CVE List - 2024 / October
Showing 601 - 700 of 3570 CVEs for October 2024 (Page 7 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-45291 | 2024-10-07 | Path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled in PHPSpreadsheet |
| CVE-2024-45290 | 2024-10-07 | Path traversal and Server-Side Request Forgery when opening XLSX files in PHPSpreadsheet |
| CVE-2024-45060 | 2024-10-07 | Unauthenticated Cross-Site-Scripting (XSS) in sample file in PHPSpreadsheet |
| CVE-2024-45051 | 2024-10-07 | Bypass of email address validation via encoded email addresses in Discourse |
| CVE-2024-45297 | 2024-10-07 | Prevent topic list filtering by hidden tags for unauthorized users in Discourse |
| CVE-2024-43789 | 2024-10-07 | Denial of service by the absence of restrictions on replies to posts in Discourse |
| CVE-2024-43362 | 2024-10-07 | Stored Cross-site Scripting (XSS) when creating external links in Cacti |
| CVE-2024-43364 | 2024-10-07 | Stored Cross-site Scripting (XSS) when creating external links in Cacti |
| CVE-2024-43365 | 2024-10-07 | Stored Cross-site Scripting (XSS) when creating external links in Cacti |
| CVE-2024-43363 | 2024-10-07 | Remote code execution via Log Poisoning in Cacti |
| CVE-2024-47973 | 2024-10-07 | In some Solidigm DC Products, a defect in device overprovisioning may provide information disclosure to an attacker. |
| CVE-2024-47610 | 2024-10-07 | Stored Cross-site Scripting Vulnerability in Markdown Editor |
| CVE-2024-47974 | 2024-10-07 | Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service. |
| CVE-2024-47772 | 2024-10-07 | Cross-site Scripting (XSS) via chat excerpts when content security policy (CSP) disabled in Discourse |
| CVE-2024-47967 | 2024-10-07 | Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. |
| CVE-2024-47818 | 2024-10-07 | Logged-in users with any role can delete arbitrary files in @saltcorn/server |
| CVE-2024-47814 | 2024-10-07 | use-after-free when closing buffers in Vim |
| CVE-2024-47968 | 2024-10-07 | Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service. |
| CVE-2024-47817 | 2024-10-07 | Unvalidated paragraph widget values can be used for Cross-site Scripting in lara-zeus |
| CVE-2024-47782 | 2024-10-07 | Cross-site Scripting (XSS) in Special:WikiDiscover when displaying wiki information in WikiDiscover |
| CVE-2024-47781 | 2024-10-07 | Cross-site Scripting (XSS) in Special:RequestWikiQueue when displaying sitename in CreateWiki |
| CVE-2024-47969 | 2024-10-07 | Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. |
| CVE-2024-25885 | 2024-10-08 | An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string. |
| CVE-2024-36814 | 2024-10-08 | An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into... |
| CVE-2024-44349 | 2024-10-08 | A SQL injection vulnerability in login portal in AnteeoWMS before v4.7.34 allows unauthenticated attackers to execute arbitrary SQL commands via the username parameter and disclosure of some data in the... |
| CVE-2024-45880 | 2024-10-08 | A command injection vulnerability exists in Motorola CX2L router v1.0.2 and below. The vulnerability is present in the SetStationSettings function. The system directly invokes the system function to execute commands... |
| CVE-2024-45918 | 2024-10-08 | Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 is vulnerable to SQL Injection via /client/get_gis_fence.php. |
| CVE-2024-46410 | 2024-10-08 | PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature |
| CVE-2024-46539 | 2024-10-08 | Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS). |
| CVE-2024-45230 | 2024-10-08 | An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via... |
| CVE-2024-45231 | 2024-10-08 | An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses... |
| CVE-2024-39806 | 2024-10-08 | Liteos_a has an out-of-bounds Read vulnerability |
| CVE-2024-39831 | 2024-10-08 | AccessTokenManager has an use after free vulnerability |
| CVE-2024-43696 | 2024-10-08 | Liteos_a has an Memory Leak vulnerability |
| CVE-2024-43697 | 2024-10-08 | Liteos_a has an Improper Input Validation vulnerability |
| CVE-2024-45382 | 2024-10-08 | Liteos_a has an Out-of-bounds Write vulnerability |
| CVE-2024-37179 | 2024-10-08 | Insecure File Operations vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) |
| CVE-2024-45277 | 2024-10-08 | Prototype Pollution vulnerability in SAP HANA Client |
| CVE-2024-45278 | 2024-10-08 | Cross-Site Scripting (XSS) vulnerability in SAP Commerce Backoffice |
| CVE-2024-45282 | 2024-10-08 | HTTP Verb Tampering in SAP S/4 HANA(Manage Bank Statements) |
| CVE-2024-47594 | 2024-10-08 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC) |
| CVE-2024-8925 | 2024-10-08 | Erroneous parsing of multipart form data |
| CVE-2024-8926 | 2024-10-08 | PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass) |
| CVE-2024-8927 | 2024-10-08 | cgi.force_redirect configuration is bypassable due to the environment variable collision |
| CVE-2024-9026 | 2024-10-08 | PHP-FPM logs from children may be altered |
| CVE-2024-21532 | 2024-10-08 | All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this... |
| CVE-2024-21533 | 2024-10-08 | All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to... |
| CVE-2024-9292 | 2024-10-08 | Bridge Core <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-8983 | 2024-10-08 | Custom Twitter Feeds < 2.2.3 - Admin+ Stored XSS |
| CVE-2024-9021 | 2024-10-08 | Relevanssi < 4.23.1 - Contributor+ Stored XSS |
| CVE-2024-7206 | 2024-10-08 | Firmware extraction and Hardware SSL Pinning Bypass |
