Lista CVE - 2024 / Settembre
Visualizzazione 1401 - 1500 di 2516 CVE per Settembre 2024 (Pagina 15 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-44133 | 2024-09-16 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15. On MDM managed devices, an app may be able to bypass certain Privacy... |
| CVE-2024-44125 | 2024-09-16 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to leak sensitive user information. |
| CVE-2024-40845 | 2024-09-16 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted video file may lead to unexpected app... |
| CVE-2024-44152 | 2024-09-16 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data. |
| CVE-2024-44168 | 2024-09-16 | A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify... |
| CVE-2024-44187 | 2024-09-16 | A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15,... |
| CVE-2024-44129 | 2024-09-16 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sequoia 15. An app may be able to leak sensitive user information. |
| CVE-2024-44191 | 2024-09-16 | This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, Xcode 16, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and... |
| CVE-2024-44190 | 2024-09-16 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to read... |
| CVE-2024-44128 | 2024-09-16 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An Automator Quick Action... |
| CVE-2024-44169 | 2024-09-16 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18... |
| CVE-2024-44186 | 2024-09-16 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. |
| CVE-2024-40852 | 2024-09-16 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent... |
| CVE-2024-44153 | 2024-09-16 | The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-sensitive data. |
| CVE-2024-40844 | 2024-09-16 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15.... |
| CVE-2024-44124 | 2024-09-16 | This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing. |
| CVE-2024-44132 | 2024-09-16 | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15. An app may be able to break out of its sandbox. |
| CVE-2024-40825 | 2024-09-16 | The issue was addressed with improved checks. This issue is fixed in visionOS 2, macOS Sequoia 15. A malicious app with root privileges may be able to modify the contents... |
| CVE-2024-44165 | 2024-09-16 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma... |
| CVE-2024-44149 | 2024-09-16 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data. |
| CVE-2024-40848 | 2024-09-16 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An attacker may be able to read... |
| CVE-2024-7387 | 2024-09-16 | Openshift/builder: path traversal allows command injection in privileged buildcontainer using docker build strategy |
| CVE-2024-45496 | 2024-09-16 | Openshift-controller-manager: elevated build pods can lead to node compromise in openshift |
| CVE-2024-46085 | 2024-09-17 | FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename |
| CVE-2024-46362 | 2024-09-17 | FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/create_directory |
| CVE-2024-47047 | 2024-09-17 | An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in... |
| CVE-2024-47049 | 2024-09-17 | The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for... |
| CVE-2024-8110 | 2024-09-17 | Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast... |
| CVE-2024-5170 | 2024-09-17 | Logo Manager For Enamad <= 0.7.1 - Admin+ Stored XSS via Widget |
| CVE-2024-8043 | 2024-09-17 | Vikinghammer Tweet <= 0.2.4 - Stored XSS via CSRF |
| CVE-2024-8044 | 2024-09-17 | infolinks Ad Wrap <= 1.0.2 - Settings Update via CSRF |
| CVE-2024-8047 | 2024-09-17 | Visual Sound (old) <= 1.06 - Settings Update via CSRF |
| CVE-2024-8051 | 2024-09-17 | Special Feed Items <= 1.0.1 - Stored XSS via CSRF |
| CVE-2024-8052 | 2024-09-17 | Review Ratings <= 1.6 - Stored XSS via CSRF |
| CVE-2024-8091 | 2024-09-17 | Enhanced Search Box <= 0.6.1 - Settings Update via CSRF |
| CVE-2024-8092 | 2024-09-17 | Accordion Image Menu <= 3.1.3 - Stored XSS via CSRF |
| CVE-2024-8093 | 2024-09-17 | Posts reminder <= 0.20 - Settings Update via CSRF |
| CVE-2024-8490 | 2024-09-17 | PropertyHive <= 2.0.19 - Cross-Site Request Forgery via save_account_details |
| CVE-2024-8761 | 2024-09-17 | Share This Image <= 2.03 - Open Redirect via link Parameter |
| CVE-2024-8767 | 2024-09-17 | Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for... |
| CVE-2024-5998 | 2024-09-17 | Deserialization of Untrusted Data in langchain-ai/langchain |
| CVE-2024-8897 | 2024-09-17 | Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address... |
| CVE-2024-7873 | 2024-09-17 | Stored XSS in Veribilim Software's Veribase Order Management |
| CVE-2024-21743 | 2024-09-17 | WordPress Houzez Login Register plugin <= 3.2.5 - Privilege Escalation vulnerability |
| CVE-2024-22303 | 2024-09-17 | WordPress Houzez theme <= 3.2.4 - Privilege Escalation vulnerability |
| CVE-2024-38860 | 2024-09-17 | Reflected links in error message facilitate phishing attacks |
| CVE-2021-27915 | 2024-09-17 | XSS Cross-site Scripting Stored (XSS) - Description field |
