Lista CVE - 2024 / Settembre
Visualizzazione 1001 - 1100 di 2516 CVE per Settembre 2024 (Pagina 11 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-8522 | 2024-09-12 | LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields' |
| CVE-2024-2010 | 2024-09-12 | Reflected XSS in TE Informatics' V5 Software |
| CVE-2024-8749 | 2024-09-12 | SQL Injection vulnerability in Idoit pro |
| CVE-2024-8750 | 2024-09-12 | Cross-site Scripting vulnerability in Idoit pro |
| CVE-2022-26322 | 2024-09-12 | Possible Insertion of Sensitive Information into Log File Vulnerability in Identity Manager |
| CVE-2021-38133 | 2024-09-12 | Possible Improper authentication Vulnerability in OpenText eDirectory |
| CVE-2021-38132 | 2024-09-12 | Possible External service interaction Vulnerability |
| CVE-2021-38131 | 2024-09-12 | Cross-Site Scripting (XSS) Vulnerability |
| CVE-2021-22533 | 2024-09-12 | Possible Insertion of Sensitive Information into Log File Vulnerability |
| CVE-2021-22532 | 2024-09-12 | Possible NLDAP Denial of Service attack Vulnerability |
| CVE-2021-22518 | 2024-09-12 | Sensitive Information logging in NetIQ Identity Manager Driver |
| CVE-2021-22503 | 2024-09-12 | Improper Neutralization of Input During Web Page Generation Vulnerability |
| CVE-2024-27320 | 2024-09-12 | An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim... |
| CVE-2024-27321 | 2024-09-12 | An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a... |
| CVE-2024-45857 | 2024-09-12 | Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system... |
| CVE-2024-45846 | 2024-09-12 | An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT... |
| CVE-2024-45847 | 2024-09-12 | An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted... |
| CVE-2024-45848 | 2024-09-12 | An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’... |
| CVE-2024-45849 | 2024-09-12 | An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with... |
| CVE-2024-45850 | 2024-09-12 | An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with... |
| CVE-2024-45851 | 2024-09-12 | An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with... |
| CVE-2024-45852 | 2024-09-12 | Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with. |
| CVE-2024-45853 | 2024-09-12 | Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used... |
| CVE-2024-3305 | 2024-09-12 | IDOR in Utarit Information's SoliClub |
| CVE-2024-45854 | 2024-09-12 | Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a... |
| CVE-2024-45855 | 2024-09-12 | Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using... |
| CVE-2024-45856 | 2024-09-12 | A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or... |
| CVE-2024-3306 | 2024-09-12 | IDOR in Utarit Information's SoliClub |
| CVE-2024-28990 | 2024-09-12 | SolarWinds Access Rights Manager (ARM) Hardcoded Credentials Authentication Bypass Vulnerability |
| CVE-2024-28991 | 2024-09-12 | SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution |
| CVE-2024-45824 | 2024-09-12 | FactoryTalk® View Site Edition Remote Code Execution Vulnerability via Lack of Input Validation |
| CVE-2024-42484 | 2024-09-12 | ESP-NOW OOB Vulnerability In Group Type Message |
| CVE-2024-42483 | 2024-09-12 | ESP-NOW Replay Attacks Vulnerability |
| CVE-2024-6510 | 2024-09-12 | Local privilege escalation vulnerability in AVG Internet Security |
| CVE-2024-45823 | 2024-09-12 | FactoryTalk® Batch View™ Authentication Bypass Vulnerability via shared secrets |
| CVE-2024-6700 | 2024-09-12 | Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. |
| CVE-2024-6701 | 2024-09-12 | Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. |
| CVE-2024-6702 | 2024-09-12 | Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. |
| CVE-2024-45825 | 2024-09-12 | 5015-U8IHFT Denial-of-Service Vulnerability via CIP Message |
| CVE-2024-45826 | 2024-09-12 | ThinManager® Code Execution Vulnerability |
| CVE-2024-6658 | 2024-09-12 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection. |
| CVE-2024-6840 | 2024-09-12 | Automation-controller: gain access to the k8s api server via job execution with container group |
| CVE-2024-8640 | 2024-09-12 | Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab |
| CVE-2024-8124 | 2024-09-12 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2024-6389 | 2024-09-12 | Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab |
| CVE-2024-6446 | 2024-09-12 | Business Logic Errors in GitLab |
| CVE-2024-5435 | 2024-09-12 | Generation of Error Message Containing Sensitive Information in GitLab |
| CVE-2024-4660 | 2024-09-12 | Missing Authorization in GitLab |
| CVE-2024-4612 | 2024-09-12 | URL Redirection to Untrusted Site ('Open Redirect') in GitLab |
| CVE-2024-2743 | 2024-09-12 | Incorrect Authorization in GitLab |
