Lista CVE - 2024 / Settembre
Visualizzazione 2201 - 2300 di 2516 CVE per Settembre 2024 (Pagina 23 di 26)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-7108 | 2024-09-26 | Incorrect Authorization in National Keep's CyberMath |
| CVE-2023-46175 | 2024-09-26 | IBM Cloud Pak for Multicloud Management information disclosure |
| CVE-2024-31899 | 2024-09-26 | IBM Cognos Command Center information disclosure |
| CVE-2024-9177 | 2024-09-26 | Themedy Toolbox <= 1.0.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes |
| CVE-2024-30134 | 2024-09-26 | HCL Traveler for Microsoft Outlook (HTMO) is susceptible to an application modification vulnerability |
| CVE-2024-9155 | 2024-09-26 | Insufficient Authorization On Unlinked Channel Files |
| CVE-2024-43191 | 2024-09-26 | IBM ManageIQ command execution |
| CVE-2024-7259 | 2024-09-26 | Ovirt-engine: potential exposure of cleartext provider passwords via web ui |
| CVE-2024-8771 | 2024-09-26 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.34 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure |
| CVE-2024-39319 | 2024-09-26 | aimeos/ai-controller-frontend has IDOR vulnerability in account profile page |
| CVE-2024-9166 | 2024-09-26 | OS Command Injection in Atelmo Atemio AM 520 HD Full HD Satellite Receiver |
| CVE-2024-9203 | 2024-09-26 | Enpass Password Manager sensitive information in memory |
| CVE-2024-37125 | 2024-09-26 | Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x,10.5.3.x, contains an Uncontrolled Resource Consumption vulnerability. A remote unauthenticated host could potentially exploit this vulnerability leading to a denial of service. |
| CVE-2024-45042 | 2024-09-26 | Ory Kratos's `highest_available` setting does not properly respect code + mfa credentials |
| CVE-2024-39577 | 2024-09-26 | Dell SmartFabric OS10 Software, versions 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access... |
| CVE-2024-45374 | 2024-09-26 | goTenna Pro ATAK Plugin Weak Password Requirements |
| CVE-2024-47075 | 2024-09-26 | DOM Clobbering gadgets found in layui that lead to Cross-site Scripting |
| CVE-2024-47169 | 2024-09-26 | Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal |
| CVE-2024-47170 | 2024-09-26 | Agnai File Disclosure Vulnerability: JSON via Path Traversal |
| CVE-2024-47121 | 2024-09-26 | Weak Passwords Requirements in goTenna Pro |
| CVE-2024-47122 | 2024-09-26 | Insecure Storage of Sensitive Information in goTenna Pro |
| CVE-2024-47123 | 2024-09-26 | Missing Support for Integrity Check in goTenna Pro |
| CVE-2024-47124 | 2024-09-26 | Cleartext Transmission of Sensitive Information in goTenna Pro |
| CVE-2024-47171 | 2024-09-26 | Agnai vulnerable to Relative Path Traversal in Image Upload |
| CVE-2024-47125 | 2024-09-26 | Improper Restriction of Communication Channel to Intended Endpoints in goTenna Pro |
| CVE-2024-43694 | 2024-09-26 | goTenna Pro ATAK Plugin Insecure Storage of Sensitive Information |
| CVE-2024-47126 | 2024-09-26 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in goTenna Pro |
| CVE-2024-47127 | 2024-09-26 | Weak Authentication in goTenna Pro |
| CVE-2024-47174 | 2024-09-26 | Credential leak when credentials are used with `<nix/fetchurl.nix>` |
| CVE-2024-43108 | 2024-09-26 | goTenna Pro ATAK Plugin Missing Support for Integrity Check |
| CVE-2024-47128 | 2024-09-26 | Insertion of Sensitive Information Into Sent Data in goTenna Pro |
| CVE-2024-47129 | 2024-09-26 | Observable Response Discrepancy in goTenna Pro |
| CVE-2024-47130 | 2024-09-26 | Missing Authentication for Critical Function in goTenna Pro |
| CVE-2024-45838 | 2024-09-26 | goTenna Pro ATAK Plugin Cleartext Transmission of Sensitive Information |
| CVE-2024-45723 | 2024-09-26 | goTenna Pro ATAK Plugin Use of Cryptographically Weak Pseudo-Random Number Generator |
| CVE-2024-41722 | 2024-09-26 | goTenna Pro ATAK Plugin Weak Authentication |
| CVE-2024-41931 | 2024-09-26 | goTenna Pro ATAK Plugin Insertion of Sensitive Information Into Sent Data |
| CVE-2024-41715 | 2024-09-26 | goTenna Pro ATAK Plugin Observable Response Discrepancy |
| CVE-2024-43814 | 2024-09-26 | goTenna Pro ATAK Plugin Insertion of Sensitive Information Into Sent Data |
| CVE-2024-8118 | 2024-09-26 | Grafana alerting wrong permission on datasource rule write endpoint |
| CVE-2024-47179 | 2024-09-26 | RSSHub's `docker-test-cont.yml` workflow is vulnerable to Artifact Poisoning which may lead to a full repository takeover. |
| CVE-2024-47180 | 2024-09-26 | Shields.io Remote Code Execution vulnerability in Dynamic JSON/TOML/YAML badges |
| CVE-2024-7594 | 2024-09-26 | Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default |
| CVE-2024-6769 | 2024-09-26 | Medium to High Integrity Privilege Escalation in Microsoft Windows |
| CVE-2024-47176 | 2024-09-26 | cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source |
| CVE-2024-47076 | 2024-09-26 | libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server |
| CVE-2024-47175 | 2024-09-26 | libppd's ppdCreatePPDFromIPP2 function does not sanitize IPP attributes when creating the PPD buffer |
| CVE-2024-8974 | 2024-09-26 | Incorrect Provision of Specified Functionality in GitLab |
| CVE-2024-4099 | 2024-09-26 | Improper Encoding or Escaping of Output in GitLab |
| CVE-2024-25411 | 2024-09-27 | A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in setup.php. |
| CVE-2024-33368 | 2024-09-27 | An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen |
| CVE-2024-33369 | 2024-09-27 | Directory Traversal vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the getFileNameFromConnection method in DownloadTask |
