Lista CVE - 2024 / Settembre
Visualizzazione 1501 - 1600 di 2516 CVE per Settembre 2024 (Pagina 16 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-37985 | 2024-09-17 | Windows Kernel Information Disclosure Vulnerability |
| CVE-2024-43969 | 2024-09-17 | WordPress Spiffy Calendar plugin <= 4.9.12 - SQL Injection vulnerability |
| CVE-2024-44064 | 2024-09-17 | WordPress Like Button Rating LikeBtn plugin <= 2.6.54 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43977 | 2024-09-17 | WordPress The Plus Addons for Elementor plugin <= 5.6.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43985 | 2024-09-17 | WordPress Bus Ticket Booking with Seat Reservation plugin <= 5.3.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43938 | 2024-09-17 | WordPress Name Directory plugin <= 1.29.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44049 | 2024-09-17 | WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.7 - Authenticated Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44047 | 2024-09-17 | WordPress IMPress for IDX Broker plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44009 | 2024-09-17 | WordPress WCFM Marketplace <= 3.6.10 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44008 | 2024-09-17 | WordPress Geo Mashup plugin <= 1.13.12 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44007 | 2024-09-17 | WordPress SKT Templates – Elementor & Gutenberg templates plugin <= 6.14 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44005 | 2024-09-17 | WordPress Greenshift – animation and page builder blocks plugin <= 9.3.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44003 | 2024-09-17 | WordPress Spice Starter Sites plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44002 | 2024-09-17 | WordPress Team Showcase plugin <= 1.22.25 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44001 | 2024-09-17 | WordPress Royal Elementor Addons and Templates plugin <= 1.3.982 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43999 | 2024-09-17 | WordPress Ninja Forms plugin <= 3.8.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43995 | 2024-09-17 | WordPress Posterity theme <= 3.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43994 | 2024-09-17 | WordPress Kahuna theme <= 1.7.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43993 | 2024-09-17 | WordPress Liquido theme <= 1.0.1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43992 | 2024-09-17 | WordPress LatePoint plugin <= 4.9.91 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43991 | 2024-09-17 | WordPress Hotel Galaxy theme <= 4.4.24 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43988 | 2024-09-17 | WordPress Mystique theme <= 2.5.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43987 | 2024-09-17 | WordPress Sliding Door theme <= 3.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43983 | 2024-09-17 | WordPress Podlove Podcast Publisher plugin <= 4.1.13 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43975 | 2024-09-17 | WordPress Super Store Finder plugin <= 6.9.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43972 | 2024-09-17 | WordPress Page Builder: Pagelayer – Drag and Drop website builder plugin <= 1.8.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43971 | 2024-09-17 | WordPress Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin <= 3.2.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-43970 | 2024-09-17 | WordPress SureCart plugin <= 2.29.3 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2023-28451 | 2024-09-18 | An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of... |
| CVE-2023-28455 | 2024-09-18 | An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query loop using Technitium resolvers, launching amplification attacks and causing potential DoS. |
| CVE-2023-28456 | 2024-09-18 | An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other "golden model" software like BIND) and cause potential DoS. |
| CVE-2023-28457 | 2024-09-18 | An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful. |
| CVE-2023-30464 | 2024-09-18 | CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack. |
| CVE-2023-41610 | 2024-09-18 | Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext. |
| CVE-2023-41611 | 2024-09-18 | Victure PC420 1.1.39 was discovered to use a weak and partially hardcoded key to encrypt data. |
| CVE-2023-41612 | 2024-09-18 | Victure PC420 1.1.39 was discovered to use a weak encryption key for the file enabled_telnet.dat on the Micro SD card. |
| CVE-2023-47105 | 2024-09-18 | exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication. |
| CVE-2023-49203 | 2024-09-18 | Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a large-sized response... |
| CVE-2024-34057 | 2024-09-18 | Triangle Microworks TMW IEC 61850 Client source code libraries before 12.2.0 lack a buffer size check when processing received messages. The resulting buffer overflow can cause a crash, resulting in... |
| CVE-2024-34399 | 2024-09-18 | **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This... |
| CVE-2024-35515 | 2024-09-18 | Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code. |
| CVE-2024-39339 | 2024-09-18 | A vulnerability has been discovered in all versions of Smartplay headunits, which are widely used in Suzuki and Toyota cars. This misconfiguration can lead to information disclosure, leaking sensitive details... |
| CVE-2024-40568 | 2024-09-18 | Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont function in the src/mesh/pb_adv.c component |
| CVE-2024-44542 | 2024-09-18 | SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter. |
| CVE-2024-44589 | 2024-09-18 | Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code. |
| CVE-2024-45523 | 2024-09-18 | An issue was discovered in Bravura Security Fabric versions 12.3.x before 12.3.5.32784, 12.4.x before 12.4.3.35110, 12.5.x before 12.5.2.35950, 12.6.x before 12.6.2.37183, and 12.7.x before 12.7.1.38241. An unauthenticated attacker can cause... |
| CVE-2024-46086 | 2024-09-18 | FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/delete/123 |
| CVE-2024-46373 | 2024-09-18 | Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. |
| CVE-2024-46374 | 2024-09-18 | Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php. |
| CVE-2024-46375 | 2024-09-18 | Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php. |
| CVE-2024-46376 | 2024-09-18 | Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php. |
| CVE-2024-46377 | 2024-09-18 | Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php. |
| CVE-2024-46959 | 2024-09-18 | runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive... |
| CVE-2023-28452 | 2024-09-18 | An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for... |
| CVE-2024-39081 | 2024-09-18 | An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications. |
| CVE-2024-43024 | 2024-09-18 | Multiple stored cross-site scripting (XSS) vulnerabilities in RWS MultiTrans v7.0.23324.2 and earlier allow attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2024-43025 | 2024-09-18 | An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent... |
| CVE-2024-46372 | 2024-09-18 | DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. |
| CVE-2024-46550 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parameter at chglog.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46551 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46552 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow parameter at ipstrt.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46553 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46554 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46555 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46556 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46557 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46558 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46559 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter at inet15.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46560 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46561 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46564 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at fextobj.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46565 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at service.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46566 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at sslapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46567 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46568 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at vpn.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46571 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter at fwuser.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46580 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46581 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfName parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46582 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvAddr parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46583 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter at cgiapp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46584 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter at acontrol.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46585 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at usergrp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46586 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sCloudPass parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46588 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName parameter at wizfw.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46589 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sIpv6AiccuUser parameter at inetipv6.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46590 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46591 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46592 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46593 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at cgiswm.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46594 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46595 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at lan2lan.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46596 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x00.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46597 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2024-46598 | 2024-09-18 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter at dialin.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2022-39068 | 2024-09-18 | Buffer Overflow Vulnerability in ZTE MF296R |
| CVE-2024-45679 | 2024-09-18 | Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product. |
| CVE-2024-42404 | 2024-09-18 | SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database. |
| CVE-2024-45366 | 2024-09-18 | Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser. |
| CVE-2024-6641 | 2024-09-18 | WP Hardening – Fix Your WordPress Security <= 1.2.6 - Unauthenticated Security Feature Bypass to Username Enumeration |
| CVE-2024-41929 | 2024-09-18 | Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter... |