Lista CVE - 2024 / Settembre
Visualizzazione 301 - 400 di 2516 CVE per Settembre 2024 (Pagina 4 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-44988 | 2024-09-04 | net: dsa: mv88e6xxx: Fix out-of-bound access |
| CVE-2024-44989 | 2024-09-04 | bonding: fix xfrm real_dev null pointer dereference |
| CVE-2024-44990 | 2024-09-04 | bonding: fix null pointer deref in bond_ipsec_offload_ok |
| CVE-2024-44991 | 2024-09-04 | tcp: prevent concurrent execution of tcp_sk_exit_batch |
| CVE-2024-44992 | 2024-09-04 | smb/client: avoid possible NULL dereference in cifs_free_subrequest() |
| CVE-2024-44993 | 2024-09-04 | drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()` |
| CVE-2024-44994 | 2024-09-04 | iommu: Restore lost return in iommu_report_device_fault() |
| CVE-2024-44995 | 2024-09-04 | net: hns3: fix a deadlock problem when config TC during resetting |
| CVE-2024-44996 | 2024-09-04 | vsock: fix recursive ->recvmsg calls |
| CVE-2024-44997 | 2024-09-04 | net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() |
| CVE-2024-44998 | 2024-09-04 | atm: idt77252: prevent use after free in dequeue_rx() |
| CVE-2024-44999 | 2024-09-04 | gtp: pull network headers in gtp_dev_xmit() |
| CVE-2024-45000 | 2024-09-04 | fs/netfs/fscache_cookie: add missing "n_accesses" check |
| CVE-2024-45001 | 2024-09-04 | net: mana: Fix RX buf alloc_size alignment and atomic op panic |
| CVE-2024-45002 | 2024-09-04 | rtla/osnoise: Prevent NULL dereference in error handling |
| CVE-2024-45003 | 2024-09-04 | vfs: Don't evict inode under the inode lru traversing context |
| CVE-2024-45004 | 2024-09-04 | KEYS: trusted: dcp: fix leak of blob encryption key |
| CVE-2024-45005 | 2024-09-04 | KVM: s390: fix validity interception issue when gisa is switched off |
| CVE-2024-45006 | 2024-09-04 | xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration |
| CVE-2024-45007 | 2024-09-04 | char: xillybus: Don't destroy workqueue from work item running on it |
| CVE-2024-45008 | 2024-09-04 | Input: MT - limit max slots |
| CVE-2024-45399 | 2024-09-04 | Indico has a Cross-Site-Scripting during account creation |
| CVE-2024-45395 | 2024-09-04 | Unbounded loop over untrusted input can lead to endless data attack |
| CVE-2024-20505 | 2024-09-04 | ClamAV Memory Handling DoS |
| CVE-2024-20506 | 2024-09-04 | ClamAV Privilege Handling Escalation Vulnerability |
| CVE-2024-2166 | 2024-09-04 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003. |
| CVE-2024-45429 | 2024-09-04 | Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which... |
| CVE-2024-42885 | 2024-09-05 | SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page. |
| CVE-2024-44587 | 2024-09-05 | itsourcecode Alton Management System 1.0 is vulnerable to SQL Injection in /noncombo_save.php via the "menu" parameter. |
| CVE-2024-44727 | 2024-09-05 | Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php. |
| CVE-2024-44728 | 2024-09-05 | Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact# in /clientdetails/admin/regester.php. |
| CVE-2024-45158 | 2024-09-05 | An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported... |
| CVE-2024-45171 | 2024-09-05 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR... |
| CVE-2024-45173 | 2024-09-05 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data... |
| CVE-2024-45175 | 2024-09-05 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is... |
| CVE-2024-45178 | 2024-09-05 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to download arbitrary files from the C-MOR system via a path... |
| CVE-2024-45589 | 2024-09-05 | RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters. |
| CVE-2023-51712 | 2024-09-05 | An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function. |
| CVE-2024-45157 | 2024-09-05 | An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the... |
| CVE-2024-45159 | 2024-09-05 | An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate... |
| CVE-2024-45176 | 2024-09-05 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was found... |
| CVE-2024-7627 | 2024-09-05 | Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition |
| CVE-2024-45287 | 2024-09-05 | Multiple vulnerabilities in libnv |
| CVE-2024-45288 | 2024-09-05 | Multiple vulnerabilities in libnv |
| CVE-2024-41928 | 2024-09-05 | bhyve(8) privileged guest escape via TPM device passthrough |
| CVE-2024-8178 | 2024-09-05 | Multiple issues in ctl(4) CAM Target Layer |
| CVE-2024-42416 | 2024-09-05 | Multiple issues in ctl(4) CAM Target Layer |
| CVE-2024-43110 | 2024-09-05 | Multiple issues in ctl(4) CAM Target Layer |
| CVE-2024-45063 | 2024-09-05 | Multiple issues in ctl(4) CAM Target Layer |
| CVE-2024-32668 | 2024-09-05 | bhyve(8) privileged guest escape via USB controller |