| CVE-2024-40509 | 2024-09-27 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMFinDev.asmx function. |
| CVE-2024-40511 | 2024-09-27 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function. |
| CVE-2024-40512 | 2024-09-27 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function. |
| CVE-2024-46097 | 2024-09-27 | TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the... |
| CVE-2024-46256 | 2024-09-27 | A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an attacker to RCE via Add Let's Encrypt Certificate. |
| CVE-2024-46257 | 2024-09-27 | A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX... |
| CVE-2024-46331 | 2024-09-27 | ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect parameter at /admin/login. This vulnerability allows attackers to redirect users to an arbitrary website via a crafted... |
| CVE-2024-46333 | 2024-09-27 | An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the... |
| CVE-2024-46366 | 2024-09-27 | A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to execute arbitrary client-side template code by injecting a malicious payload during the lead creation process.... |
| CVE-2024-46367 | 2024-09-27 | A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers to inject arbitrary JavaScript code by submitting a malicious payload within the username field. This can... |
| CVE-2024-46441 | 2024-09-27 | An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php (called from app/admin/controller/ypay/Home.php). The file extension of an... |
| CVE-2024-46470 | 2024-09-27 | Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component. |
| CVE-2024-46471 | 2024-09-27 | The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information. |
| CVE-2024-46472 | 2024-09-27 | CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page. |
| CVE-2024-25412 | 2024-09-27 | A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email field. |
| CVE-2024-40510 | 2024-09-27 | Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMCommon.asmx function. |
| CVE-2024-44910 | 2024-09-27 | NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the AOS subsystem (crypto_aos.c). |
| CVE-2024-44911 | 2024-09-27 | NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TC subsystem (crypto_tc.c). |
| CVE-2024-44912 | 2024-09-27 | NASA CryptoLib v1.3.0 was discovered to contain an Out-of-Bounds read via the TM subsystem (crypto_tm.c). |
| CVE-2024-46453 | 2024-09-27 | A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2024-7011 | 2024-09-27 | Sharp NEC Projectors (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA4200W, NP-CA4202W, NP-CA4260X, NP-CA4300X, NP-CA4355X,... |
| CVE-2024-8965 | 2024-09-27 | Absolute Reviews <= 1.1.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Criteria Name |
| CVE-2024-9130 | 2024-09-27 | GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Authenticated (GiveWP Manager+) SQL Injection via order Parameter |
| CVE-2024-8922 | 2024-09-27 | Product Enquiry for WooCommerce <= 2.2.33.33 - Authenticated (Author+) PHP Object Injection in enquiry_detail.php |
| CVE-2024-7713 | 2024-09-27 | AI Chatbot with ChatGPT by AYS <= 2.0.9 - Unauthenticated OpenAI Key Disclosure |
| CVE-2024-7714 | 2024-09-27 | AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls |
| CVE-2024-9029 | 2024-09-27 | Freeimage: heap buffer overflow in tiff_read_iptc_profile |
| CVE-2024-9049 | 2024-09-27 | Beaver Builder – WordPress Page Builder <= 2.8.3.6 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Button Group Module |
| CVE-2024-8991 | 2024-09-27 | OSM <= 6.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via osm_map and osm_map_v3 Shortcodes |
| CVE-2024-8681 | 2024-09-27 | Premium Addons for Elementor <= 4.10.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Media Grid Widget |
| CVE-2024-7400 | 2024-09-27 | Local privilege escalation in ESET products for Windows |
| CVE-2024-39431 | 2024-09-27 | In UMTS RLC driver, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with System execution privileges... |
| CVE-2024-39432 | 2024-09-27 | In UMTS RLC driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges... |
| CVE-2024-39433 | 2024-09-27 | In drm service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2024-39434 | 2024-09-27 | In drm service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2024-39435 | 2024-09-27 | In Logmanager service, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed. |
| CVE-2024-38861 | 2024-09-27 | Lack of TLS validation in plugin MikroTik on Checkmk Exchange |
| CVE-2024-6931 | 2024-09-27 | The Events Calendar <= 6.6.3 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-6654 | 2024-09-27 | Denial of Service vulnerability in ESET products for macOS |
| CVE-2024-41930 | 2024-09-27 | Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user... |
| CVE-2024-9202 | 2024-09-27 | EDC DataSetResolver policy filtering missing |
| CVE-2024-47290 | 2024-09-27 | Input validation vulnerability in the USB service module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-47291 | 2024-09-27 | Permission vulnerability in the ActivityManagerService (AMS) module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-47292 | 2024-09-27 | Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-47293 | 2024-09-27 | Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-47294 | 2024-09-27 | Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-9136 | 2024-09-27 | Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-9275 | 2024-09-27 | jeanmarc77 123solar admin_invt2.php file inclusion |