Lista CVE 2024/28xxx

CVE nel gruppo: 28xxx

CVE-2024-28074 (Clicca per dettagli)

CVE-2024-28075 (SolarWinds Access Rights Manager (ARM) Internal Deserialization Remote Code Execution Vulnerability )

CVE-2024-28076 (SolarWinds ARM Deserialization of Untrusted Data Remote Code Execution)

CVE-2024-28077 (SolarWinds Platform Arbitrary Open Redirection Vulnerability)

CVE-2024-28084 (Clicca per dettagli)

CVE-2024-28085 (Clicca per dettagli)

CVE-2024-28087 (Clicca per dettagli)

CVE-2024-28088 (Clicca per dettagli)

CVE-2024-28089 (Clicca per dettagli)

CVE-2024-28090 (Clicca per dettagli)

CVE-2024-28091 (Clicca per dettagli)

CVE-2024-28092 (Clicca per dettagli)

CVE-2024-28093 (Clicca per dettagli)

CVE-2024-28094 (Clicca per dettagli)

CVE-2024-28095 (Blind SQL Injection in Chat functionality in Schoolbox)

CVE-2024-28096 (Stored Cross-site Scripting in News functionality in Schoolbox)

CVE-2024-28097 (Stored Cross-site Scripting in Class functionality in Schoolbox)

CVE-2024-28098 (Stored Cross-site Scripting in Calendar functionality in Schoolbox)

CVE-2024-28099 (Apache Pulsar: Improper Authorization For Topic-Level Policy Management)

CVE-2024-28100 (Clicca per dettagli)

CVE-2024-28101 (Stored Cross-site Scripting leading to arbitrary actions taken on behalf of users in elabftw)

CVE-2024-28102 (Apollo Router’s Compressed Payloads do not respect HTTP Payload Limits)

CVE-2024-28103 (JWCrypto vulnerable to JWT bomb Attack in `deserialize` function)

CVE-2024-28105 (Action Pack is missing security headers on non-HTML responses)

CVE-2024-28106 (phpMyFAQ’s File Upload Bypass at Category Image Leads to RCE)

CVE-2024-28107 (phpMyFAQ Stored XSS at FAQ News Content)

CVE-2024-28108 (phpMyFAQ SQL injections at insertentry & saveentry)

CVE-2024-28109 (phpMyFAQ Stored HTML Injection at contentLink)

CVE-2024-28110 (Potential XSLT injection vulnerability when using policy files)

CVE-2024-28111 (Go SDK for CloudEvents’s use of WithRoundTripper to create a Client leaks credentials)

CVE-2024-28112 (CSV Injection in exported history CSV files)

CVE-2024-28113 (Cross site scripting on router page in Peering Manager)

CVE-2024-28114 (Open redirection using the return_url parameter in Peering Manager)

CVE-2024-28115 (Remote Code Execution using Server Side Template Injection in Peering Manager)

CVE-2024-28116 (Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled)

CVE-2024-28117 (Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass)

CVE-2024-28118 (Grav vulnerable to Server Side Template Injection (SSTI))

CVE-2024-28119 (Grav vulnerable to Server Side Template Injection (SSTI))

CVE-2024-28120 (Grav vulnerable to Server Side Template Injection (SSTI) via Twig escape handler)

CVE-2024-28121 (API key leak in codeium-chrome)

CVE-2024-28122 (Reflex arbitrary method call in stimulus_reflex)

CVE-2024-28123 ( JWX vulnerable to a denial of service attack using compressed JWE message)

CVE-2024-28125 (Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters)

CVE-2024-28126 (Clicca per dettagli)

CVE-2024-28127 (Clicca per dettagli)

CVE-2024-28128 (Clicca per dettagli)

CVE-2024-28130 (Clicca per dettagli)

CVE-2024-28131 (Clicca per dettagli)

CVE-2024-28132 (Clicca per dettagli)

CVE-2024-28133 (BIG-IP NEXT CNF vulnerability )

CVE-2024-28134 (PHOENIX CONTACT: Privilege escalation in CHARX Series )

CVE-2024-28135 (PHOENIX CONTACT: MitM attack gains privileges of the current logged in user in CHARX Series )

CVE-2024-28136 (PHOENIX CONTACT: command injection vulnerability in the API of the CHARX Series)

CVE-2024-28137 (PHOENIX CONTACT: command injection gains root privileges using the OCPP remote service)

CVE-2024-28138 (PHOENIX CONTACT: privilege escalation due to a TOCTOU vulnerability in the CHARX Series )

CVE-2024-28139 (OS Command Injection)

CVE-2024-28140 (Privilege escalation through sudo misconfiguration)

CVE-2024-28141 (Violation of Least Privilege Principle)

CVE-2024-28142 (Cross-Site Request-Forgery)

CVE-2024-28143 (Stored cross site scripting)

CVE-2024-28144 (Insecure Password Change Function)

CVE-2024-28145 (Broken Access Control)

CVE-2024-28146 (Unauthenticated SQL Injection)

CVE-2024-28147 (Hardcoded credentials)

CVE-2024-28148 (Unrestricted Upload of Files in edu-sharing)

CVE-2024-28149 (Apache Superset: Incorrect datasource authorization on explore REST API )

CVE-2024-28150 (Clicca per dettagli)

CVE-2024-28151 (Clicca per dettagli)

CVE-2024-28152 (Clicca per dettagli)

CVE-2024-28153 (Clicca per dettagli)

CVE-2024-28154 (Clicca per dettagli)

CVE-2024-28155 (Clicca per dettagli)

CVE-2024-28156 (Clicca per dettagli)

CVE-2024-28157 (Clicca per dettagli)

CVE-2024-28158 (Clicca per dettagli)

CVE-2024-28159 (Clicca per dettagli)

CVE-2024-28160 (Clicca per dettagli)

CVE-2024-28161 (Clicca per dettagli)

CVE-2024-28162 (Clicca per dettagli)

CVE-2024-28163 (Clicca per dettagli)