Lista CVE - 2024 / Settembre
Visualizzazione 1801 - 1900 di 2516 CVE per Settembre 2024 (Pagina 19 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-8963 | 2024-09-19 | Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. |
| CVE-2024-47159 | 2024-09-19 | In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project |
| CVE-2024-47160 | 2024-09-19 | In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible |
| CVE-2024-47162 | 2024-09-19 | In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page |
| CVE-2024-9001 | 2024-09-19 | TOTOLINK T10 cstecgi.cgi setTracerouteCfg os command injection |
| CVE-2024-38221 | 2024-09-19 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-43496 | 2024-09-19 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2024-43489 | 2024-09-19 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2024-9003 | 2024-09-19 | Jinan Chicheng Company JFlow Attachment EntityMutliFile_Load.do AttachmentUploadController access control |
| CVE-2024-9004 | 2024-09-19 | D-Link DAR-7000 Backup_Server_commit.php os command injection |
| CVE-2024-9006 | 2024-09-19 | jeanmarc77 123solar config_invt1.php code injection |
| CVE-2024-9007 | 2024-09-19 | jeanmarc77 123solar detailed.php cross site scripting |
| CVE-2024-46984 | 2024-09-19 | XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator |
| CVE-2024-45614 | 2024-09-19 | Header normalization allows for client to clobber proxy set headers in Puma |
| CVE-2024-46983 | 2024-09-19 | Remote Command Execution(RCE) Vulnerbility in sofa-hessian |
| CVE-2024-45410 | 2024-09-19 | HTTP client can remove the X-Forwarded headers in Traefik |
| CVE-2023-27584 | 2024-09-19 | Dragonfly2 vulnerable to hard coded cyptographic key |
| CVE-2024-9008 | 2024-09-19 | SourceCodester Best Online News Portal Comment Section news-details.php sql injection |
| CVE-2024-47060 | 2024-09-19 | Unauthorized Access After Organization or Project Deactivation in Zitadel |
| CVE-2024-47000 | 2024-09-19 | Service Users Deactivation not Working in Zitadel |
| CVE-2024-46999 | 2024-09-19 | User Grant Deactivation not Working in Zitadel |
| CVE-2024-9009 | 2024-09-19 | code-projects Online Quiz Site showtest.php sql injection |
| CVE-2024-45810 | 2024-09-19 | Envoy crashes for LocalReply in http async client |
| CVE-2024-45809 | 2024-09-19 | Jwt filter crash in the clear route cache with remote JWKs in envoy |
| CVE-2024-45808 | 2024-09-19 | Malicious log injection via access logs in envoy |
| CVE-2024-45807 | 2024-09-19 | oghttp2 crash on OnBeginHeadersForStream in envoy |
| CVE-2024-45806 | 2024-09-19 | Potential manipulate `x-envoy` headers from external sources in envoy |
| CVE-2023-47480 | 2024-09-20 | An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function. |
| CVE-2024-37879 | 2024-09-20 | Improper input validation in /admin/config/save in User-friendly SVN (USVN) before v1.0.12 and below allows administrators to execute arbitrary code via the fields "siteTitle", "siteIco" and "siteLogo". |
| CVE-2024-42697 | 2024-09-20 | Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function. |
| CVE-2024-45489 | 2024-09-20 | Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however (because of misconfigured Firebase ACLs), it is possible to create... |
| CVE-2024-46101 | 2024-09-20 | GDidees CMS <= v3.9.1 has a file upload vulnerability. |
| CVE-2024-46103 | 2024-09-20 | SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. |
| CVE-2024-46640 | 2024-09-20 | SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although the system has a check function, the check function is not executed during execution, allowing remote... |
| CVE-2024-46644 | 2024-09-20 | eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via edit_file. |
| CVE-2024-46645 | 2024-09-20 | eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files. |
| CVE-2024-46646 | 2024-09-20 | eNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file. |
| CVE-2024-46647 | 2024-09-20 | eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via upload_files. |
| CVE-2024-46648 | 2024-09-20 | eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder. |
| CVE-2024-46649 | 2024-09-20 | eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder. |
| CVE-2024-46652 | 2024-09-20 | Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function. |
| CVE-2024-46654 | 2024-09-20 | A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2024-9011 | 2024-09-20 | code-projects Crud Operation System updata.php sql injection |
| CVE-2024-8853 | 2024-09-20 | Webo-facto <= 1.40 - Unauthenticated Privilege Escalation |
| CVE-2024-41721 | 2024-09-20 | bhyve(8) out-of-bounds read access via XHCI emulation |
| CVE-2024-9043 | 2024-09-20 | Cellopoint Secure Email Gateway - Buffer Overflow |
| CVE-2024-9030 | 2024-09-20 | CodeCanyon CRMGo SaaS note cross site scripting |
| CVE-2024-9031 | 2024-09-20 | CodeCanyon CRMGo SaaS show cross site scripting |
| CVE-2024-9032 | 2024-09-20 | SourceCodester Simple Forum-Discussion System index.php path traversal |
| CVE-2024-9033 | 2024-09-20 | SourceCodester Best House Rental Management System ajax.php cross site scripting |
