Lista CVE - 2024 / Settembre
Visualizzazione 501 - 600 di 2516 CVE per Settembre 2024 (Pagina 6 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-40711 | 2024-09-07 | A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). |
| CVE-2024-40709 | 2024-09-07 | A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level. |
| CVE-2024-40713 | 2024-09-07 | A vulnerability that allows a user who has been assigned a low-privileged role within Veeam Backup & Replication to alter Multi-Factor Authentication (MFA) settings and bypass MFA. |
| CVE-2024-42022 | 2024-09-07 | An incorrect permission assignment vulnerability allows an attacker to modify product configuration files. |
| CVE-2024-42024 | 2024-09-07 | A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credentials to perform remote code execution on the machine where the Veeam ONE Agent is... |
| CVE-2024-40714 | 2024-09-07 | An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations. |
| CVE-2024-40718 | 2024-09-07 | A server side request forgery vulnerability allows a low-privileged user to perform local privilege escalation through exploiting an SSRF vulnerability. |
| CVE-2024-42023 | 2024-09-07 | An improper access control vulnerability allows low-privileged users to execute code with Administrator privileges remotely. |
| CVE-2024-42021 | 2024-09-07 | An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials. |
| CVE-2024-38650 | 2024-09-07 | An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash of service account on the VSPC server. |
| CVE-2024-8559 | 2024-09-07 | SourceCodester Online Food Menu delete-menu.php sql injection |
| CVE-2024-8560 | 2024-09-07 | SourceCodester Simple Invoice Generator System save_invoice.php sql injection |
| CVE-2024-8561 | 2024-09-07 | SourceCodester PHP CRUD Delete Person delete.php sql injection |
| CVE-2024-8562 | 2024-09-07 | SourceCodester PHP CRUD Add.php cross site scripting |
| CVE-2024-8563 | 2024-09-07 | SourceCodester PHP CRUD update.php cross site scripting |
| CVE-2024-8564 | 2024-09-07 | SourceCodester PHP CRUD update.php sql injection |
| CVE-2024-8565 | 2024-09-07 | SourceCodesters Clinics Patient Management System print_diseases.php sql injection |
| CVE-2024-8566 | 2024-09-07 | code-projects Online Shop Store settings.php cross site scripting |
| CVE-2024-8567 | 2024-09-08 | itsourcecode Payroll Management System ajax.php sql injection |
| CVE-2024-8568 | 2024-09-08 | Mini-Tmall 1 rewardMapper.select sql injection |
| CVE-2024-8569 | 2024-09-08 | code-projects Hospital Management System user-login.php sql injection |
| CVE-2024-6852 | 2024-09-08 | WP MultiTasking <= 0.1.12 - Settings Update via CSRF |
| CVE-2024-6853 | 2024-09-08 | WP MultiTasking <= 0.1.12 - Welcome Popup Update via CSRF |
| CVE-2024-6855 | 2024-09-08 | WP MultiTasking <= 0.1.12 - Exit Popup Update via CSRF |
| CVE-2024-6856 | 2024-09-08 | WP MultiTasking <= 0.1.12 - SMTP Settings Update via CSRF |
| CVE-2024-6859 | 2024-09-08 | WP MultiTasking <= 0.1.12 - Reflected XSS via Shortcode |
| CVE-2024-6924 | 2024-09-08 | TrueBooker < 1.0.3 - Multiple Unauthenticated SQLi |
| CVE-2024-6925 | 2024-09-08 | TrueBooker < 1.0.3 - Settings Update via CSRF |
| CVE-2024-6928 | 2024-09-08 | Opti Marketing <= 2.0.9 - Unauthenticated SQLi |
| CVE-2024-8570 | 2024-09-08 | itsourcecode Tailoring Management System inccatadd.php sql injection |
| CVE-2024-8571 | 2024-09-08 | erjemin roll_cms views.py information exposure |
| CVE-2024-8572 | 2024-09-08 | Gouniverse GoLang CMS FrontendHandler.go PageRenderHtmlByAlias cross site scripting |
| CVE-2024-8573 | 2024-09-08 | TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setParentalRules buffer overflow |
