Lista CVE - 2024 / Maggio
Visualizzazione 4501 - 4600 di 4994 CVE per Maggio 2024 (Pagina 46 di 50)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-5397 | 2024-05-27 | itsourcecode Online Student Enrollment System instructorSubjects.php sql injection |
| CVE-2024-5399 | 2024-05-27 | Openfind Mail2000 - OS Command Injection |
| CVE-2024-36384 | 2024-05-27 | Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is related to notification messages. |
| CVE-2024-35291 | 2024-05-27 | Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user... |
| CVE-2024-35297 | 2024-05-27 | Cross-site scripting vulnerability exists in WP Booking versions prior to 2.4.5. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who... |
| CVE-2024-5400 | 2024-05-27 | Openfind Mail2000 - OS Command Injection |
| CVE-2024-3939 | 2024-05-27 | Ditty < 3.1.36 - Author+ Stored XSS |
| CVE-2024-4529 | 2024-05-27 | Business Card <= 1.0.0 - Category Deletion via CSRF |
| CVE-2024-4530 | 2024-05-27 | Business Card <= 1.0.0 - Category Edit via CSRF |
| CVE-2024-4531 | 2024-05-27 | Business Card <= 1.0.0 - Card Edit via CSRF |
| CVE-2024-4532 | 2024-05-27 | Business Card <= 1.0.0 - Arbitrary Card Deletion via CSRF |
| CVE-2024-4533 | 2024-05-27 | KKProgressbar2 Free <= 1.1.4.2 - Admin+ SQL Injection |
| CVE-2024-4534 | 2024-05-27 | KKProgressbar2 Free <= 1.1.4.2 - Stored XSS via CSRF |
| CVE-2024-4535 | 2024-05-27 | KKProgressbar2 Free <= 1.1.4.2 - Progress Bar Deletion via CSRF |
| CVE-2024-3933 | 2024-05-27 | Eclipse Open J9 With -Xgc:concurrentScavenge on IBM Z, could write/read outside of a buffer |
| CVE-2024-5403 | 2024-05-27 | ASKEY 5G NR Small Cell - Command Injection |
| CVE-2024-26289 | 2024-05-27 | Remote Code Inclusion Vulnerability in Multiple PMB Versions |
| CVE-2024-27314 | 2024-05-27 | Stored XSS Vulnerability |
| CVE-2024-5035 | 2024-05-27 | TP-Link Archer C5400X - RFTest Unauthenticated Command Injection |
| CVE-2024-36383 | 2024-05-27 | An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding... |
| CVE-2023-6349 | 2024-05-27 | Heap overflow in libvpx |
| CVE-2024-5405 | 2024-05-27 | Multiple vulnerabilities in WinNMP from Wtriple |
| CVE-2024-5406 | 2024-05-27 | Multiple vulnerabilities in WinNMP from Wtriple |
| CVE-2024-5407 | 2024-05-27 | Code Injection vulnerability in RhinOS from SaltOS |
| CVE-2024-5408 | 2024-05-27 | Cross-site Scripting vulnerability in RhinOS from SaltOS |
| CVE-2024-5409 | 2024-05-27 | Cross-site Scripting vulnerability in RhinOS from SaltOS |
| CVE-2024-34477 | 2024-05-27 | configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability,... |
| CVE-2024-0851 | 2024-05-27 | SQLi in Grup Arge Energy and Control Systems's Smartpower |
| CVE-2024-32978 | 2024-05-27 | Kaminari Insecure File Permissions Vulnerability |
| CVE-2024-35219 | 2024-05-27 | OpenAPI Generator Online - Arbitrary File Read/Delete |
| CVE-2024-35229 | 2024-05-27 | ZKsync Era evaluation order of Yul function arguments |
| CVE-2022-4969 | 2024-05-27 | bwoodsend rockhopper Binary Parser ragged_array.c count_rows buffer overflow |
| CVE-2024-35231 | 2024-05-27 | rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter |
| CVE-2024-35236 | 2024-05-27 | Audiobookshelf Cross-Site-Scripting vulnerability via crafted ebooks |
| CVE-2024-35237 | 2024-05-27 | MIT IdentiBot User-Kerberos Mapping Publicly Available |
| CVE-2024-35238 | 2024-05-27 | Denial of service of Minder Server from maliciously crafted GitHub attestations |
| CVE-2024-36105 | 2024-05-27 | dbt allows Binding to an Unrestricted IP Address via socketsocket |
| CVE-2024-27310 | 2024-05-27 | DOS Vulnerability |
| CVE-2024-36036 | 2024-05-27 | Insufficient Access Control Vulnerability |
| CVE-2024-36037 | 2024-05-27 | Insufficient Access Control Vulnerability |
| CVE-2024-35181 | 2024-05-27 | GHSL-2024-013 Meshery SQL Injection vulnerability |
| CVE-2024-35182 | 2024-05-27 | GHSL-2024-014 Meshery SQL Injection vulnerability |
| CVE-2024-34923 | 2024-05-27 | In Avocent DSR2030 Appliance firmware 03.04.00.07 before 03.07.01.23, and SVIP1020 Appliance firmware 01.06.00.03 before 01.07.00.00, there is reflected cross-site scripting (XSS). |
| CVE-2024-29415 | 2024-05-27 | The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic.... |
| CVE-2024-36428 | 2024-05-27 | OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection. |
| CVE-2024-28880 | 2024-05-27 | Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the product. |
| CVE-2024-29078 | 2024-05-27 | Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the... |
| CVE-2023-30312 | 2024-05-28 | An issue discovered in OpenWrt 18.06, 19.07, 21.02, 22.03, and beyond allows off-path attackers to hijack TCP sessions, which could lead to a denial of service, impersonating the client to... |
| CVE-2024-32944 | 2024-05-28 | Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary... |
| CVE-2024-28886 | 2024-05-28 | OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file (.ust file), an arbitrary OS command may... |
| CVE-2022-48681 | 2024-05-28 | Some Huawei smart speakers have a memory overflow vulnerability. Successful exploitation of this vulnerability may cause certain functions to fail. |
| CVE-2023-52547 | 2024-05-28 | Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at... |
| CVE-2023-52548 | 2024-05-28 | Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26) Arbitrary Memory Corruption in SMI Handler of ThisiServicesSmm SMM module. This can be leveraged by a malicious OS attacker to corrupt arbitrary SMRAM memory... |
