Lista CVE - 2024 / Maggio
Visualizzazione 4701 - 4800 di 4994 CVE per Maggio 2024 (Pagina 48 di 50)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-42005 | 2024-05-29 | IBM Db2 on Cloud Pak for Data privilege escalation |
| CVE-2024-5185 | 2024-05-29 | Data Poisoning in EmbedAI |
| CVE-2024-25975 | 2024-05-29 | Arbitrary File Overwrite |
| CVE-2024-36362 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible |
| CVE-2024-36363 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible |
| CVE-2024-36364 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible |
| CVE-2024-36365 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent |
| CVE-2024-36366 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations |
| CVE-2024-36367 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible |
| CVE-2024-36368 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible |
| CVE-2024-36369 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible |
| CVE-2024-36370 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible |
| CVE-2024-36371 | 2024-05-29 | In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible |
| CVE-2024-36372 | 2024-05-29 | In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible |
| CVE-2024-36373 | 2024-05-29 | In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible |
| CVE-2024-36374 | 2024-05-29 | In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible |
| CVE-2024-36375 | 2024-05-29 | In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed |
| CVE-2024-36376 | 2024-05-29 | In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions |
| CVE-2024-36377 | 2024-05-29 | In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions |
| CVE-2024-36378 | 2024-05-29 | In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens |
| CVE-2024-36470 | 2024-05-29 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases |
| CVE-2024-4358 | 2024-05-29 | Registration Authentication Bypass Vulnerability |
| CVE-2024-35333 | 2024-05-29 | A stack-buffer-overflow vulnerability exists in the read_charset_decl function of html2xhtml 1.3. This vulnerability occurs due to improper bounds checking when copying data into a fixed-size stack buffer. An attacker can... |
| CVE-2024-28974 | 2024-05-29 | Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. |
| CVE-2023-46297 | 2024-05-29 | An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data... |
| CVE-2024-35283 | 2024-05-29 | A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting (XSS) attack due to insufficient input... |
| CVE-2024-35284 | 2024-05-29 | A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient... |
| CVE-2024-35311 | 2024-05-29 | Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control. |
| CVE-2024-31079 | 2024-05-29 | NGINX HTTP/3 QUIC vulnerability |
| CVE-2024-32760 | 2024-05-29 | NGINX HTTP/3 QUIC vulnerability |
| CVE-2024-35200 | 2024-05-29 | NGINX HTTP/3 QUIC vulnerability |
| CVE-2024-34161 | 2024-05-29 | NGINX HTTP/3 QUIC vulnerability |
| CVE-2024-34715 | 2024-05-29 | Partial Password Exposure Vulnerability in Fides Webserver Logs |
| CVE-2024-35512 | 2024-05-29 | An issue in hmq v1.5.5 allows attackers to cause a Denial of Service (DoS) via crafted requests. |
| CVE-2024-36016 | 2024-05-29 | tty: n_gsm: fix possible out-of-bounds in gsm0_receive() |
| CVE-2024-35434 | 2024-05-29 | Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow via the function rtp_check_packet at /sngrep/src/rtp.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-35492 | 2024-05-29 | Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy function at src/fmt.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-35221 | 2024-05-29 | Denial of service when publishing a package on rubygems.org |
| CVE-2024-36114 | 2024-05-29 | Decompressors can crash the JVM and leak memory content in Aircompressor |
| CVE-2024-5514 | 2024-05-30 | MinMax CMS - Hidden Functionality |
| CVE-2024-3726 | 2024-05-30 | Login Logout Register Menu <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'llrmloginlogout' Shortcode |
| CVE-2024-5223 | 2024-05-30 | Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.1 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2024-3190 | 2024-05-30 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.107 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Field |
| CVE-2024-3063 | 2024-05-30 | WPB Elementor Addons <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-3269 | 2024-05-30 | Download Monitor <= 4.9.13 - Missing Authorization |
| CVE-2024-2253 | 2024-05-30 | Testimonial Carousel For Elementor <= 10.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4218 | 2024-05-30 | AffiEasy <= 1.1.7 - Cross-Site Request Forgery to Various Actions |
| CVE-2024-3943 | 2024-05-30 | WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_addcomment |
| CVE-2024-3945 | 2024-05-30 | WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_manage() |
| CVE-2024-4356 | 2024-05-30 | List categories <= 0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-3947 | 2024-05-30 | WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings |
| CVE-2024-3946 | 2024-05-30 | WP To Do <= 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings |
| CVE-2024-3277 | 2024-05-30 | Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification |
| CVE-2024-5207 | 2024-05-30 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection |
| CVE-2024-5341 | 2024-05-30 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Heading Title Widget |
| CVE-2024-36267 | 2024-05-30 | Path traversal vulnerability exists in Redmine DMSF Plugin versions prior to 3.1.4. If this vulnerability is exploited, a logged-in user may obtain or delete arbitrary files on the server (within... |
| CVE-2024-5327 | 2024-05-30 | PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.19 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-5073 | 2024-05-30 | Essential Addons for Elementor <= 5.9.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Twitter Feed |
| CVE-2024-4422 | 2024-05-30 | Comparison Slider <= 1.0.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-2657 | 2024-05-30 | Font Farsi <= 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-4426 | 2024-05-30 | Comparison Slider <= 1.0.5 - Cross-Site Request Forgery |
| CVE-2024-2089 | 2024-05-30 | Remote Content Shortcode <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4427 | 2024-05-30 | Comparison Slider <= 1.0.5 - Missing Authorization |
| CVE-2024-4355 | 2024-05-30 | Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection <= 10.24 - Missing Authorization to Information Expsoure |
| CVE-2024-4668 | 2024-05-30 | Gum Elementor Addon <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price Table and Post Slider Widgets |
| CVE-2024-3583 | 2024-05-30 | Simple Like Page Plugin <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-5326 | 2024-05-30 | Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options Update |
| CVE-2024-5520 | 2024-05-30 | Cross-Site Scripting stored in Alkacon OpenCMS |
| CVE-2024-5521 | 2024-05-30 | Cross-Site Scripting stored in Alkacon OpenCMS |
| CVE-2022-43384 | 2024-05-30 | IBM Aspera Console cross-site scripting |
| CVE-2022-43575 | 2024-05-30 | IBM Aspera Console cross-site scripting |
| CVE-2022-43841 | 2024-05-30 | IBM Aspera Console information disclosure |
| CVE-2024-1100 | 2024-05-30 | SQLi in Vadi Corporate Information Systems' DIGIKENT GIS |
| CVE-2024-3584 | 2024-05-30 | Path Traversal in qdrant/qdrant |
| CVE-2024-36017 | 2024-05-30 | rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation |
| CVE-2024-5515 | 2024-05-30 | SourceCodester Stock Management System createBrand.php sql injection |
| CVE-2024-5516 | 2024-05-30 | itsourcecode Online Blood Bank Management System massage.php sql injection |
| CVE-2024-5517 | 2024-05-30 | itsourcecode Online Blood Bank Management System changepwd.php sql injection |
| CVE-2024-4330 | 2024-05-30 | Path Traversal in parisneo/lollms-webui |
| CVE-2024-36018 | 2024-05-30 | nouveau/uvmm: fix addr/range calcs for remap operations |
| CVE-2024-36019 | 2024-05-30 | regmap: maple: Fix cache corruption in regcache_maple_drop() |
| CVE-2024-3924 | 2024-05-30 | Code Injection in huggingface/text-generation-inference |
| CVE-2024-36020 | 2024-05-30 | i40e: fix vf may be used uninitialized in this function warning |
| CVE-2024-36021 | 2024-05-30 | net: hns3: fix kernel crash when devlink reload during pf initialization |
| CVE-2024-35504 | 2024-05-30 | A cross-site scripting (XSS) vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter... |
| CVE-2024-36023 | 2024-05-30 | Julia Lawall reported this null pointer dereference, this should fix it. |
| CVE-2024-36024 | 2024-05-30 | drm/amd/display: Disable idle reallow as part of command/gpint execution |
| CVE-2024-36025 | 2024-05-30 | scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() |
| CVE-2024-36026 | 2024-05-30 | drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 |
| CVE-2024-36027 | 2024-05-30 | btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer |
| CVE-2024-3301 | 2024-05-30 | Post-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024 |
| CVE-2024-3300 | 2024-05-30 | Pre-authentication Unsafe .NET object deserialization vulnerability affecting DELMIA Apriso Release 2019 through Release 2024 |
| CVE-2024-36028 | 2024-05-30 | mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() |
| CVE-2024-36029 | 2024-05-30 | mmc: sdhci-msm: pervent access to suspended controller |
| CVE-2024-36030 | 2024-05-30 | octeontx2-af: fix the double free in rvu_npc_freemem() |
| CVE-2023-52882 | 2024-05-30 | clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change |
| CVE-2024-36031 | 2024-05-30 | keys: Fix overwrite of key expiration on instantiation |
| CVE-2024-36032 | 2024-05-30 | Bluetooth: qca: fix info leak when fetching fw build id |
| CVE-2024-36033 | 2024-05-30 | Bluetooth: qca: fix info leak when fetching board id |
| CVE-2024-36880 | 2024-05-30 | Bluetooth: qca: add missing firmware sanity checks |