CVE List - 2024 / October
Showing 801 - 900 of 3570 CVEs for October 2024 (Page 9 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-43520 | 2024-10-08 | Windows Kernel Denial of Service Vulnerability |
| CVE-2024-43521 | 2024-10-08 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-43522 | 2024-10-08 | Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability |
| CVE-2024-43523 | 2024-10-08 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-43524 | 2024-10-08 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-43528 | 2024-10-08 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| CVE-2024-43536 | 2024-10-08 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-43544 | 2024-10-08 | Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability |
| CVE-2024-43545 | 2024-10-08 | Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability |
| CVE-2024-35215 | 2024-10-08 | NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to... |
| CVE-2024-43546 | 2024-10-08 | Windows Cryptographic Information Disclosure Vulnerability |
| CVE-2024-43547 | 2024-10-08 | Windows Kerberos Information Disclosure Vulnerability |
| CVE-2024-43549 | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-43550 | 2024-10-08 | Windows Secure Channel Spoofing Vulnerability |
| CVE-2024-43551 | 2024-10-08 | Windows Storage Elevation of Privilege Vulnerability |
| CVE-2024-43552 | 2024-10-08 | Windows Shell Remote Code Execution Vulnerability |
| CVE-2024-43553 | 2024-10-08 | NT OS Kernel Elevation of Privilege Vulnerability |
| CVE-2024-43555 | 2024-10-08 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
| CVE-2024-43556 | 2024-10-08 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-43557 | 2024-10-08 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
| CVE-2024-43558 | 2024-10-08 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
| CVE-2024-43559 | 2024-10-08 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
| CVE-2024-43560 | 2024-10-08 | Microsoft Windows Storage Port Driver Elevation of Privilege Vulnerability |
| CVE-2024-43561 | 2024-10-08 | Windows Mobile Broadband Driver Denial of Service Vulnerability |
| CVE-2024-43562 | 2024-10-08 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
| CVE-2024-43563 | 2024-10-08 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2024-43564 | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-43565 | 2024-10-08 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
| CVE-2024-43567 | 2024-10-08 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-43570 | 2024-10-08 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-43571 | 2024-10-08 | Sudo for Windows Spoofing Vulnerability |
| CVE-2024-43572 | 2024-10-08 | Microsoft Management Console Remote Code Execution Vulnerability |
| CVE-2024-43574 | 2024-10-08 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability |
| CVE-2024-43575 | 2024-10-08 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-43582 | 2024-10-08 | Remote Desktop Protocol Server Remote Code Execution Vulnerability |
| CVE-2024-43584 | 2024-10-08 | Windows Scripting Engine Security Feature Bypass Vulnerability |
| CVE-2024-43585 | 2024-10-08 | Code Integrity Guard Security Feature Bypass Vulnerability |
| CVE-2024-43589 | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-43590 | 2024-10-08 | Visual C++ Redistributable Installer Elevation of Privilege Vulnerability |
| CVE-2024-43591 | 2024-10-08 | Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability |
| CVE-2024-43592 | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-43593 | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-43599 | 2024-10-08 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2024-43603 | 2024-10-08 | Visual Studio Collector Service Denial of Service Vulnerability |
| CVE-2024-43583 | 2024-10-08 | Winlogon Elevation of Privilege Vulnerability |
| CVE-2024-43614 | 2024-10-08 | Microsoft Defender for Endpoint for Linux Spoofing Vulnerability |
| CVE-2024-43611 | 2024-10-08 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-43488 | 2024-10-08 | Visual Studio Code extension for Arduino Remote Code Execution Vulnerability |
| CVE-2024-47823 | 2024-10-08 | Livewire Remote Code Execution (RCE) on File Uploads |
| CVE-2024-47822 | 2024-10-08 | Directus inserts access token from query string into logs |
| CVE-2024-47780 | 2024-10-08 | Information Disclosure in TYPO3 Page Tree |
| CVE-2024-47773 | 2024-10-08 | Anonymous cache poisoning via XHR requests in Discourse |
| CVE-2024-27457 | 2024-10-08 | Improper check for unusual or exceptional conditions in Intel(R) TDX Module firmware before version 1.5.06 may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2024-9412 | 2024-10-08 | Improper Authorization Vulnerability in Rockwell Automation Verve® Asset Manager |
| CVE-2024-9602 | 2024-10-08 | Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity:... |
| CVE-2024-9603 | 2024-10-08 | Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2023-36325 | 2024-10-09 | i2p before 2.3.0 (Java) allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs... |
| CVE-2023-37154 | 2024-10-09 | check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior. |