| CVE-2024-34662 | 2024-10-08 | Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute... |
| CVE-2024-34663 | 2024-10-08 | Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory. |
| CVE-2024-34664 | 2024-10-08 | Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment. |
| CVE-2024-34665 | 2024-10-08 | Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering... |
| CVE-2024-34666 | 2024-10-08 | Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction... |
| CVE-2024-34667 | 2024-10-08 | Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering... |
| CVE-2024-34668 | 2024-10-08 | Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering... |
| CVE-2024-34669 | 2024-10-08 | Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering... |
| CVE-2024-34670 | 2024-10-08 | Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information. |
| CVE-2024-34671 | 2024-10-08 | Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability. |
| CVE-2024-34672 | 2024-10-08 | Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other... |
| CVE-2024-8964 | 2024-10-08 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-47095 | 2024-10-08 | Reflected Cross-Site Scripting in Follet School Solutions Destiny |
| CVE-2022-4534 | 2024-10-08 | Limit Login Attempts (Spam Protection) <= 5.3 - IP Address Spoofing to Protection Mechanism Bypass |
| CVE-2024-8911 | 2024-10-08 | LatePoint <= 5.0.11 - Unauthenticated Arbitrary User Password Change via SQL Injection |
| CVE-2024-8943 | 2024-10-08 | LatePoint <= 5.0.12 - Authentication Bypass |
| CVE-2023-52952 | 2024-10-08 | A vulnerability has been identified in HiMed Cockpit 12 pro (J31032-K2017-H259) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit 14 pro+ (J31032-K2017-H435) (All versions >= V11.5.1 < V11.6.2), HiMed Cockpit... |
| CVE-2024-41798 | 2024-10-08 | A vulnerability has been identified in SENTRON 7KM PAC3200 (All versions). Affected devices only provide a 4-digit PIN to protect from administrative access via Modbus TCP interface. Attackers with access... |
| CVE-2024-41902 | 2024-10-08 | A vulnerability has been identified in JT2Go (All versions < V2406.0003). The affected application contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files.... |
| CVE-2024-41981 | 2024-10-08 | A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to heap-based buffer overflow... |
| CVE-2024-45463 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-45464 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-45465 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-45466 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-45467 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-45468 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-45469 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-45470 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-45471 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-45472 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-45473 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-45474 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-45475 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-45476 | 2024-10-08 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-46886 | 2024-10-08 | The web server of affected devices does not properly validate input that is used for a user redirection. This could allow an attacker to make the server redirect the legitimate... |
| CVE-2024-46887 | 2024-10-08 | The web server of affected devices do not properly authenticate user request to the '/ClientArea/RuntimeInfoData.mwsl' endpoint. This could allow an unauthenticated remote attacker to gain knowledge about current actual and... |
| CVE-2024-47046 | 2024-10-08 | A vulnerability has been identified in Simcenter Femap V2306 (All versions), Simcenter Femap V2401 (All versions), Simcenter Femap V2406 (All versions). The affected application is vulnerable to memory corruption while... |
| CVE-2024-47194 | 2024-10-08 | A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). vish2.exe in affected applications allows a specific DLL file to be loaded from the... |
| CVE-2024-47195 | 2024-10-08 | A vulnerability has been identified in ModelSim (All versions < V2024.3), Questa (All versions < V2024.3). gdb.exe in affected applications allows a specific executable file to be loaded from the... |
| CVE-2024-47196 | 2024-10-08 | A vulnerability has been identified in ModelSim (All versions < V2025.2), Questa (All versions < V2025.2). vsimk.exe in affected applications allows a specific tcl file to be loaded from the... |
| CVE-2024-47553 | 2024-10-08 | A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow... |
| CVE-2024-47562 | 2024-10-08 | A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command.... |
| CVE-2024-47563 | 2024-10-08 | A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint... |
| CVE-2024-47565 | 2024-10-08 | A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed... |
| CVE-2024-8629 | 2024-10-08 | WooCommerce Multilingual & Multicurrency with WPML <= 5.3.7 - Reflected Cross-Site Scripting |
| CVE-2024-8433 | 2024-10-08 | Easy Mega Menu Plugin for WordPress – ThemeHunk <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-3506 | 2024-10-08 | Camera Driver possible Buffer Overflow |
| CVE-2024-8422 | 2024-10-08 | CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2... |
| CVE-2024-8518 | 2024-10-08 | CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application user. |