CVE List - 2024 / October
Showing 1101 - 1200 of 3570 CVEs for October 2024 (Page 12 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-9817 | 2024-10-10 | code-projects Blood Bank System update.php sql injection |
| CVE-2024-9818 | 2024-10-10 | SourceCodester Online Veterinary Appointment System manage_category.php sql injection |
| CVE-2024-42018 | 2024-10-11 | An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some configuration parameters are retrieved from management nodes. These parameters embed credentials whose integrity and... |
| CVE-2024-42640 | 2024-10-11 | angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be... |
| CVE-2024-44413 | 2024-10-11 | A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to... |
| CVE-2024-44414 | 2024-10-11 | A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical. This issue affects the sub_4901E0 function in the msp_info.htm file. Manipulation of the path parameter can lead to... |
| CVE-2024-44415 | 2024-10-11 | A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a... |
| CVE-2024-44729 | 2024-10-11 | Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting. |
| CVE-2024-44730 | 2024-10-11 | Incorrect access control in the function handleDataChannelChat(dataMessage) of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name. |
| CVE-2024-44731 | 2024-10-11 | Mirotalk before commit 9de226 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary code via sending crafted payloads in messages to other users... |
| CVE-2024-44734 | 2024-10-11 | Incorrect access control in Mirotalk before commit 9de226 allows attackers to arbitrarily change usernames via sending a crafted roomAction request to the server. |
| CVE-2024-44807 | 2024-10-11 | A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list... |
| CVE-2024-45184 | 2024-10-11 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920,... |
| CVE-2024-45754 | 2024-10-11 | An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11. SQL injection can occur in... |
| CVE-2024-46088 | 2024-10-11 | An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted... |
| CVE-2024-46215 | 2024-10-11 | A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() function within the /usr/sbin/goahead program; The strcpy function is executed without checking the length of the... |
| CVE-2024-46468 | 2024-10-11 | A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure. |
| CVE-2024-46532 | 2024-10-11 | SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component. |
| CVE-2024-48768 | 2024-10-11 | An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process |
| CVE-2024-48769 | 2024-10-11 | An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. |
| CVE-2024-48770 | 2024-10-11 | An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process. |
| CVE-2024-48771 | 2024-10-11 | An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process |
| CVE-2024-48772 | 2024-10-11 | An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. |
| CVE-2024-48773 | 2024-10-11 | An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process |
| CVE-2024-48774 | 2024-10-11 | An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process. |
| CVE-2024-48775 | 2024-10-11 | An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. |
| CVE-2024-48776 | 2024-10-11 | An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process |
| CVE-2024-48777 | 2024-10-11 | LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process. |
| CVE-2024-48778 | 2024-10-11 | An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process. |
| CVE-2024-48784 | 2024-10-11 | An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process. |
| CVE-2024-48786 | 2024-10-11 | An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. |
| CVE-2024-48787 | 2024-10-11 | An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. |
| CVE-2024-48788 | 2024-10-11 | An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process. |
| CVE-2024-48813 | 2024-10-11 | SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the /update-employee.php component. |
| CVE-2024-48827 | 2024-10-11 | An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. |
| CVE-2024-35517 | 2024-10-11 | Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share_name parameter. |
| CVE-2024-35522 | 2024-10-11 | Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authenticated command injection in operating_mode.cgi via the ap_mode parameter with ap_24g_manual set to 1 and ap_24g_manual_sec set... |
| CVE-2024-48937 | 2024-10-11 | Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed. |
| CVE-2024-48938 | 2024-10-11 | Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to... |
| CVE-2024-48987 | 2024-10-11 | Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have... |
| CVE-2024-9822 | 2024-10-11 | Pedalo Connector <= 2.0.5 - Authentication Bypass to Administrator |
| CVE-2024-21534 | 2024-10-11 | All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the... |
| CVE-2024-9543 | 2024-10-11 | Powerpress <= 11.9.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via skipto Shortcode |
| CVE-2024-9587 | 2024-10-11 | Linkz.ai <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update via AJAX |
| CVE-2024-9586 | 2024-10-11 | Linkz.ai <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update |
| CVE-2024-9611 | 2024-10-11 | Increase upload file size & Maximum Execution Time limit <= 2.0 - Reflected Cross-Site Scripting |
| CVE-2024-9346 | 2024-10-11 | Embed videos and respect privacy <= 1.2 - Reflected Cross-Site Scripting |
| CVE-2024-9616 | 2024-10-11 | BlockMeister – Block Pattern Builder <= 3.1.10 - Reflected Cross-Site Scripting |
| CVE-2024-9221 | 2024-10-11 | Tainacan <= 0.21.10 - Reflected Cross-Site Scripting |
| CVE-2024-9436 | 2024-10-11 | PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes <= 3.5.14 - Reflected Cross-Site Scripting |
