Lista CVE 2024/35xxx
CVE nel gruppo: 35xxx
CVE-2024-35156 (Clicca per dettagli)
CVE-2024-35160 (IBM MQ information disclosure)
CVE-2024-35161 (IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure)
CVE-2024-35162 (Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling)
CVE-2024-35165 (Clicca per dettagli)
CVE-2024-35166 (WordPress Gutenify plugin <= 1.4.0 - Sensitive Data Exposure via API vulnerability)
CVE-2024-35167 (WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 5.6.3 - Sensitive Data Exposure vulnerability)
CVE-2024-35168 (WordPress Envo’s Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability)
CVE-2024-35169 (WordPress WP Discourse plugin <= 2.5.1 - Broken Access Control vulnerability)
CVE-2024-35170 (WordPress All Bootstrap Blocks plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability)
CVE-2024-35171 (WordPress Sticky banner plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability)
CVE-2024-35172 (WordPress Academy LMS plugin <= 1.9.25 - Sensitive Data Exposure vulnerability)
CVE-2024-35173 (WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Server Side Request Forgery (SSRF) vulnerability)
CVE-2024-35174 (Clicca per dettagli)
CVE-2024-35175 (WordPress Flo Forms plugin <= 1.0.42 - Broken Access Control vulnerability)
CVE-2024-35176 (sshpiper’s Enabling of Proxy Protocol without proper feature flagging allows faking source address)
CVE-2024-35177 (REXML contains a denial of service vulnerability)
CVE-2024-35178 (Improper Access Control in wazuh-agent)
CVE-2024-35179 (Jupyter server on Windows discloses Windows user password hash)
CVE-2024-35180 (Unprivileged Stalwart Mail Server user can read files as root)
CVE-2024-35181 (OMERO.web JSONP callback vulnerability)
CVE-2024-35182 (GHSL-2024-013 Meshery SQL Injection vulnerability)
CVE-2024-35183 (GHSL-2024-014 Meshery SQL Injection vulnerability)
CVE-2024-35184 (wolfictl leaks GitHub tokens to remote non-GitHub git servers)
CVE-2024-35185 (paperless-ngx’s remote user auth via header works even when disabling it for API)
CVE-2024-35186 (Denial of service of Minder Server with attacker-controlled REST endpoint)
CVE-2024-35187 (gix traversal outside working tree enables arbitrary code execution)
CVE-2024-35189 (Stalwart Mail Server has privilege escalation by design)
CVE-2024-35190 (Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints in Fides)
CVE-2024-35191 (Asterisk’ res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests)
CVE-2024-35192 (verbb/formie Server-Side Template Injection for variable-enabled settings)
CVE-2024-35194 (Trivy possibly leaks registry credential when scanning images from malicious registries)
CVE-2024-35195 (Stacklok Minder vulnerable to denial of service from maliciously crafted templates)
CVE-2024-35196 (Requests `Session` object does not verify requests after making first request with verify=False)
CVE-2024-35197 (Slack integration leaks sensitive information in logs in Sentry)
CVE-2024-35198 (gix refs and paths with reserved Windows device names access the devices)
CVE-2024-35199 (TorchServe bypass allowed_urls configuration)
CVE-2024-35200 (TorchServe gRPC Port Exposure)
CVE-2024-35201 (NGINX HTTP/3 QUIC vulnerability)
CVE-2024-35202 (Clicca per dettagli)
CVE-2024-35204 (Clicca per dettagli)
CVE-2024-35205 (Clicca per dettagli)
CVE-2024-35206 (Clicca per dettagli)
CVE-2024-35207 (Clicca per dettagli)
CVE-2024-35208 (Clicca per dettagli)
CVE-2024-35209 (Clicca per dettagli)
CVE-2024-35210 (Clicca per dettagli)
CVE-2024-35211 (Clicca per dettagli)
CVE-2024-35212 (Clicca per dettagli)
CVE-2024-35213 (Clicca per dettagli)
CVE-2024-35214 (Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP))
CVE-2024-35215 (Vulnerability in CylanceOPTICS Windows Installer Package Impacts CylanceOPTICS for Windows)
CVE-2024-35218 (Clicca per dettagli)
CVE-2024-35219 (Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane)
CVE-2024-35220 (OpenAPI Generator Online – Arbitrary File Read/Delete)
CVE-2024-35221 (@fastify/session reuses destroyed session cookie)
CVE-2024-35222 (Denial of service when publishing a package on rubygems.org)
CVE-2024-35223 (iFrames Bypass Origin Checks for Tauri API Access Control)
CVE-2024-35224 (Dapr API Token Exposure)
CVE-2024-35225 (Stored Cross-Site Scripting (XSS) in OpenProject)
CVE-2024-35226 (Jupyter Server Proxy has a reflected XSS issue in host parameter)
CVE-2024-35227 (PHP Code Injection by malicious attribute in extends-tag in Smarty)
CVE-2024-35228 (Discourse vulnerable to DoS through Onebox)
CVE-2024-35229 (Improper Handling of Insufficient Permissions in Wagtail)
CVE-2024-35230 (ZKsync Era evaluation order of Yul function arguments)
CVE-2024-35231 (Welcome and About GeoServer pages communicate version and revision information)
CVE-2024-35232 (rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming “profiler_runs” parameter)
CVE-2024-35234 (github.com/huandu/facebook may expose access_token in error message)
CVE-2024-35235 (Discourse vulnerable to stored-dom XSS via Facebook Oneboxes)
CVE-2024-35236 (Cupsd Listen arbitrary chmod 0140777)
CVE-2024-35237 (Audiobookshelf Cross-Site-Scripting vulnerability via crafted ebooks)
CVE-2024-35238 (MIT IdentiBot User-Kerberos Mapping Publicly Available)
CVE-2024-35239 (Denial of service of Minder Server from maliciously crafted GitHub attestations)
CVE-2024-35240 (Stored Cross-site Scripting on Components of Umbraco Forms)
CVE-2024-35241 (Stored Cross-site Scripting on Print Functionality in Umbraco Commerce)
CVE-2024-35242 (Composer vulnerable to command injection via malicious git branch name)
CVE-2024-35244 (Composer vulnerable to command injection via malicious git/hg branch names)
CVE-2024-35245 (Clicca per dettagli)
CVE-2024-35246 (Clicca per dettagli)
CVE-2024-35247 (Westermo L210-F2G Lynx Improper Control of Interaction Frequency)