CVE List - 2024 / October
Showing 1201 - 1300 of 3571 CVEs for October 2024 (Page 13 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-39547 | 2024-10-11 | Junos OS and Junos OS Evolved: cRPD: Receipt of crafted TCP traffic can trigger high CPU utilization |
| CVE-2024-39563 | 2024-10-11 | Junos Space: Remote Command Execution (RCE) vulnerability in web application |
| CVE-2024-47489 | 2024-10-11 | Junos OS Evolved: ACX Series: Receipt of specific transit protocol packets is incorrectly processed by the RE |
| CVE-2024-47490 | 2024-10-11 | Junos OS Evolved: ACX 7000 Series: Receipt of specific transit MPLS packets causes resources to be exhausted |
| CVE-2024-47491 | 2024-10-11 | Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP path attribute leads to an RPD crash |
| CVE-2024-47493 | 2024-10-11 | Junos OS: MX Series: Trio-based FPCs: Continuous physical Interface flaps causes local FPC to crash |
| CVE-2024-47494 | 2024-10-11 | Junos OS: Due to a race condition AgentD process causes a memory corruption and FPC reset |
| CVE-2024-47495 | 2024-10-11 | Junos OS Evolved: In a dual-RE scenario a locally authenticated attacker with shell privileges can take over the device. |
| CVE-2024-47496 | 2024-10-11 | Junos OS: MX Series: The PFE will crash on running specific command |
| CVE-2024-47497 | 2024-10-11 | Junos OS: SRX Series, QFX Series, MX Series and EX Series: Receiving specific HTTPS traffic causes resource exhaustion |
| CVE-2024-47498 | 2024-10-11 | Junos OS Evolved: QFX5000 Series: Configured MAC learning and move limits are not in effect |
| CVE-2024-47499 | 2024-10-11 | Junos OS and Junos OS Evolved: In a BMP scenario receipt of a malformed AS PATH attribute can cause an RPD crash |
| CVE-2024-47501 | 2024-10-11 | Junos OS: MX304, MX with MPC10/11/LC9600, and EX9200 with EX9200-15C: In a VPLS or Junos Fusion scenario specific show commands cause FPCs to crash |
| CVE-2024-47502 | 2024-10-11 | Junos OS Evolved: TCP session state is not always cleared on the Routing Engine leading to DoS |
| CVE-2024-47503 | 2024-10-11 | Junos OS: SRX4600 and SRX5000 Series: Sequence of specific PIM packets causes a flowd crash |
| CVE-2024-47504 | 2024-10-11 | Junos OS: SRX5000 Series: Receipt of a specific malformed packet will cause a flowd crash |
| CVE-2024-47505 | 2024-10-11 | Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #1 |
| CVE-2024-47508 | 2024-10-11 | Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #2 |
| CVE-2024-47509 | 2024-10-11 | Junos OS Evolved: Specific low privileged CLI commands and SNMP GET requests can trigger a resource leak #3 |
| CVE-2024-47506 | 2024-10-11 | Junos OS: SRX Series: A large amount of traffic being processed by ATP Cloud can lead to a PFE crash |
| CVE-2024-6985 | 2024-10-11 | Path Traversal in api open_personality_folder in parisneo/lollms-webui |
| CVE-2024-47507 | 2024-10-11 | Junos OS and Junos OS Evolved: BGP update message containing aggregator attribute with an ASN value of zero (0) is accepted |
| CVE-2024-9859 | 2024-10-11 | Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126... |
| CVE-2024-47877 | 2024-10-11 | Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory. |
| CVE-2024-44157 | 2024-10-11 | A stack buffer overflow was addressed through improved input validation.... |
| CVE-2024-9539 | 2024-10-11 | An information disclosure vulnerability was identified in GitHub Enterprise Server... |
| CVE-2024-47353 | 2024-10-11 | WordPress ElementsReady Addons for Elementor plugin <= 6.4.2 - Open Redirection vulnerability |
| CVE-2024-48020 | 2024-10-11 | WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.21 - SQL Injection vulnerability |