| CVE-2024-9707 | 2024-10-11 | Hunk Companion <= 1.8.4 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation/Activation |
| CVE-2024-9232 | 2024-10-11 | Download Plugins and Themes in ZIP from Dashboard <= 1.9.1 - Reflected Cross-Site Scripting |
| CVE-2024-9234 | 2024-10-11 | GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload |
| CVE-2024-9610 | 2024-10-11 | Language Switcher <= 3.7.13 - Reflected Cross-Site Scripting |
| CVE-2024-9211 | 2024-10-11 | FULL – Cliente <= 3.1.22 - Reflected Cross-Site Scripting |
| CVE-2024-9507 | 2024-10-11 | Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.15.2 - Authenticated (Administrator+) Improper Input Validation via iconUpload Function to Arbitrary File Read |
| CVE-2024-9051 | 2024-10-11 | WP Ultimate Post Grid <= 3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpupg-grid-with-filters Shortcode |
| CVE-2024-45315 | 2024-10-11 | The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to create arbitrary folders... |
| CVE-2024-45316 | 2024-10-11 | The Improper link resolution before file access ('Link Following') vulnerability in SonicWall Connect Tunnel (version 12.4.3.271 and earlier of Windows client) allows users with standard privileges to delete arbitrary folders... |
| CVE-2024-45317 | 2024-10-11 | A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an... |
| CVE-2024-7514 | 2024-10-11 | WordPress Comments Import & Export <= 2.3.7 - Authenticated (Author+) Arbitrary File Read via Directory Traversal |
| CVE-2024-8913 | 2024-10-11 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.11 - Authenticated (Contributor+) Sensitive Information Exposure via content_template |
| CVE-2024-9538 | 2024-10-11 | ShopLentor <= 2.9.8 - Authenticated (Contributor+) Sensitive Information Exposure via WL: FAQ Widget Elementor Template |
| CVE-2024-9164 | 2024-10-11 | Missing Authentication for Critical Function in GitLab |
| CVE-2024-5005 | 2024-10-11 | Incorrect Provision of Specified Functionality in GitLab |
| CVE-2023-42133 | 2024-10-11 | PAX Android based POS devices allow for escalation of privilege via improperly configured scripts. An attacker must have shell access with system account privileges in order to exploit this vulnerability.... |
| CVE-2024-6971 | 2024-10-11 | Path Traversal in parisneo/lollms-webui |
| CVE-2024-8970 | 2024-10-11 | Incorrect Authorization in GitLab |
| CVE-2024-9855 | 2024-10-11 | 07FLYCMS/07FLY-CMS/07FlyCRM Module Plug-In sysmodule_1 uploadFile unrestricted upload |
| CVE-2024-9856 | 2024-10-11 | 07FLYCMS/07FLY-CMS/07FlyCRM System Settings Page cross site scripting |
| CVE-2024-9002 | 2024-10-11 | CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by... |
| CVE-2024-8531 | 2024-10-11 | CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed... |
| CVE-2024-6657 | 2024-10-11 | BLE peripheral DoS after few cycles of connect/disconnects |
| CVE-2024-8530 | 2024-10-11 | CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause exposure of private data when an already generated “logcaptures” archive is accessed directly by HTTPS. |
| CVE-2024-8755 | 2024-10-11 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. |
| CVE-2024-25622 | 2024-10-11 | H2O ignores headers configuration directives |
| CVE-2024-45397 | 2024-10-11 | H2O alllows bypassing address-based access control with 0-RTT |
| CVE-2024-45403 | 2024-10-11 | H2O assertion failure when HTTP/3 requests are cancelled |
| CVE-2024-45396 | 2024-10-11 | Quicly assertion failures |
| CVE-2024-45402 | 2024-10-11 | Picotls double free |
| CVE-2024-47074 | 2024-10-11 | Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability |
| CVE-2024-47830 | 2024-10-11 | Plane allows server side request forgery via /_next/image endpoint |
| CVE-2024-47875 | 2024-10-11 | DOMPurify nesting-based mXSS |
| CVE-2024-5474 | 2024-10-11 | A potential information disclosure vulnerability was reported in Lenovo's packaging of Dolby Vision Provisioning software prior to version 2.0.0.2 that could allow a local attacker to read files on the... |
| CVE-2024-4089 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Super File that could allow a local attacker to execute code with elevated privileges. |
| CVE-2024-4130 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo App Store that could allow a local attacker to execute code with elevated privileges. |
| CVE-2024-4131 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Emulator that could allow a local attacker to execute code with elevated privileges. |
| CVE-2024-4132 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Lock Screen that could allow a local attacker to execute code with elevated privileges. |
| CVE-2024-9046 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo stARstudio that could allow a local attacker to execute code with elevated privileges. |
| CVE-2024-33578 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. |
| CVE-2024-39526 | 2024-10-11 | Junos OS and Junos OS Evolved: MX Series with MPC10/MPC11/LC9600, MX304, EX9200, PTX Series: Receipt of malformed DHCP packets causes interfaces to stop processing packets |
| CVE-2024-33579 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. |
| CVE-2024-33580 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. |
| CVE-2024-39527 | 2024-10-11 | Junos OS: SRX Series: Low privileged user able to access sensitive information on file system |
| CVE-2024-33581 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. |
| CVE-2024-33582 | 2024-10-11 | A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. |
| CVE-2024-39534 | 2024-10-11 | Junos OS Evolved: Connections to the network and broadcast address accepted |
| CVE-2024-39544 | 2024-10-11 | Junos OS Evolved: Low privileged local user able to view NETCONF traceoptions files |
| CVE-2024-8376 | 2024-10-11 | Memory leak |
| CVE-2024-39547 | 2024-10-11 | Junos OS and Junos OS Evolved: cRPD: Receipt of crafted TCP traffic can trigger high CPU utilization |