| CVE-2024-43102 | 2024-09-05 | umtx Kernel panic or Use-After-Free |
| CVE-2024-6846 | 2024-09-05 | SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge |
| CVE-2024-6835 | 2024-09-05 | Ivory Search – WordPress Search Plugin <= 5.5.6 - Information Exposure via AJAX Search Form |
| CVE-2024-5309 | 2024-09-05 | Form Vibes – Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple Functions |
| CVE-2024-8363 | 2024-09-05 | Share This Image <= 2.02 - Authenticated (Contributor+) Stored Cross-Site Scripting via STI Buttons Shortcode |
| CVE-2024-45107 | 2024-09-05 | ZDI-CAN-24186: Adobe Acrobat Reader DC Doc Object Use-After-Free Information Disclosure Vulnerability |
| CVE-2024-6332 | 2024-09-05 | Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.3 - Missing Authorization to Sensitive Information Exposure |
| CVE-2024-6929 | 2024-09-05 | Dynamic Featured Image <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via dfiFeatured Parameter |
| CVE-2024-6894 | 2024-09-05 | RD Station <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-5956 | 2024-09-05 | This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly |
| CVE-2024-5957 | 2024-09-05 | This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager. |
| CVE-2024-7605 | 2024-09-05 | HelloAsso <= 1.1.10 - Missing Authorization to Authenticated (Contributor+) Limited Options Update |
| CVE-2022-3556 | 2024-09-05 | Cab fare calculator <= 1.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2024-7380 | 2024-09-05 | Geo Controller <= 8.6.9 - Missing Authorization to Authenticated (Subscriber+) Menu Creation/Deletion |
| CVE-2024-7381 | 2024-09-05 | Geo Controller <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution |
| CVE-2022-4529 | 2024-09-05 | Security, Antivirus, Firewall – S.A.F <= 2.3.5 - IP Address Spoofing to Protection Mechanism Bypass |
| CVE-2024-8460 | 2024-09-05 | D-Link DNS-320 Web Management Interface widget_api.cgi information disclosure |
| CVE-2024-8461 | 2024-09-05 | D-Link DNS-320 Web Management Interface discovery.cgi information disclosure |
| CVE-2024-8463 | 2024-09-05 | File upload restriction bypass vulnerability in Job Portal |
| CVE-2024-8464 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8465 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8466 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8467 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8468 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8469 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8470 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8462 | 2024-09-05 | Windmill HTTP Request users.rs excessive authentication |
| CVE-2024-7884 | 2024-09-05 | Memory leak when calling a canister method via `ic_cdk::call` |
| CVE-2024-8471 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8472 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8473 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8445 | 2024-09-05 | 389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199) |
| CVE-2024-45098 | 2024-09-05 | IBM Aspera Faspex bypass security |
| CVE-2024-45096 | 2024-09-05 | IBM Aspera Faspex information disclosure |
| CVE-2024-45097 | 2024-09-05 | IBM Aspera Faspex bypass security |
| CVE-2024-24759 | 2024-09-05 | MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding |
| CVE-2024-45392 | 2024-09-05 | SuiteCRM has wrong deletion permission checks on API delete call |
| CVE-2024-45401 | 2024-09-05 | stripe-cli Path Traversal vulnerability |
| CVE-2024-7591 | 2024-09-05 | Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection |
| CVE-2024-42491 | 2024-09-05 | A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used |
| CVE-2024-8395 | 2024-09-05 | FlyCASS Cockpit Access Security System (CASS) SQL Injection |
| CVE-2024-39278 | 2024-09-05 | Hughes Network Systems Insufficiently Protected Credentials |
| CVE-2024-42495 | 2024-09-05 | Hughes Network Systems WL3000 Missing Encryption of Sensitive Data |
| CVE-2024-45400 | 2024-09-05 | CKEditor Open Link plugin vulnerable to Cross-site Scripting |
| CVE-2024-44082 | 2024-09-06 | In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit... |
| CVE-2024-44401 | 2024-09-06 | D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file |
| CVE-2024-44402 | 2024-09-06 | D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. |
| CVE-2024-44408 | 2024-09-06 | D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords. |
| CVE-2024-44739 | 2024-09-06 | Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability in /php-sqlite-forum/?page=manage_user&id=. |
| CVE-2024-44837 | 2024-09-06 | A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter. |