| CVE-2024-47331 | 2024-10-11 | WordPress Multi Step for Contact Form plugin <= 2.7.7 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-48033 | 2024-10-11 | WordPress Talkback plugin <= 1.0 - PHP Object Injection vulnerability |
| CVE-2024-8912 | 2024-10-11 | HTTP Request Smuggling in Looker |
| CVE-2024-48040 | 2024-10-11 | WordPress Tainacan plugin <= 0.21.8 - SQL Injection vulnerability |
| CVE-2024-48041 | 2024-10-11 | WordPress CM Tooltip Glossary plugin <= 4.3.9 - Stored Cross-Site Scripting vulnerability |
| CVE-2024-47884 | 2024-10-11 | Insecure Temporary File in `foxmarks` |
| CVE-2024-38365 | 2024-10-11 | btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality |
| CVE-2024-49193 | 2024-10-12 | Zendesk before 2024-07-02 allows remote attackers to read ticket history... |
| CVE-2024-9592 | 2024-10-12 | Easy PayPal Gift Certificate <= 1.2.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wpppgc_plugin_options |
| CVE-2024-9860 | 2024-10-12 | Bridge Core <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Demo Import |
| CVE-2024-9821 | 2024-10-12 | Bot for Telegram on WooCommerce <= 1.2.4 - Authenticated (Subscriber+) Telegram Bot Token Disclosure to Authentication Bypass |
| CVE-2024-9778 | 2024-10-12 | ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update |
| CVE-2024-9824 | 2024-10-12 | ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update |
| CVE-2024-9187 | 2024-10-12 | Read more By Adam <= 1.1.8 - Missing Authorization to Authenticated (Subscriber+) Read More Button Deletion |
| CVE-2024-7489 | 2024-10-12 | Forms for Mailchimp by Optin Cat <= 2.5.6 - Authenticated (Editor+) Stored Cross-Site Scripting via Form Color Parameters |
| CVE-2024-9776 | 2024-10-12 | ImagePress - Image Gallery <= 1.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings |
| CVE-2024-9656 | 2024-10-12 | Mynx Page Builder <= 0.27.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-9670 | 2024-10-12 | 2D Tag Cloud <= 6.0.2 - Reflected Cross-Site Scripting via add_query_arg Parameter |
| CVE-2024-9756 | 2024-10-12 | Order Attachments for WooCommerce 2.0 - 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary File Upload |
| CVE-2024-9047 | 2024-10-12 | WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php |
| CVE-2024-9704 | 2024-10-12 | Social Sharing (by Danny) <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-8915 | 2024-10-12 | Category Icon <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-8760 | 2024-10-12 | Stackable – Page Builder Gutenberg Blocks <= 3.13.6 - Unauthenticated CSS Injection |
| CVE-2024-9696 | 2024-10-12 | Rescue Shortcodes <= 2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-9595 | 2024-10-12 | TablePress <= 2.4.2 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2024-8902 | 2024-10-12 | Elementor Addon Elements <= 1.13.8 - Authenticated (Contributor+) Sensitive Information Exposure via table_saved_sections |
| CVE-2024-8757 | 2024-10-12 | Boost Your Blog's Engagement with WP Post Author <= 3.8.1 - Authenticated (Administrator+) SQL Injection |
| CVE-2024-9894 | 2024-10-12 | code-projects Blood Bank System reset.php sql injection |
| CVE-2024-9903 | 2024-10-12 | 07FLYCMS/07FLY-CMS/07FlyCRM fileUpload unrestricted upload |
| CVE-2024-9904 | 2024-10-13 | 07FLYCMS/07FLY-CMS/07FlyCRM pictureUpload unrestricted upload |
| CVE-2024-9905 | 2024-10-13 | SourceCodester Online Eyewear Shop sql injection |
| CVE-2024-9906 | 2024-10-13 | SourceCodester Online Eyewear Shop cross site scripting |
| CVE-2024-9907 | 2024-10-13 | QileCMS Verification Code Forget.php sendEmail password recovery |
