVE-2024-34357 | 2024-05-14 | TYPO3 vulnerable to Cross-Site Scripting in ShowImageController |
| CVE-2024-34358 | 2024-05-14 | TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController |
| CVE-2024-4871 | 2024-05-14 | Foreman: host ssh key not being checked in remote execution |
| CVE-2024-34712 | 2024-05-14 | Oceanic allows unsanitized user input to lead to path traversal in URLs |
| CVE-2024-34713 | 2024-05-14 | sshproxy vulnerable to SSH option injection |
| CVE-2024-34256 | 2024-05-14 | OFCMS V1.1.2 is vulnerable to SQL Injection via the new table function. |
| CVE-2024-34714 | 2024-05-14 | Hoppscotch Extension responds to calls made by origins not in the domain list |
| CVE-2023-35841 | 2024-05-14 | WinFlash Driver Permissions Issue |
| CVE-2024-0762 | 2024-05-14 | Potential buffer overflow when handling UEFI variables |
| CVE-2024-1598 | 2024-05-14 | Potential buffer overflow when handling UEFI variables |
| CVE-2024-1486 | 2024-05-14 | Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices |
| CVE-2024-34914 | 2024-05-14 | php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain... |
| CVE-2024-34243 | 2024-05-14 | Konga v0.14.9 is vulnerable to Cross Site Scripting (XSS) via the username parameter. |
| CVE-2024-34950 | 2024-05-14 | D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module. |
| CVE-2024-34191 | 2024-05-14 | htmly v2.9.6 was discovered to contain an arbitrary file deletion vulnerability via the delete_post() function at admin.php. This vulnerability allows attackers to delete arbitrary files via a crafted request. |
| CVE-2024-34716 | 2024-05-14 | PrestaShop vulnerable to XSS via customer contact form in FO, through file upload |
| CVE-2024-34717 | 2024-05-14 | Anonymous PrestaShop customer can download other customers' invoices |
| CVE-2024-32349 | 2024-05-14 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mtu" parameters in the "cstecgi.cgi" binary. |
| CVE-2024-32350 | 2024-05-14 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecPsk" parameter in the "cstecgi.cgi" binary. |
| CVE-2024-32351 | 2024-05-14 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "mru" parameter in the "cstecgi.cgi" binary. |