CVE List - 2024 / October
Showing 1401 - 1500 of 3570 CVEs for October 2024 (Page 15 of 36)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-9973 | 2024-10-15 | SourceCodester Online Eyewear Shop Report Viewing Page page sql injection |
| CVE-2024-9974 | 2024-10-15 | SourceCodester Online Eyewear Shop POST Request Master.php sql injection |
| CVE-2024-47945 | 2024-10-15 | Predictable Session ID |
| CVE-2024-45271 | 2024-10-15 | MB connect line/Helmholz: Remote code execution due to improper input validation |
| CVE-2024-45272 | 2024-10-15 | MB connect line/Helmholz: Generation of weak passwords vulnerability |
| CVE-2024-45273 | 2024-10-15 | MB connect line/Helmholz: Weak encryption of configuration file |
| CVE-2024-45274 | 2024-10-15 | MB connect line/Helmholz: Remote code execution via confnet service |
| CVE-2024-45275 | 2024-10-15 | MB connect line/Helmholz: Hardcoded user accounts with hard-coded passwords |
| CVE-2024-45276 | 2024-10-15 | MB connect line/Helmholz: tmp directory exposed via webservice |
| CVE-2024-49382 | 2024-10-15 | Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. |
| CVE-2024-49383 | 2024-10-15 | Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. |
| CVE-2024-49384 | 2024-10-15 | Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. |
| CVE-2024-49387 | 2024-10-15 | Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. |
| CVE-2024-49388 | 2024-10-15 | Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. |
| CVE-2024-47674 | 2024-10-15 | mm: avoid leaving partial pfn mappings around in error case |
| CVE-2024-9975 | 2024-10-15 | SourceCodester Drag and Drop Image Upload upload.php unrestricted upload |
| CVE-2024-9976 | 2024-10-15 | code-projects Pharmacy Management System manage_customer.php sql injection |
| CVE-2024-9977 | 2024-10-15 | MitraStar GPT-2541GNAC Firewall Settings Page settings-firewall.cgi os command injection |
| CVE-2024-9986 | 2024-10-15 | code-projects Blood Bank Management System member_register.php sql injection |
| CVE-2024-9979 | 2024-10-15 | Pyo3: risk of use-after-free in `borrowed` reads from python weak references |
| CVE-2024-47080 | 2024-10-15 | matrix-js-sdk keys sent via `sendSharedHistoryKeys` vulnerable to interception by malicious homeserver |
| CVE-2024-47771 | 2024-10-15 | Element Desktop vulnerable to potential exposure of access token via authenticated media |
| CVE-2024-9676 | 2024-10-15 | Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos) |
| CVE-2024-47779 | 2024-10-15 | Element Web vulnerable to potential exposure of access token via authenticated media |
| CVE-2024-9506 | 2024-10-15 | Regular Expression Denial of Service (ReDoS) |
| CVE-2024-47824 | 2024-10-15 | Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room |
| CVE-2024-47874 | 2024-10-15 | Starlette Denial of service (DoS) via multipart/form-data |
| CVE-2024-47876 | 2024-10-15 | Sakai: Kernel users created with type roleview can login as a normal user |
| CVE-2024-48913 | 2024-10-15 | Hono vulnerable to bypass of CSRF Middleware by a request without Content-Type header. |
| CVE-2024-48914 | 2024-10-15 | Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy |
| CVE-2024-48915 | 2024-10-15 | Agent Dart missing certificate verification checks |
| CVE-2024-5749 | 2024-10-15 | Certain HP DesignJet products – Credential reflection |
| CVE-2024-21172 | 2024-10-15 | Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.19, 5.6.25.8 and 5.6.26.4. Difficult to exploit vulnerability allows... |
| CVE-2024-21190 | 2024-10-15 | Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2024-21191 | 2024-10-15 | Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows... |
| CVE-2024-21192 | 2024-10-15 | Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high... |
| CVE-2024-21193 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable... |
| CVE-2024-21194 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability... |
| CVE-2024-21195 | 2024-10-15 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Layout Templates). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2024-21196 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily... |
| CVE-2024-21197 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily... |
| CVE-2024-21198 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable... |
| CVE-2024-21199 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability... |
| CVE-2024-21200 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network... |
| CVE-2024-21201 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable... |
| CVE-2024-21202 | 2024-10-15 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker... |
| CVE-2024-21203 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable... |
| CVE-2024-21204 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.4.0 and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker... |
| CVE-2024-21205 | 2024-10-15 | Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2024-21206 | 2024-10-15 | Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are ECC:11-13. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2024-21207 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.38 and prior, 8.4.1 and prior and 9.0.1 and prior. Easily exploitable vulnerability... |
| CVE-2024-21208 | 2024-10-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE:... |