| CVE-2023-52710 | 2024-05-28 | Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn’t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can... |
| CVE-2023-52711 | 2024-05-28 | Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to... |
| CVE-2023-52712 | 2024-05-28 | Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to... |
| CVE-2024-5410 | 2024-05-28 | Stored Cross-Site Scripting |
| CVE-2024-5411 | 2024-05-28 | Command Injection |
| CVE-2024-28793 | 2024-05-28 | IBM Engineering Workflow Management cross-site scripting |
| CVE-2024-2199 | 2024-05-28 | 389-ds-base: malformed userpassword may cause crash at do_modify in slapd/modify.c |
| CVE-2023-37411 | 2024-05-28 | IBM Aspera Faspex cross-site scripting |
| CVE-2024-5413 | 2024-05-28 | Cross-Site Scripting (XSS) vulnerability on PhpMyBackupPro |
| CVE-2024-5414 | 2024-05-28 | Cross-Site Scripting (XSS) vulnerability on PhpMyBackupPro |
| CVE-2024-5415 | 2024-05-28 | Cross-Site Scripting (XSS) vulnerability on PhpMyBackupPro |
| CVE-2024-3657 | 2024-05-28 | 389-ds-base: potential denial of service via specially crafted kerberos as-req request |
| CVE-2024-5428 | 2024-05-28 | SourceCodester Simple Online Bidding System HTTP POST Request save_product cross-site request forgery |
| CVE-2024-29072 | 2024-05-28 | A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can... |
| CVE-2024-22181 | 2024-05-28 | An out-of-bounds write vulnerability exists in the readNODE functionality of libigl v2.5.0. A specially crafted .node file can lead to an out-of-bounds write. An attacker can provide a malicious file... |
| CVE-2024-24684 | 2024-05-28 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious... |
| CVE-2024-24685 | 2024-05-28 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious... |
| CVE-2024-24686 | 2024-05-28 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious... |
| CVE-2024-24583 | 2024-05-28 | Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file... |
| CVE-2024-24584 | 2024-05-28 | Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file... |
| CVE-2024-23947 | 2024-05-28 | Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a... |
| CVE-2024-23948 | 2024-05-28 | Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a... |
| CVE-2024-23949 | 2024-05-28 | Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a... |
| CVE-2024-23950 | 2024-05-28 | Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a... |
| CVE-2024-23951 | 2024-05-28 | Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a... |
| CVE-2023-49600 | 2024-05-28 | An out-of-bounds write vulnerability exists in the PlyFile ply_cast_ascii functionality of libigl v2.5.0. A specially crafted .ply file can lead to a heap buffer overflow. An attacker can provide a... |
| CVE-2023-35949 | 2024-05-28 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to... |
| CVE-2023-35950 | 2024-05-28 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to... |
| CVE-2023-35951 | 2024-05-28 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to... |
| CVE-2023-35952 | 2024-05-28 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to... |
| CVE-2023-35953 | 2024-05-28 | Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp functionality of libigl v2.4.0. A specially-crafted .off file can lead to a buffer overflow. An attacker can arbitrary code execution to... |
| CVE-2024-2451 | 2024-05-28 | Improper fingerprint validation in the TeamViewer Client |
| CVE-2024-35397 | 2024-05-28 | TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted... |
| CVE-2024-35398 | 2024-05-28 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules. |
| CVE-2024-3969 | 2024-05-28 | XML External Entity injection vulnerability in iManager |
| CVE-2024-4429 | 2024-05-28 | Cross Site Request Forgery vulnerability in iManager |
| CVE-2024-35399 | 2024-05-28 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth |
| CVE-2024-5274 | 2024-05-28 | Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-35400 | 2024-05-28 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules |
| CVE-2024-33849 | 2024-05-28 | ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key. |
| CVE-2024-35324 | 2024-05-28 | Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/server/preview.php. |
| CVE-2024-23601 | 2024-05-28 | A code injection vulnerability exists in the scan_lib.bin functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted scan_lib.bin can lead to arbitrary code execution. An attacker can provide a malicious file... |
| CVE-2024-21785 | 2024-05-28 | A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of network requests can lead to unauthorized access. An attacker... |
| CVE-2024-23315 | 2024-05-28 | A read-what-where vulnerability exists in the Programming Software Connection IMM 01A1 Memory Read functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to a disclosure of sensitive... |
| CVE-2024-22187 | 2024-05-28 | A write-what-where vulnerability exists in the Programming Software Connection Remote Memory Diagnostics functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to an arbitrary write. An attacker... |
| CVE-2024-24962 | 2024-05-28 | A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker... |
| CVE-2024-24963 | 2024-05-28 | A stack-based buffer overflow vulnerability exists in the Programming Software Connection FileSelect functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted network packet can lead to stack-based buffer overflow. An attacker... |