| CVE-2024-9908 | 2024-10-13 | D-Link DIR-619L B1 formSetMACFilter buffer overflow |
| CVE-2024-6959 | 2024-10-13 | Denial of Service (DOS) in multipart boundary while uploading file in parisneo/lollms-webui |
| CVE-2024-9909 | 2024-10-13 | D-Link DIR-619L B1 formSetMuti buffer overflow |
| CVE-2024-9910 | 2024-10-13 | D-Link DIR-619L B1 formSetPassword buffer overflow |
| CVE-2024-9911 | 2024-10-13 | D-Link DIR-619L B1 formSetPortTr buffer overflow |
| CVE-2024-9912 | 2024-10-13 | D-Link DIR-619L B1 formSetQoS buffer overflow |
| CVE-2024-9913 | 2024-10-13 | D-Link DIR-619L B1 formSetRoute buffer overflow |
| CVE-2024-9914 | 2024-10-13 | D-Link DIR-619L B1 formSetWizardSelectMode buffer overflow |
| CVE-2024-9915 | 2024-10-13 | D-Link DIR-619L B1 formVirtualServ buffer overflow |
| CVE-2024-9916 | 2024-10-13 | HuangDou UTCMS cli.php os command injection |
| CVE-2024-9917 | 2024-10-13 | HuangDou UTCMS template_creat.php deserialization |
| CVE-2024-8070 | 2024-10-13 | CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes... |
| CVE-2024-9918 | 2024-10-13 | HuangDou UTCMS sql.php RunSql sql injection |
| CVE-2024-7099 | 2024-10-13 | SQL Injection in netease-youdao/qanything |
| CVE-2024-35520 | 2024-10-14 | Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi... |
| CVE-2024-41997 | 2024-10-14 | An issue was discovered in version of Warp Terminal prior... |
| CVE-2024-46528 | 2024-10-14 | An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x... |
| CVE-2024-48119 | 2024-10-14 | Vtiger CRM v8.2.0 has a HTML Injection vulnerability in the... |
| CVE-2024-48120 | 2024-10-14 | X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting (XSS)... |
| CVE-2024-48150 | 2024-10-14 | D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the... |
| CVE-2024-48153 | 2024-10-14 | DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into... |
| CVE-2024-48168 | 2024-10-14 | A stack overflow vulnerability exists in the sub_402280 function of... |
| CVE-2024-48249 | 2024-10-14 | Wavelog 1.8.5 allows Gridmap_model.php get_band_confirmed SQL injection via band, sat,... |
| CVE-2024-48251 | 2024-10-14 | Wavelog 1.8.5 allows Activated_gridmap_model.php get_band_confirmed SQL injection via band, sat,... |
| CVE-2024-48253 | 2024-10-14 | Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection. |
| CVE-2024-48255 | 2024-10-14 | Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection. |
| CVE-2024-48257 | 2024-10-14 | Wavelog 1.8.5 allows Oqrs_model.php get_worked_modes station_id SQL injectioin. |
| CVE-2024-48259 | 2024-10-14 | Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or... |
| CVE-2024-48790 | 2024-10-14 | An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker... |
| CVE-2024-48792 | 2024-10-14 | An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker... |
| CVE-2024-48793 | 2024-10-14 | An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker... |
| CVE-2024-48795 | 2024-10-14 | An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows... |
| CVE-2024-49214 | 2024-10-14 | QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and... |
| CVE-2023-48082 | 2024-10-14 | Nagios XI before 2024R1 was discovered to improperly handle API... |
| CVE-2024-35518 | 2024-10-14 | Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi... |
| CVE-2024-35519 | 2024-10-14 | Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96... |
| CVE-2024-46535 | 2024-10-14 | Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-48789 | 2024-10-14 | An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker... |
| CVE-2024-48791 | 2024-10-14 | An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows... |