Lista CVE 2024/25xxx

CVE nel gruppo: 25xxx

CVE-2024-25097 (Clicca per dettagli)

CVE-2024-25098 (WordPress TNC PDF viewer Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS))

CVE-2024-25099 (WordPress PB oEmbed HTML5 Audio Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS))

CVE-2024-25100 (WordPress Paytium: Mollie payment forms & donations Plugin <= 4.4.2 is vulnerable to Cross Site Scripting (XSS))

CVE-2024-25101 (WordPress Coupon Referral Program Plugin <= 1.7.2 is vulnerable to PHP Object Injection)

CVE-2024-25102 (WordPress Maspik – Spam blacklist Plugin <= 0.10.6 is vulnerable to Cross Site Scripting (XSS))

CVE-2024-25103 (Information Disclosure Vulnerability in CDAC AppSamvid Software)

CVE-2024-25106 (Dynamic Link Library (DLL) Hijacking Vulnerability in CDAC AppSamvid Software)

CVE-2024-25107 (OpenObserve Unauthorized Access Vulnerability in Users API)

CVE-2024-25108 (Cross-Site Scripting in WikiDiscover)

CVE-2024-25109 (Insufficient authorization allowing elevated access to resources in pixelfed)

CVE-2024-25110 (Cross-Site Scripting in the extensions, settings, permissions and namespaces subpages of ManageWiki)

CVE-2024-25111 (Azure IoT Platform Device SDK Remote Code Execution Vulnerability)

CVE-2024-25112 (SQUID-2024:1 Denial of Service in HTTP Chunked Decoding)

CVE-2024-25113 (Denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder in Exiv2)

CVE-2024-25114 (Clicca per dettagli)

CVE-2024-25115 (Sensitive Information Disclosure (JailID) to users in Collabora Online)

CVE-2024-25116 (RedisBloom heap buffer overflow in CF.LOADCHUNK command)

CVE-2024-25117 (Specially crafted CF.RESERVE command can lead to denial-of-service)

CVE-2024-25118 (php-svg-lib lacks path validation on font through SVG inline styles )

CVE-2024-25119 (Information Disclosure of Hashed Passwords in TYPO3 Backend Forms)

CVE-2024-25120 (Information Disclosure of Encryption Key in TYPO3 Install Tool)

CVE-2024-25121 (Improper Access Control of Resources Referenced by t3:// URI Scheme in TYPO3)

CVE-2024-25122 (Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3)

CVE-2024-25123 ( Cross-site Scripting sidekiq-unique-jobs UI server vulnerability)

CVE-2024-25124 (Path Manipulation in file mslib/index.py in MSS)

CVE-2024-25125 (Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials)

CVE-2024-25126 (Absolute path traversal vulnerability in digdag server)

CVE-2024-25128 (Rack ReDos in content type parsing (2nd degree polynomial))

CVE-2024-25129 (Flask-AppBuilder incorrect authentication when using auth type OpenID )

CVE-2024-25130 (Limited data exfiltration in CodeQL CLI)

CVE-2024-25131 (Tuleap’s mass update clears the permissions on artifact field)

CVE-2024-25132 (Openshift-dedicated: must-gather-operator: yaml template injection leads to privilege escalation)

CVE-2024-25133 (Openshift-dedicated: hive: hibernation controller denial of service)

CVE-2024-25136 (Openshift-dedicated: hive: rce through aws/kubernetes client configuration leads to privilege escalation)

CVE-2024-25137 (AutomationDirect C-MORE EA9 HMI Path Traversal)

CVE-2024-25138 (AutomationDirect C-MORE EA9 HMI Stack-based Buffer Overflow)

CVE-2024-25139 (AutomationDirect C-MORE EA9 HMI Plaintext Storage of a Password)

CVE-2024-25140 (Clicca per dettagli)

CVE-2024-25141 (Clicca per dettagli)

CVE-2024-25142 (Apache Airflow Mongo Provider: Certificate validation isn’t respected even if SSL is enabled for apache-airflow-providers-mongo)

CVE-2024-25143 (Apache Airflow: Cache Control – Storage of Sensitive Data in Browser Cache )

CVE-2024-25144 (Clicca per dettagli)

CVE-2024-25145 (Clicca per dettagli)

CVE-2024-25146 (Clicca per dettagli)

CVE-2024-25147 (Clicca per dettagli)

CVE-2024-25148 (Clicca per dettagli)

CVE-2024-25149 (Clicca per dettagli)

CVE-2024-25150 (Clicca per dettagli)

CVE-2024-25151 (Clicca per dettagli)

CVE-2024-25152 (Clicca per dettagli)

CVE-2024-25153 (Clicca per dettagli)

CVE-2024-25154 (Remote Code Execution in FileCatalyst Workflow 5.x prior to 5.1.6 Build 114)

CVE-2024-25155 (Path Traversal in FileCatalyst Direct 3.8.8 and Earlier)

CVE-2024-25156 (Reflected Cross-Site Scripting (XSS) in FileCatalyst Direct 3.8.8 and earlier)

CVE-2024-25157 (Path traversal in GoAnywhere MFT 7.4.1 and Earlier)

CVE-2024-25164 (Authentication bypass in GoAnywhere MFT prior to 7.6.0)

CVE-2024-25165 (Clicca per dettagli)

CVE-2024-25166 (Clicca per dettagli)

CVE-2024-25167 (Clicca per dettagli)

CVE-2024-25168 (Clicca per dettagli)

CVE-2024-25169 (Clicca per dettagli)

CVE-2024-25170 (Clicca per dettagli)

CVE-2024-25175 (Clicca per dettagli)

CVE-2024-25180 (Clicca per dettagli)

CVE-2024-25187 (Clicca per dettagli)

CVE-2024-25189 (Clicca per dettagli)

CVE-2024-25190 (Clicca per dettagli)

CVE-2024-25191 (Clicca per dettagli)

CVE-2024-25196 (Clicca per dettagli)

CVE-2024-25197 (Clicca per dettagli)

CVE-2024-25198 (Clicca per dettagli)

CVE-2024-25199 (Clicca per dettagli)

CVE-2024-25200 (Clicca per dettagli)

CVE-2024-25201 (Clicca per dettagli)

CVE-2024-25202 (Clicca per dettagli)

CVE-2024-25207 (Clicca per dettagli)

CVE-2024-25208 (Clicca per dettagli)

CVE-2024-25209 (Clicca per dettagli)

CVE-2024-25210 (Clicca per dettagli)