Lista CVE 2024/28xxx

CVE nel gruppo: 28xxx

CVE-2024-28049 (N/A)

CVE-2024-28050 (N/A)

CVE-2024-28051 (N/A)

CVE-2024-28052 (N/A)

CVE-2024-28053 (N/A)

CVE-2024-28054 (Resource Exhaustion via the Invitation Feature)

CVE-2024-28056 (N/A)

CVE-2024-28058 (N/A)

CVE-2024-28060 (N/A)

CVE-2024-28061 (N/A)

CVE-2024-28063 (N/A)

CVE-2024-28064 (N/A)

CVE-2024-28065 (N/A)

CVE-2024-28066 (N/A)

CVE-2024-28067 (N/A)

CVE-2024-28068 (N/A)

CVE-2024-28069 (N/A)

CVE-2024-28070 (N/A)

CVE-2024-28072 (N/A)

CVE-2024-28073 (Arbitrary File Overwrite Vulnerability)

CVE-2024-28074 (SolarWinds Serv-U Directory Traversal Remote Code Execution Vulnerability )

CVE-2024-28075 (SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability )

CVE-2024-28076 (SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution)

CVE-2024-28077 (SolarWinds Platform Arbitrary Open Redirection Vulnerability)

CVE-2024-28084 (N/A)

CVE-2024-28085 (N/A)

CVE-2024-28087 (N/A)

CVE-2024-28088 (N/A)

CVE-2024-28089 (N/A)

CVE-2024-28090 (N/A)

CVE-2024-28091 (N/A)

CVE-2024-28092 (N/A)

CVE-2024-28093 (N/A)

CVE-2024-28094 (N/A)

CVE-2024-28095 (Blind SQL Injection in Chat functionality in Schoolbox)

CVE-2024-28096 (Stored Cross-site Scripting in News functionality in Schoolbox)

CVE-2024-28097 (Stored Cross-site Scripting in Class functionality in Schoolbox)

CVE-2024-28098 (Stored Cross-site Scripting in Calendar functionality in Schoolbox)

CVE-2024-28099 (Apache Pulsar: Improper Authorization For Topic-Level Policy Management)

CVE-2024-28100 (N/A)

CVE-2024-28101 (Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw)

CVE-2024-28102 (Apollo Router’s Compressed Payloads do not respect HTTP Payload Limits)

CVE-2024-28103 (JWCrypto vulnerable to JWT bomb Attack in `deserialize` function)

CVE-2024-28105 (Action Pack is missing security headers on non-HTML responses)

CVE-2024-28106 (phpMyFAQ’s File Upload Bypass at Category Image Leads to RCE)

CVE-2024-28107 (phpMyFAQ Stored XSS at FAQ News Content)

CVE-2024-28108 (phpMyFAQ SQL injections at insertentry & saveentry)

CVE-2024-28109 (phpMyFAQ Stored HTML Injection at contentLink)

CVE-2024-28110 (Potential XSLT injection vulnerability when using policy files)

CVE-2024-28111 (Go SDK for CloudEvents’s use of WithRoundTripper to create a Client leaks credentials)

CVE-2024-28112 (CSV Injection in exported history CSV files)

CVE-2024-28113 (Cross site scripting on router page in Peering Manager)

CVE-2024-28114 (Open redirection using the return_url parameter in Peering Manager)

CVE-2024-28115 (Remote Code Execution using Server Side Template Injection in Peering Manager)

CVE-2024-28116 (Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled)

CVE-2024-28117 (Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass)

CVE-2024-28118 (Grav vulnerable to Server Side Template Injection (SSTI))

CVE-2024-28119 (Grav vulnerable to Server Side Template Injection (SSTI))

CVE-2024-28120 (Grav vulnerable to Server Side Template Injection (SSTI) via Twig escape handler)

CVE-2024-28121 (API key leak in codeium-chrome)