| CVE-2023-45359 | 2024-10-09 | An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have... |
| CVE-2023-45872 | 2024-10-09 | An issue was discovered in Qt before 6.2.11 and 6.3.x through 6.6.x before 6.6.1. When a QML image refers to an image whose content is not known yet, there is... |
| CVE-2024-25825 | 2024-10-09 | FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a... |
| CVE-2024-42934 | 2024-10-09 | OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim simulator, resulting in denial of service or (with very low probability) authentication bypass or code execution. |
| CVE-2024-45160 | 2024-10-09 | Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret). |
| CVE-2024-45179 | 2024-10-09 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to insufficient input validation, the C-MOR web interface is vulnerable to OS command injection attacks. It was... |
| CVE-2024-45746 | 2024-10-09 | An issue was discovered in Trusted Firmware-M through 2.1.0. User provided (and controlled) mailbox messages contain a pointer to a list of input arguments (in_vec) and output arguments (out_vec). These... |
| CVE-2024-46237 | 2024-10-09 | PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php. |
| CVE-2024-46292 | 2024-10-09 | A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the... |
| CVE-2024-46304 | 2024-10-09 | A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c. |
| CVE-2024-46307 | 2024-10-09 | A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the number of products. |
| CVE-2024-46316 | 2024-10-09 | DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2C920 function at /cgi-bin/mainfunction.cgi. This vulnerability allows attackers to execute arbitrary commands via supplying a crafted HTTP... |
| CVE-2024-47191 | 2024-10-09 | pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling... |
| CVE-2024-48941 | 2024-10-09 | The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket.... |
| CVE-2024-48942 | 2024-10-09 | The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and... |
| CVE-2023-45361 | 2024-10-09 | An issue was discovered in VectorComponentUserLinks.php in the Vector Skin component in MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-intro-page MalformedTitleException is uncaught if it is not a valid title,... |
| CVE-2023-46586 | 2024-10-09 | cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused. |
| CVE-2024-32608 | 2024-10-09 | HDF5 library through 1.14.3 has memory corruption in H5A__close resulting in the corruption of the instruction pointer and causing denial of service or potential code execution. |
| CVE-2024-35288 | 2024-10-09 | Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a... |
| CVE-2024-42988 | 2024-10-09 | Lack of access control in ChallengeSolves (/api/v1/challenges/<challenge id>/solves) of CTFd v2.0.0 - v3.7.2 allows authenticated users to retrieve a list of users who have solved the challenge, regardless of the... |
| CVE-2024-48933 | 2024-10-09 | A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been... |
| CVE-2024-7963 | 2024-10-09 | CMSMasters Content Composer <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-5968 | 2024-10-09 | Photo Gallery by 10Web <= 1.8.27 - Admin+ Stored XSS |
| CVE-2024-39436 | 2024-10-09 | In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. |
| CVE-2024-39437 | 2024-10-09 | In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. |
| CVE-2024-39438 | 2024-10-09 | In linkturbonative service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. |
| CVE-2024-39439 | 2024-10-09 | In DRM service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. |
| CVE-2024-39440 | 2024-10-09 | In DRM service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with System execution privileges needed. |
| CVE-2024-9449 | 2024-10-09 | Auto iFrame <= 1.7 - Authenticated (Author+) Stored Cross-Site Scripting via tag Parameter |
| CVE-2024-39586 | 2024-10-09 | Dell AppSync Server, version 4.3 through 4.6, contains an XML External Entity Injection vulnerability. An adjacent high privileged attacker could potentially exploit this vulnerability, leading to information disclosure. |
| CVE-2024-9451 | 2024-10-09 | Embed PDF Viewer <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via height and width Parameters |
| CVE-2024-20787 | 2024-10-09 | Substance3D - Painter | Out-of-bounds Read (CWE-125) |
| CVE-2024-45150 | 2024-10-09 | Dimension | Out-of-bounds Write (CWE-787) |
| CVE-2024-45146 | 2024-10-09 | Dimension | Use After Free (CWE-416) |
| CVE-2024-47412 | 2024-10-09 | Animate | Use After Free (CWE-416) |
| CVE-2024-47411 | 2024-10-09 | Animate | Access of Uninitialized Pointer (CWE-824) |
| CVE-2024-47418 | 2024-10-09 | Animate | Use After Free (CWE-416) |
| CVE-2024-47414 | 2024-10-09 | Animate | Use After Free (CWE-416) |
| CVE-2024-47420 | 2024-10-09 | Animate | Out-of-bounds Read (CWE-125) |
| CVE-2024-47413 | 2024-10-09 | Animate | Use After Free (CWE-416) |
| CVE-2024-47419 | 2024-10-09 | Animate | Out-of-bounds Read (CWE-125) |
| CVE-2024-47416 | 2024-10-09 | Animate | Integer Overflow or Wraparound (CWE-190) |