Lista CVE 2024/45xxx

CVE nel gruppo: 45xxx

CVE-2024-45041 (N/A)

CVE-2024-45042 (External Secrets Operator vulnerable to privilege escalation)

CVE-2024-45043 (Ory Kratos’s `highest_available` setting does not properly respect code + mfa credentials)

CVE-2024-45044 (OpenTelemetry Collector AWS Firehose Receiver Authentication Bypass Vulnerability)

CVE-2024-45045 (Bareos’s negative command ACLs can be circumvented by abbreviating commands)

CVE-2024-45046 (JavaScript Injection via url encoded values in links in Collabora Office Android)

CVE-2024-45047 (PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information)

CVE-2024-45048 (Potential mXSS vulnerability due to improper HTML escaping in svelte)

CVE-2024-45049 (XML External Entity Reference (XXE) in PHPSpreadsheet)

CVE-2024-45050 (Nix Hydra Missing authentication when triggering evaluations)

CVE-2024-45051 (Ringer Server Does Not Check Members When Loading Messages)

CVE-2024-45052 (Bypass of email address validation via encoded email addresses in Discourse)

CVE-2024-45053 (Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability)

CVE-2024-45054 (Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine)

CVE-2024-45056 (Potential Permission Leakage of Cluster Level in hwameistor)

CVE-2024-45057 (`fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc)

CVE-2024-45058 (Reflected Cross-Site Scripting in i-Educar)

CVE-2024-45059 (Privilege escalation in i-Educar)

CVE-2024-45060 (Authenticated SQL Injection in i-Educar)

CVE-2024-45061 (Unauthenticated Cross-Site-Scripting (XSS) in sample file in PHPSpreadsheet)

CVE-2024-45063 (N/A)

CVE-2024-45066 (Multiple issues in ctl(4) CAM Target Layer)

CVE-2024-45068 (Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE Command Injection)

CVE-2024-45070 (Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA)

CVE-2024-45071 (Liteos_a has an out-of-bounds read vulnerability)

CVE-2024-45072 (IBM WebSphere Application Server cross-site scripting)

CVE-2024-45073 (IBM WebSphere Application Server XML external entity injection)

CVE-2024-45074 (IBM WebSphere Application Server cross-site scripting)

CVE-2024-45075 (IBM webMethods Integration directory traversal)

CVE-2024-45076 (IBM webMethods Integration privilege escalation)

CVE-2024-45077 (IBM webMethods Integration code execution)

CVE-2024-45081 (IBM Maximo Asset Management file upload)

CVE-2024-45082 (IBM Cognos Controller incorrect authorization)

CVE-2024-45084 (IBM Cognos Analytics HTTP open redirection)

CVE-2024-45085 (IBM Cognos Controller CSV injection)

CVE-2024-45086 (IBM WebSphere Application Server denial of service)

CVE-2024-45087 (IBM WebSphere Application Server XML external entity injection)

CVE-2024-45088 (IBM WebSphere Application Server cross-site scripting)

CVE-2024-45089 (IBM Maximo Asset Management cross-site scripting)

CVE-2024-45091 (IBM Sterling B2B Integrator information disclosure)

CVE-2024-45096 (IBM UrbanCode Deploy information disclosure)

CVE-2024-45097 (IBM Aspera Faspex information disclosure)

CVE-2024-45098 (IBM Aspera Faspex bypass security)

CVE-2024-45099 (IBM Aspera Faspex bypass security)

CVE-2024-45100 (IBM Security ReaQta cross-site scripting)

CVE-2024-45101 (IBM Security QRadar EDR denial of service)

CVE-2024-45102 (N/A)

CVE-2024-45103 (N/A)

CVE-2024-45104 (N/A)

CVE-2024-45105 (N/A)

CVE-2024-45106 (N/A)

CVE-2024-45107 (Apache Ozone: Improper authentication when generating S3 secrets)

CVE-2024-45108 (ZDI-CAN-24186: Adobe Acrobat Reader DC Doc Object Use-After-Free Information Disclosure Vulnerability)

CVE-2024-45109 (Photoshop Desktop | Out-of-bounds Write (CWE-787))

CVE-2024-45111 (Photoshop Desktop | Out-of-bounds Write (CWE-787))

CVE-2024-45112 (Illustrator | Out-of-bounds Read (CWE-125))

CVE-2024-45113 (Acrobat Reader | Access of Resource Using Incompatible Type (‘Type Confusion’) (CWE-843))

CVE-2024-45114 (ColdFusion | Improper Authentication (CWE-287))

CVE-2024-45115 (Illustrator | Out-of-bounds Write (CWE-787))

CVE-2024-45116 (Adobe Commerce | Improper Authentication (CWE-287))