| CVE-2024-8635 | 2024-09-12 | Server-Side Request Forgery (SSRF) in GitLab |
| CVE-2024-8754 | 2024-09-12 | External Control of Critical State Data in GitLab |
| CVE-2024-8631 | 2024-09-12 | Privilege Defined With Unsafe Actions in GitLab |
| CVE-2024-8695 | 2024-09-12 | A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. |
| CVE-2024-8696 | 2024-09-12 | A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. |
| CVE-2024-45303 | 2024-09-12 | Discourse Calendar plugin event names susceptible to XSS |
| CVE-2024-45383 | 2024-09-12 | A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests... |
| CVE-2024-8641 | 2024-09-12 | Privilege Context Switching Error in GitLab |
| CVE-2024-6678 | 2024-09-12 | Authentication Bypass by Spoofing in GitLab |
| CVE-2024-4472 | 2024-09-12 | Insertion of Sensitive Information into Log File in GitLab |
| CVE-2024-8311 | 2024-09-12 | Improper Protection of Alternate Path in GitLab |
| CVE-2024-20430 | 2024-09-12 | Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability |
| CVE-2024-45607 | 2024-09-12 | whatsapp-api-js fails to validate message's signature |
| CVE-2024-6077 | 2024-09-12 | Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Vulnerable to DoS vulnerability via CIP |
| CVE-2024-8533 | 2024-09-12 | Rockwell Automation OptixPanel™ Privilege Escalation Vulnerability via File Permissions |
| CVE-2024-7960 | 2024-09-12 | Rockwell Automation Incorrect Privileges and Path Traversal Vulnerability in Pavilion8® |
| CVE-2024-7961 | 2024-09-12 | Rockwell Automation Path Traversal Vulnerability in Pavilion8® |
| CVE-2024-8751 | 2024-09-12 | Vulnerability in SICK MSC800 |
| CVE-2024-44430 | 2024-09-13 | SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface |
| CVE-2024-44685 | 2024-09-13 | Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring... |
| CVE-2024-44798 | 2024-09-13 | phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin/pass-bwdates-reports-details.php via fromdate and todate parameters. |
| CVE-2024-46044 | 2024-09-13 | CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function. |
| CVE-2024-46045 | 2024-09-13 | Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function. |
| CVE-2024-46046 | 2024-09-13 | Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function. |
| CVE-2024-46047 | 2024-09-13 | Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function. |
| CVE-2024-46048 | 2024-09-13 | Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i |
| CVE-2024-46049 | 2024-09-13 | Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function. |
| CVE-2024-39924 | 2024-09-13 | An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an... |
| CVE-2024-39925 | 2024-09-13 | An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated... |
| CVE-2024-39926 | 2024-09-13 | An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site scripting (XSS) or, due to the default CSP, HTML injection vulnerability has been discovered in the admin dashboard.... |
| CVE-2024-8762 | 2024-09-13 | code-projects Crud Operation System updatedata.php sql injection |
| CVE-2024-43180 | 2024-09-13 | IBM Concert information disclosure |
| CVE-2024-8656 | 2024-09-13 | WPFactory Helper <= 1.7.0 - Reflected Cross-Site Scripting |
| CVE-2024-46673 | 2024-09-13 | scsi: aacraid: Fix double-free on probe failure |
| CVE-2024-46674 | 2024-09-13 | usb: dwc3: st: fix probed platform device ref count on probe error path |
| CVE-2024-46675 | 2024-09-13 | usb: dwc3: core: Prevent USB core invalid event buffer address access |
| CVE-2024-46676 | 2024-09-13 | nfc: pn533: Add poll mod list filling check |
| CVE-2024-46677 | 2024-09-13 | gtp: fix a potential NULL pointer dereference |
| CVE-2024-46678 | 2024-09-13 | bonding: change ipsec_lock from spin lock to mutex |
| CVE-2024-46679 | 2024-09-13 | ethtool: check device is present when getting link settings |
| CVE-2024-46680 | 2024-09-13 | Bluetooth: btnxpuart: Fix random crash seen while removing driver |
| CVE-2024-46681 | 2024-09-13 | pktgen: use cpus_read_lock() in pg_net_init() |
| CVE-2024-46682 | 2024-09-13 | nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open |
| CVE-2024-46683 | 2024-09-13 | drm/xe: prevent UAF around preempt fence |
| CVE-2024-46684 | 2024-09-13 | binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined |
| CVE-2024-46685 | 2024-09-13 | pinctrl: single: fix potential NULL dereference in pcs_get_function() |
| CVE-2024-46686 | 2024-09-13 | smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() |
| CVE-2024-46687 | 2024-09-13 | btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() |
| CVE-2024-46688 | 2024-09-13 | erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails |
| CVE-2024-46689 | 2024-09-13 | soc: qcom: cmd-db: Map shared memory as WC, not WB |