| CVE-2024-8574 | 2024-09-08 | TOTOLINK AC1200 T8 cstecgi.cgi setParentalRules os command injection |
| CVE-2024-42341 | 2024-09-08 | Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') |
| CVE-2024-42342 | 2024-09-08 | Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') |
| CVE-2024-42343 | 2024-09-08 | Loway - CWE-204: Observable Response Discrepancy |
| CVE-2024-8575 | 2024-09-08 | TOTOLINK AC1200 T8 cstecgi.cgi setWiFiScheduleCfg buffer overflow |
| CVE-2024-8576 | 2024-09-08 | TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setIpPortFilterRules buffer overflow |
| CVE-2024-8577 | 2024-09-08 | TOTOLINK AC1200 T8/AC1200 T10 cstecgi.cgi setStaticDhcpRules buffer overflow |
| CVE-2024-8578 | 2024-09-08 | TOTOLINK AC1200 T8 cstecgi.cgi setWiFiMeshName buffer overflow |
| CVE-2024-8579 | 2024-09-08 | TOTOLINK AC1200 T8 cstecgi.cgi setWiFiRepeaterCfg buffer overflow |
| CVE-2024-8580 | 2024-09-08 | TOTOLINK AC1200 T8 shadow.sample hard-coded password |
| CVE-2024-8582 | 2024-09-08 | SourceCodester Food Ordering Management System index.php cross site scripting |
| CVE-2024-8583 | 2024-09-08 | SourceCodester Online Bank Management System Feedback mfeedback.php cross site scripting |
| CVE-2023-50883 | 2024-09-09 | ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression (IIFE), and therefore a sandbox escape is possible by directly calling the constructor of the Function... |
| CVE-2024-24510 | 2024-09-09 | Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component. |
| CVE-2024-42759 | 2024-09-09 | An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. |
| CVE-2024-44085 | 2024-09-09 | ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this... |
| CVE-2024-44333 | 2024-09-09 | D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution. An attacker can achieve arbitrary command execution by sending a... |
| CVE-2024-44334 | 2024-09-09 | D-Link DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution due to insufficient parameter filtering in the CGI handling function... |
| CVE-2024-44335 | 2024-09-09 | D-Link DI-7003G v19.12.24A1, DI-7003GV2 v24.04.18D1, DI-7100G+V2 v24.04.18D1, DI-7100GV2 v24.04.18D1, DI-7200GV2 v24.04.18E1, DI-7300G+V2 v24.04.18D1, and DI-7400G+V2 v24.04.18D1 are vulnerable to Remote Command Execution (RCE) via version_upgrade.asp. |
| CVE-2024-44410 | 2024-09-09 | D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function. |
| CVE-2024-44411 | 2024-09-09 | D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the msp_info_htm function. |
| CVE-2024-44720 | 2024-09-09 | SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe.php. |
| CVE-2024-44721 | 2024-09-09 | SeaCMS v13.1 was discovered to a Server-Side Request Forgery (SSRF) via the url parameter at /admin_reslib.php. |
| CVE-2024-44724 | 2024-09-09 | AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted... |
| CVE-2024-44725 | 2024-09-09 | AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php. |
| CVE-2024-44902 | 2024-09-09 | A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code. |
| CVE-2024-27364 | 2024-09-09 | An issue was discovered in Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function... |
| CVE-2024-27365 | 2024-09-09 | An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function... |
| CVE-2024-27366 | 2024-09-09 | An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In... |
| CVE-2024-27367 | 2024-09-09 | An issue was discovered in Samsung Mobile Processor Exynos Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In... |
| CVE-2024-27368 | 2024-09-09 | An issue was discovered in Samsung Mobile Processor Exynos Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos... |
