VULNMAP - Vulnerabilità di Sicurezza

Lista CVE - 2024 / Giugno

Visualizzazione 1301 - 1400 di 3082 CVE per Giugno 2024 (Pagina 14 di 31)

ID CVE Data Titolo
CVE-2024-5559 2024-06-12 CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a...
CVE-2024-0865 2024-06-12 CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.
CVE-2024-28762 2024-06-12 IBM Db2 denial of service
CVE-2024-31881 2024-06-12 IBM Db2 denial of service
CVE-2023-29267 2024-06-12 IBM Db2 denial of service
CVE-2024-5798 2024-06-12 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
CVE-2024-3467 2024-06-12 Deserialization of Untrusted Data in AVEVA PI Asset Framework Client
CVE-2024-3468 2024-06-12 Deserialization of Untrusted Data in AVEVA PI Web API
CVE-2024-4201 2024-06-12 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
CVE-2024-1963 2024-06-12 Uncontrolled Resource Consumption in GitLab
CVE-2024-1495 2024-06-12 Uncontrolled Resource Consumption in GitLab
CVE-2024-1736 2024-06-12 Uncontrolled Resource Consumption in GitLab
CVE-2023-35858 2024-06-13 XPath Injection vulnerabilities in the blog and RSS functions of Modern Campus - Omni CMS 2023.1 allow a remote, unauthenticated attacker to obtain application information.
CVE-2023-35860 2024-06-13 A Directory Traversal vulnerability in Modern Campus - Omni CMS 2023.1 allows a remote, unauthenticated attacker to enumerate file system information via the dir parameter to listing.php or rss.php.
CVE-2023-52890 2024-06-13 NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging.
CVE-2024-31777 2024-06-13 File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint.
CVE-2024-33253 2024-06-13 Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the...
CVE-2024-36586 2024-06-13 An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary.
CVE-2024-36587 2024-06-13 Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy.
CVE-2024-36588 2024-06-13 An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send messages erroneously attributed to arbitrary users via a crafted HTTP request.
CVE-2024-36589 2024-06-13 An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and DecentralizeJustice/anonBackend commit 57837 to cd815 was discovered to store credentials in plaintext.
CVE-2024-36647 2024-06-13 A stored cross-site scripting (XSS) vulnerability in Church CRM v5.8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Family Name parameter under...
CVE-2024-36760 2024-06-13 A stack overflow vulnerability was found in version 1.18.0 of rhai. The flaw position is: (/ SRC/rhai/SRC/eval/STMT. Rs in rhai: : eval: : STMT: : _ $LT $impl $u20 $rhai.....
CVE-2024-37630 2024-06-13 D-Link DIR-605L v2.13B01 was discovered to contain a hardcoded password vulnerability in /etc/passwd, which allows attackers to log in as root.
CVE-2024-37631 2024-06-13 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule.
CVE-2024-37633 2024-06-13 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiGuestCfg
CVE-2024-37635 2024-06-13 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiBasicCfg
CVE-2024-37849 2024-06-13 A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter.
CVE-2024-37877 2024-06-13 UERANSIM before 3.2.6 allows out-of-bounds read when a RLS packet is sent to gNodeB with malformed PDU length. This occurs in function readOctetString in src/utils/octet_view.cpp and in function DecodeRlsMessage in...
CVE-2024-38293 2024-06-13 ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php.
CVE-2023-35859 2024-06-13 A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters.
CVE-2024-31956 2024-06-13 An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write.
CVE-2024-32504 2024-06-13 An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor...
CVE-2024-37632 2024-06-13 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the password parameter in function loginAuth .
CVE-2024-37634 2024-06-13 TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid in the function setWiFiEasyCfg.
CVE-2024-38294 2024-06-13 ALCASAR before 3.6.1 allows email_registration_back.php remote code execution.
CVE-2024-38295 2024-06-13 ALCASAR before 3.6.1 allows still_connected.php remote code execution.
CVE-2024-3922 2024-06-13 Dokan Pro <= 3.10.3 - Unauthenticated SQL Injection
CVE-2024-2098 2024-06-13 Download Manager <= 3.2.89 - Improper Authorization via protectMediaLibrary
CVE-2024-5757 2024-06-13 Elementor Header & Footer Builder <= 1.6.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Title Widget
CVE-2024-5787 2024-06-13 PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Link Effects Widget
CVE-2024-5661 2024-06-13 Potential Denial of Service affecting XenServer and Citrix Hypervisor
CVE-2024-2762 2024-06-13 FooGallery < 2.4.15 - Author+ Stored XSS
CVE-2024-3032 2024-06-13 Themify Builder < 7.5.8 - Open Redirect
CVE-2024-3552 2024-06-13 Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
CVE-2024-4145 2024-06-13 Search & Replace < 3.2.2 - Admin+ SQL injection
CVE-2024-4149 2024-06-13 Floating Chat Widget < 3.2.3 - Admin+ Stored XSS
CVE-2024-4576 2024-06-13 TIBCO EBX File Inclusion Vulnerability
CVE-2024-5265 2024-06-13 WPBakery Page Builder <= 7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute
CVE-2024-4615 2024-06-13 Elespare – Blog, Magazine and Newspaper Addons for Elementor with Templates, Widgets, Kits, and Header/Footer Builder. One Click Import: No Coding Required! <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Horizontal Nav Menu Widget
CVE-2024-36232 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36199 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36161 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26055 2024-06-13 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-36195 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26081 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36210 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26057 2024-06-13 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-36185 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36155 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26086 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26068 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36208 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36191 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36203 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36227 2024-06-13 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-36219 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36226 2024-06-13 Adobe Experience Manager | Improper Input Validation (CWE-20)
CVE-2024-36167 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36176 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26113 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26091 2024-06-13 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-36152 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26054 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26058 2024-06-13 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-36182 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26117 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-36172 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36166 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36142 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36178 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26115 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26077 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36212 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26085 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36209 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36187 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36221 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26116 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)
CVE-2024-26049 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-26127 2024-06-13 Adobe Experience Manager | Improper Input Validation (CWE-20)
CVE-2024-36193 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36163 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36148 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36149 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36214 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36158 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36183 2024-06-13 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
CVE-2024-36164 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
CVE-2024-36216 2024-06-13 Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79)