| CVE-2021-27916 | 2024-09-17 | Relative Path Traversal / Arbitrary File Deletion in Mautic (GrapesJS Builder) |
| CVE-2024-7788 | 2024-09-17 | Signatures in "repair mode" should not be trusted |
| CVE-2024-8768 | 2024-09-17 | Vllm: a completions api request with an empty prompt will crash the vllm api server. |
| CVE-2024-8939 | 2024-09-17 | Vllm: denials of service in vllm json web api |
| CVE-2024-8796 | 2024-09-17 | Insufficient Default OTP Shared Secret Length |
| CVE-2024-38812 | 2024-09-17 | Heap-overflow vulnerability |
| CVE-2024-38813 | 2024-09-17 | Privilege escalation vulnerability |
| CVE-2024-45682 | 2024-09-17 | Millbeck Communications Proroute H685t-w Command Injection. |
| CVE-2024-42501 | 2024-09-17 | Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE) |
| CVE-2024-42502 | 2024-09-17 | Authenticated Remote Command Execution (RCE) Vulnerability in the AOS Command Line Interface |
| CVE-2024-38380 | 2024-09-17 | Millbeck Communications Proroute H685t-w Cross-site Scripting. |
| CVE-2024-42503 | 2024-09-17 | Authenticated Remote Command Execution (RCE) Vulnerability in the Lua Package Within the AOS Command Line Interface (CLI) |
| CVE-2024-8944 | 2024-09-17 | code-projects Hospital Management System check_availability.php sql injection |
| CVE-2024-8945 | 2024-09-17 | CodeCanyon RISE Ultimate Project Manager save sql injection |
| CVE-2024-45798 | 2024-09-17 | Multiple Poisoned Pipeline Execution (PPE) vulnerabilities |
| CVE-2024-8660 | 2024-09-17 | Stored XSS in the "Top Navigator Bar" block |
| CVE-2024-8900 | 2024-09-17 | An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3,... |
| CVE-2024-38183 | 2024-09-17 | GroupMe Elevation of Privilege Vulnerability |
| CVE-2024-43460 | 2024-09-17 | Dynamics 365 Business Central Elevation of Privilege Vulnerability |
| CVE-2024-45803 | 2024-09-17 | Cross site scripting (XSS) Vulnerability on route /wireui/button?label=Content in wireui |
| CVE-2024-45612 | 2024-09-17 | Insert tag injection via canonical URL in Contao |
| CVE-2024-8946 | 2024-09-17 | MicroPython VFS Unmount vfs.c mp_vfs_umount heap-based overflow |
| CVE-2024-8947 | 2024-09-17 | MicroPython objarray.c use after free |
| CVE-2024-45384 | 2024-09-17 | Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack |
| CVE-2024-45537 | 2024-09-17 | Apache Druid: Users can provide MySQL JDBC properties not on allow list |
| CVE-2024-8948 | 2024-09-17 | MicroPython objint.c mpz_as_bytes heap-based overflow |
| CVE-2024-8949 | 2024-09-17 | SourceCodester Online Eyewear Shop Cart Content Master.php improper ownership management |
| CVE-2024-45606 | 2024-09-17 | Improper authorization on muting of alert rules in sentry |
| CVE-2024-45605 | 2024-09-17 | Improper authorization on deletion of user issue alert notifications in sentry |
| CVE-2024-45398 | 2024-09-17 | Remote command execution through file upload in contao/core-bundle |
| CVE-2024-45604 | 2024-09-17 | Directory traversal in the file selector widget in contao/core-bundle |
| CVE-2024-8956 | 2024-09-17 | PTZOptics NDI and SDI Cameras /cgi-bin/param.cgi Insufficient Authentication |
| CVE-2024-8951 | 2024-09-17 | SourceCodester Resort Reservation System manage_fee.php cross site scripting |
| CVE-2024-45811 | 2024-09-17 | server.fs.deny bypassed when using ?import&raw in vite |
| CVE-2024-45812 | 2024-09-17 | DOM Clobbering gadget found in vite bundled scripts that leads to XSS in Vite |
| CVE-2024-8957 | 2024-09-17 | PTZOptics NDI and SDI Cameras Command Injection via NTP Address Configuration |
| CVE-2024-46976 | 2024-09-17 | Circumvention of cross site scripting Protection in @backstage/plugin-techdocs-backend |
| CVE-2024-45816 | 2024-09-17 | Storage bucket Directory Traversal in @backstage/plugin-techdocs-backend |
| CVE-2024-45815 | 2024-09-17 | Prototype pollution in @backstage/plugin-catalog-backend |
| CVE-2024-8904 | 2024-09-17 | Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-8905 | 2024-09-17 | Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-8906 | 2024-09-17 | Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via... |
| CVE-2024-8907 | 2024-09-17 | Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary... |
| CVE-2024-8908 | 2024-09-17 | Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2024-8909 | 2024-09-17 | Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2024-46982 | 2024-09-17 | Cache Poisoning in next.js |
| CVE-2024-45452 | 2024-09-17 | WordPress Septera theme <= 1.5.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-45451 | 2024-09-17 | WordPress Roseta theme <= 1.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44051 | 2024-09-17 | WordPress Content Blocks (Custom Post Widget) plugin <= 3.3.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44050 | 2024-09-17 | WordPress Verbosa theme <= 1.2.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44004 | 2024-09-17 | WordPress WPCargo Track & Trace plugin <= 7.0.6 - SQL Injection vulnerability |
| CVE-2024-43978 | 2024-09-17 | WordPress Super Store Finder plugin < 6.9.8 - SQL Injection vulnerability |
| CVE-2024-43976 | 2024-09-17 | WordPress Super Store Finder plugin <= 6.9.7 - SQL Injection vulnerability |