Lista CVE 2024/25xxx

CVE nel gruppo: 25xxx

CVE-2024-25075 (N/A)

CVE-2024-25076 (N/A)

CVE-2024-25077 (N/A)

CVE-2024-25078 (N/A)

CVE-2024-25079 (N/A)

CVE-2024-25080 (N/A)

CVE-2024-25081 (N/A)

CVE-2024-25082 (N/A)

CVE-2024-25083 (N/A)

CVE-2024-25086 (N/A)

CVE-2024-25087 (N/A)

CVE-2024-25088 (N/A)

CVE-2024-25089 (N/A)

CVE-2024-25090 (N/A)

CVE-2024-25091 (Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode)

CVE-2024-25092 (N/A)

CVE-2024-25093 (WordPress NextMove Lite plugin <= 2.17.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerability)

CVE-2024-25094 (WordPress GD Rating System Plugin <= 3.5 is vulnerable to Cross Site Scripting (XSS))

CVE-2024-25095 (WordPress PJ News Ticker Plugin <= 1.9.5 is vulnerable to Cross Site Scripting (XSS))

CVE-2024-25096 (WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Sensitive Data Exposure via Log File vulnerability)

CVE-2024-25097 (WordPress canto plugin <= 3.0.7 - Unauth. Remote Code Execution (RCE) vulnerability)

CVE-2024-25098 (WordPress TNC PDF viewer Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS))

CVE-2024-25099 (WordPress PB oEmbed HTML5 Audio Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS))

CVE-2024-25100 (WordPress Paytium: Mollie payment forms & donations Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS))

CVE-2024-25101 (WordPress Coupon Referral Program Plugin <= 1.7.2 is vulnerable to PHP Object Injection)

CVE-2024-25102 (WordPress Maspik – Spam blacklist Plugin <= 0.10.6 is vulnerable to Cross Site Scripting (XSS))

CVE-2024-25103 (Information Disclosure Vulnerability in CDAC AppSamvid Software)

CVE-2024-25106 (Dynamic Link Library (DLL) Hijacking Vulnerability in CDAC AppSamvid Software)

CVE-2024-25107 (OpenObserve Unauthorized Access Vulnerability in Users API)

CVE-2024-25108 (Cross-Site Scripting in WikiDiscover)

CVE-2024-25109 (Insufficient authorization allowing elevated access to resources in pixelfed)

CVE-2024-25110 (Cross-Site Scripting in the extensions, settings, permissions and namespaces subpages of ManageWiki)

CVE-2024-25111 (Azure IoT Platform Device SDK Remote Code Execution Vulnerability)

CVE-2024-25112 (SQUID-2024:1 Denial of Service in HTTP Chunked Decoding)

CVE-2024-25113 (Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2)

CVE-2024-25114 (N/A)

CVE-2024-25115 (Sensitive Information Disclosure (JailID) to users in Collabora Online)

CVE-2024-25116 (RedisBloom heap buffer overflow in CF.LOADCHUNK command)

CVE-2024-25117 (Specially crafted CF.RESERVE command can lead to denial-of-service)

CVE-2024-25118 (php-svg-lib lacks path validation on font through SVG inline styles )

CVE-2024-25119 (Information Disclosure of Hashed Passwords in TYPO3 Backend Forms)

CVE-2024-25120 (Information Disclosure of Encryption Key in TYPO3 Install Tool)

CVE-2024-25121 (Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3)

CVE-2024-25122 (Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3)

CVE-2024-25123 ( Cross-site Scripting sidekiq-unique-jobs UI server vulnerability)

CVE-2024-25124 (Path Manipulation in file mslib/index.py in MSS)

CVE-2024-25125 (Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials)

CVE-2024-25126 (Absolute path traversal vulnerability in digdag server)

CVE-2024-25128 (Rack ReDos in content type parsing (2nd degree polynomial))

CVE-2024-25129 (Flask-AppBuilder incorrect authentication when using auth type OpenID )

CVE-2024-25130 (Limited data exfiltration in CodeQL CLI)

CVE-2024-25131 (Tuleap’s mass update clears the permissions on artifact field)

CVE-2024-25132 (Openshift-dedicated: must-gather-operator: yaml template injection leads to privilege escalation)

CVE-2024-25133 (Openshift-dedicated: hive: hibernation controller denial of service)

CVE-2024-25136 (Openshift-dedicated: hive: rce through aws/kubernetes client configuration leads to privilege escalation)

CVE-2024-25137 (AutomationDirect C-MORE EA9 HMI Path Traversal)

CVE-2024-25138 (AutomationDirect C-MORE EA9 HMI Stack-based Buffer Overflow)

CVE-2024-25139 (AutomationDirect C-MORE EA9 HMI Plaintext Storage of a Password)

CVE-2024-25140 (N/A)

CVE-2024-25141 (N/A)