| CVE-2024-9034 | 2024-09-20 | code-projects Patient Record Management System login.php sql injection |
| CVE-2024-9035 | 2024-09-20 | code-projects Blood Bank Management System Admin Login login.php sql injection |
| CVE-2024-9036 | 2024-09-20 | itsourcecode Online Bookstore admin_add.php unrestricted upload |
| CVE-2024-9037 | 2024-09-20 | Codezips Internal Marks Calculation index.php sql injection |
| CVE-2024-9038 | 2024-09-20 | Codezips Online Shopping Portal insert-product.php unrestricted upload |
| CVE-2024-9039 | 2024-09-20 | SourceCodester Best House Rental Management System ajax.php sql injection |
| CVE-2024-9040 | 2024-09-20 | code-projects Blood Bank Management System Password cleartext storage in a file or on disk |
| CVE-2024-9041 | 2024-09-20 | SourceCodester Best House Rental Management System ajax.php sql injection |
| CVE-2024-8612 | 2024-09-20 | Qemu-kvm: information leak in virtio devices |
| CVE-2024-45229 | 2024-09-20 | The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it... |
| CVE-2024-42346 | 2024-09-20 | Stored Cross Site Scripting (Stored XSS) in Galaxy |
| CVE-2024-42351 | 2024-09-20 | Possible Data Tampering & Loss of Public Datasets in Galaxy |
| CVE-2024-47062 | 2024-09-20 | Multiple SQL Injections and ORM Leak in navidrome |
| CVE-2024-47061 | 2024-09-20 | Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs |
| CVE-2024-45793 | 2024-09-20 | Cross-site Scripting from in Confidant API call |
| CVE-2024-47210 | 2024-09-21 | Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js. |
| CVE-2024-47219 | 2024-09-21 | An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows shell command injection. |
| CVE-2024-6785 | 2024-09-21 | MXview One and MXview One Central Manager Series store cleartext credentials in a local file |
| CVE-2024-6786 | 2024-09-21 | MXview One Series vulnerable to Path Traversal |
| CVE-2024-6787 | 2024-09-21 | MXview One Series vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition |
| CVE-2024-9048 | 2024-09-21 | y_project RuoYi Backend User Import SysUserServiceImpl.java SysUserServiceImpl cross site scripting |
| CVE-2024-8680 | 2024-09-21 | MailChimp for Wordpress <= 4.9.16 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-42323 | 2024-09-21 | Apache HertzBeat: RCE by snakeYaml deser load malicious xml |
| CVE-2024-9075 | 2024-09-21 | Stirling-Tools Stirling-PDF Markdown-to-PDF cross site scripting |
| CVE-2024-47218 | 2024-09-22 | An issue was discovered in vesoft NebulaGraph through 3.8.0. It allows bypassing authentication. |
| CVE-2024-47220 | 2024-09-22 | An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin... |
| CVE-2024-47221 | 2024-09-22 | CheckUser in ScadaServerEngine/MainLogic.cs in Rapid SCADA through 5.8.4 allows an empty password. |
| CVE-2024-47226 | 2024-09-22 | A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary... |
| CVE-2024-9076 | 2024-09-22 | DedeCMS article_string_mix.php os command injection |
| CVE-2024-9077 | 2024-09-22 | dingfangzu Order Checkout order.js cross site scripting |
| CVE-2024-9078 | 2024-09-22 | code-projects Student Record System course.php sql injection |
| CVE-2024-9079 | 2024-09-22 | code-projects Student Record System marks.php sql injection |
| CVE-2024-9080 | 2024-09-22 | code-projects Student Record System pincode-verification.php sql injection |
| CVE-2024-9081 | 2024-09-22 | SourceCodester Online Eyewear Shop view_category.php sql injection |
| CVE-2024-9085 | 2024-09-22 | code-projects Restaurant Reservation System index.php sql injection |
| CVE-2024-9082 | 2024-09-22 | SourceCodester Online Eyewear Shop User Creation Users.php improper authorization |
| CVE-2024-9083 | 2024-09-22 | SourceCodester Employee Management System add-admin.php cross site scripting |
| CVE-2024-9084 | 2024-09-22 | code-projects Blood Bank System bbms.php cross site scripting |
| CVE-2024-40703 | 2024-09-22 | IBM Cognos Analytics information disclosure |
| CVE-2024-9086 | 2024-09-22 | code-projects Restaurant Reservation System filter.php sql injection |
| CVE-2024-9087 | 2024-09-22 | code-projects Vehicle Management edit1.php sql injection |
| CVE-2024-9088 | 2024-09-22 | SourceCodester Telecom Billing Management System login buffer overflow |
| CVE-2024-9089 | 2024-09-22 | SourceCodester Modern Loan Management System update_loan_record.php cross site scripting |
| CVE-2024-9090 | 2024-09-22 | SourceCodester Modern Loan Management System search_member.php sql injection |
| CVE-2024-43989 | 2024-09-22 | WordPress Justified Image Grid plugin <= 4.6.1 - Unauthenticated Server Side Request Forgery (SSRF) vulnerability |
| CVE-2023-46948 | 2024-09-23 | A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp... |
| CVE-2024-34331 | 2024-09-23 | A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root. |
| CVE-2024-37779 | 2024-09-23 | WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. |
| CVE-2024-39341 | 2024-09-23 | Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file (i.e. WebAPI.cfg.xml) after the installation process.... |
| CVE-2024-39342 | 2024-09-23 | Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. DCG.Security.dll) with a custom AES encryption process that relies... |