| CVE-2024-27383 | 2024-09-09 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_get_scan_extra_ies(), there is no input validation check on... |
| CVE-2024-27387 | 2024-09-09 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_rx_range_done_ind(), there is no input validation check on... |
| CVE-2024-44375 | 2024-09-09 | D-Link DI-8100 v16.07.26A1 has a stack overflow vulnerability in the dbsrv_asp function. |
| CVE-2024-44849 | 2024-09-09 | Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php. |
| CVE-2024-8584 | 2024-09-09 | LEARNING DIGITAL Orca HCM - Missing Authentication |
| CVE-2024-8585 | 2024-09-09 | LEARNING DIGITAL Orca HCM - Arbitrary File Download |
| CVE-2024-8586 | 2024-09-09 | Uniong WebITR - Open Redirect |
| CVE-2024-45625 | 2024-09-09 | Cross-site scripting vulnerability exists in Forminator versions prior to 1.34.1. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who follows... |
| CVE-2024-5561 | 2024-09-09 | Popup Maker < 1.19.1 - Admin+ Stored XSS |
| CVE-2024-6910 | 2024-09-09 | EventON < 2.2.17 - Admin+ Stored XSS |
| CVE-2024-7687 | 2024-09-09 | AZIndex <= 0.8.1 - Stored XSS via CSRF |
| CVE-2024-7688 | 2024-09-09 | AZIndex <= 0.8.1 - Index Deletion via CSRF |
| CVE-2024-7689 | 2024-09-09 | Snapshot Backup <= 2.1.1 - Stored XSS via CSRF |
| CVE-2024-7918 | 2024-09-09 | Pocket Widget <= 0.1.3 - Admin+ Stored XSS |
| CVE-2024-45203 | 2024-09-09 | Improper authorization in handler for custom URL scheme issue in "@cosme" App for Android versions prior 5.69.0 and "@cosme" App for iOS versions prior to 6.74.0 allows an attacker to... |
| CVE-2024-37288 | 2024-09-09 | A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. This issue only affects users that use... |
| CVE-2024-8601 | 2024-09-09 | Improper Access Control Vulnerability in TechExcel Back Office Software |
| CVE-2024-6572 | 2024-09-09 | Improper host key checking in active check 'Check SFTP Service' and special agent 'VNX quotas and filesystem' |
| CVE-2024-7015 | 2024-09-09 | Improper Authentication in Profelis Informatics and Consulting's PassBOX |
| CVE-2024-40643 | 2024-09-09 | Joplin has a parsing error leading to Cross-site Scripting (XSS) |
| CVE-2024-8372 | 2024-09-09 | AngularJS improper sanitization in 'srcset' attribute |
| CVE-2024-8373 | 2024-09-09 | AngularJS improper sanitization in '<source>' element |
| CVE-2024-45041 | 2024-09-09 | External Secrets Operator vulnerable to privilege escalation |
| CVE-2024-8042 | 2024-09-09 | Rapid7 Insight Platform Unauthorized Empty Group Creation |
| CVE-2024-8604 | 2024-09-09 | SourceCodester Online Food Ordering System Create an Account Page index.php cross site scripting |
| CVE-2024-8605 | 2024-09-09 | code-projects Inventory Management Registration Form registration.php cross site scripting |
| CVE-2024-45406 | 2024-09-09 | Craft CMS stored XSS in breadcrumb list and title fields |
| CVE-2024-45411 | 2024-09-09 | Twig has a possible sandbox bypass |
| CVE-2024-7260 | 2024-09-09 | Keycloak-core: open redirect on account page |
| CVE-2024-7318 | 2024-09-09 | Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity |
| CVE-2024-7341 | 2024-09-09 | Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters |
| CVE-2024-45296 | 2024-09-09 | path-to-regexp outputs backtracking regular expressions |
| CVE-2024-42500 | 2024-09-09 | HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv4) services. |
| CVE-2024-6795 | 2024-09-09 | Vulnerability in Baxter Connex Health Portal |
| CVE-2024-6796 | 2024-09-09 | Vulnerability in Baxter Connex Health Portal |
| CVE-2024-8610 | 2024-09-09 | SourceCodester Best House Rental Management System New Tenant Page index.php cross site scripting |