| CVE-2024-21209 | 2024-10-15 | Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows... |
| CVE-2024-21210 | 2024-10-15 | Vulnerability in Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and 23. Difficult to exploit vulnerability allows unauthenticated attacker... |
| CVE-2024-21211 | 2024-10-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle Java SE:... |
| CVE-2024-21212 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Health Monitor). Supported versions that are affected are 8.0.39 and prior and 8.4.0. Difficult to exploit vulnerability allows high... |
| CVE-2024-21213 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability... |
| CVE-2024-21214 | 2024-10-15 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2024-21215 | 2024-10-15 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2024-21216 | 2024-10-15 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2024-21217 | 2024-10-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE:... |
| CVE-2024-21218 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability... |
| CVE-2024-21219 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable... |
| CVE-2024-21230 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable... |
| CVE-2024-21231 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Difficult to... |
| CVE-2024-21232 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability... |
| CVE-2024-21233 | 2024-10-15 | Vulnerability in the Oracle Database Core component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create... |
| CVE-2024-21234 | 2024-10-15 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2024-21235 | 2024-10-15 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE:... |
| CVE-2024-21236 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability... |
| CVE-2024-21237 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior.... |
| CVE-2024-21238 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.39 and prior, 8.4.1 and prior and 9.0.1 and prior. Difficult... |
| CVE-2024-21239 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability... |
| CVE-2024-21241 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable... |
| CVE-2024-21242 | 2024-10-15 | Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Easily exploitable vulnerability allows low privileged attacker having Create Session... |
| CVE-2024-21243 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows... |
| CVE-2024-21244 | 2024-10-15 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows... |
| CVE-2024-21246 | 2024-10-15 | Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with... |
| CVE-2024-21247 | 2024-10-15 | Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable... |
| CVE-2024-21248 | 2024-10-15 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows... |
| CVE-2024-21249 | 2024-10-15 | Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2024-21250 | 2024-10-15 | Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Manager Specification). Supported versions that are affected are 12.2.13-12.2.14. Easily exploitable vulnerability allows low privileged... |
| CVE-2024-21251 | 2024-10-15 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create... |
| CVE-2024-21252 | 2024-10-15 | Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2024-21253 | 2024-10-15 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22. Easily exploitable vulnerability allows high privileged attacker with logon... |
| CVE-2024-21254 | 2024-10-15 | Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 7.0.0.0.0, 7.6.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker... |
| CVE-2024-21255 | 2024-10-15 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2024-21257 | 2024-10-15 | Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.18.0.000. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2024-21258 | 2024-10-15 | Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access... |
| CVE-2024-21259 | 2024-10-15 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Difficult to exploit vulnerability allows... |
| CVE-2024-21260 | 2024-10-15 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network... |
| CVE-2024-21261 | 2024-10-15 | Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to... |
| CVE-2024-21262 | 2024-10-15 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via... |
| CVE-2024-21263 | 2024-10-15 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.22 and prior to 7.1.2. Easily exploitable vulnerability allows low... |
| CVE-2024-21264 | 2024-10-15 | Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low... |
| CVE-2024-21265 | 2024-10-15 | Vulnerability in the Oracle Site Hub product of Oracle E-Business Suite (component: Site Hierarchy Flows). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with... |
| CVE-2024-21266 | 2024-10-15 | Vulnerability in the Oracle Advanced Pricing product of Oracle E-Business Suite (component: Price List). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2024-21267 | 2024-10-15 | Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.12-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network... |
| CVE-2024-21268 | 2024-10-15 | Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access... |
| CVE-2024-21269 | 2024-10-15 | Vulnerability in the Oracle Incentive Compensation product of Oracle E-Business Suite (component: Compensation Plan). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network... |