Pagina 3 – Azienda Sicura

Lista CVE 2024/35xxx

CVE nel gruppo: 35xxx

CVE-2024-35133 (N/A)

CVE-2024-35134 (IBM Security Verify Access HTTP open redirect)

CVE-2024-35136 (IBM Analytics Content Hub information disclosure)

CVE-2024-35137 (IBM Db2 denial of service)

CVE-2024-35138 (IBM Security Access Manager Docker information disclosure)

CVE-2024-35139 (IBM Security Verify Access cross-site request forgery)

CVE-2024-35140 (IBM Security Access Manager Docker information disclosure)

CVE-2024-35141 (IBM Security Verify Access privilege escalation)

CVE-2024-35142 (IBM Security Verify Access privilege escalation)

CVE-2024-35143 (IBM Security Verify Access privilege escalation)

CVE-2024-35144 (IBM Planning Analytics Local missing authentication)

CVE-2024-35145 (IBM Maximo Application Suite information disclosure)

CVE-2024-35146 (IBM Maximo Application Suite cross-site scripting)

CVE-2024-35148 (IBM Maximo Application Suite cross-site scripting)

CVE-2024-35150 (IBM Maximo Application Suite SQL injection)

CVE-2024-35151 (IBM Maximo Application Suite log manipulation)

CVE-2024-35152 (IBM OpenPages information disclosure)

CVE-2024-35153 (IBM Db2 denial of service)

CVE-2024-35154 (IBM WebSphere Application Server cross-site scripting)

CVE-2024-35155 (IBM WebSphere Application Server code execution)

CVE-2024-35156 (IBM MQ information disclosure)

CVE-2024-35160 (IBM MQ information disclosure)

CVE-2024-35161 (IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure)

CVE-2024-35162 (Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling)

CVE-2024-35165 (N/A)

CVE-2024-35166 (WordPress Gutenify plugin <= 1.4.0 - Sensitive Data Exposure via API vulnerability)

CVE-2024-35167 (WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 5.6.3 - Sensitive Data Exposure vulnerability)

CVE-2024-35168 (WordPress Envo’s Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability)

CVE-2024-35169 (WordPress WP Discourse plugin <= 2.5.1 - Broken Access Control vulnerability)

CVE-2024-35170 (WordPress All Bootstrap Blocks plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability)

CVE-2024-35171 (WordPress Sticky banner plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability)

CVE-2024-35172 (WordPress Academy LMS plugin <= 1.9.25 - Sensitive Data Exposure vulnerability)

CVE-2024-35173 (WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Server Side Request Forgery (SSRF) vulnerability)

CVE-2024-35174 (N/A)

CVE-2024-35175 (WordPress Flo Forms plugin <= 1.0.42 - Broken Access Control vulnerability)

CVE-2024-35176 (sshpiper’s Enabling of Proxy Protocol without proper feature flagging allows faking source address)

CVE-2024-35177 (REXML contains a denial of service vulnerability)

CVE-2024-35178 (Improper Access Control in wazuh-agent)

CVE-2024-35179 (Jupyter server on Windows discloses Windows user password hash)

CVE-2024-35180 (Unprivileged Stalwart Mail Server user can read files as root)

CVE-2024-35181 (OMERO.web JSONP callback vulnerability)

CVE-2024-35182 (GHSL-2024-013 Meshery SQL Injection vulnerability)

CVE-2024-35183 (GHSL-2024-014 Meshery SQL Injection vulnerability)

CVE-2024-35184 (wolfictl leaks GitHub tokens to remote non-GitHub git servers)

CVE-2024-35185 (paperless-ngx’s remote user auth via header works even when disabling it for API)

CVE-2024-35186 (Denial of service of Minder Server with attacker-controlled REST endpoint)

CVE-2024-35187 (gix traversal outside working tree enables arbitrary code execution)

CVE-2024-35189 (Stalwart Mail Server has privilege escalation by design)

CVE-2024-35190 (Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints in Fides)

CVE-2024-35191 (Asterisk’ res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests)

CVE-2024-35192 (verbb/formie Server-Side Template Injection for variable-enabled settings)

CVE-2024-35194 (Trivy possibly leaks registry credential when scanning images from malicious registries)

CVE-2024-35195 (Stacklok Minder vulnerable to denial of service from maliciously crafted templates)

CVE-2024-35196 (Requests `Session` object does not verify requests after making first request with verify=False)

CVE-2024-35197 (Slack integration leaks sensitive information in logs in Sentry)

CVE-2024-35198 (gix refs and paths with reserved Windows device names access the devices)

CVE-2024-35199 (TorchServe bypass allowed_urls configuration)

CVE-2024-35200 (TorchServe gRPC Port Exposure)

CVE-2024-35201 (NGINX HTTP/3 QUIC vulnerability)

CVE-2024-35202 (N/A)

Precedente Successivo