Lista CVE 2024/47xxx

CVE nel gruppo: 47xxx

CVE-2024-47044 (N/A)

CVE-2024-47045 (N/A)

CVE-2024-47046 (N/A)

CVE-2024-47047 (N/A)

CVE-2024-47048 (N/A)

CVE-2024-47049 (N/A)

CVE-2024-47050 (N/A)

CVE-2024-47051 (XSS in contact/company tracking (no authentication))

CVE-2024-47053 (Remote Code Execution & File Deletion in Asset Uploads)

CVE-2024-47058 (Improper Authorization in Reporting API)

CVE-2024-47059 (Cross-site Scripting (XSS) – stored (edit form HTML field))

CVE-2024-47060 (Users enumeration – weak password login)

CVE-2024-47061 (Unauthorized Access After Organization or Project Deactivation in Zitadel)

CVE-2024-47062 (Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs)

CVE-2024-47063 (Multiple SQL Injections and ORM Leak in navidrome)

CVE-2024-47064 (Computer Vision Annotation Tool (CVAT) contains a stored XSS via the quality report data endpoint)

CVE-2024-47066 (Computer Vision Annotation Tool (CVAT) contains a reflected XSS via request endpoints)

CVE-2024-47067 (Lobe Chat has insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964))

CVE-2024-47068 (Alist Contains a Reflected Cross-Site Scripting Vulnerability)

CVE-2024-47069 (DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS)

CVE-2024-47070 (Oveleon Cookiebar reflected Cross-site Scripting vulnerability)

CVE-2024-47071 (authentik vulnerable to password authentication bypass via X-Forwarded-For HTTP header)

CVE-2024-47072 (OSS Endpoint Manager allows unauthorized access to read system files)

CVE-2024-47073 (XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream)

CVE-2024-47074 (Dataease arbitrary interface access vulnerability)

CVE-2024-47075 (Dataease PostgreSQL Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability)

CVE-2024-47076 (DOM Clobbering gadgets found in layui that lead to Cross-site Scripting)

CVE-2024-47077 (libcupsfilters’s cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server)

CVE-2024-47078 (authentik cross-provider token validation problems)

CVE-2024-47079 (Meshtastic firmware Authentication/Authorization Bypass via MQTT)

CVE-2024-47080 (Unauthorized usage of remote hardware module because of missing channel verification)

CVE-2024-47082 (matrix-js-sdk keys sent via `sendSharedHistoryKeys` vulnerable to interception by malicious homeserver)

CVE-2024-47083 (Strawberry GraphQL Cross-Site Request Forgery (CSRF) vulnerability)

CVE-2024-47084 (Power Platform Terraform Provider has Improper Masking of Secrets in Logs)

CVE-2024-47085 (CORS origin validation is not performed when the request has a cookie in Gradio)

CVE-2024-47086 (Parameter Manipulation Vulnerability)

CVE-2024-47087 (OTP Bypass Vulnerability)

CVE-2024-47088 (Information Disclosure Vulnerability)

CVE-2024-47089 (User Enumeration vulnerability)

CVE-2024-47092 (Unauthorized Transaction Manipulation Vulnerability)

CVE-2024-47093 (Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api)

CVE-2024-47094 (Fix various XSS issues and potential RCE)

CVE-2024-47095 (Logging of sitesecret to automations log)

CVE-2024-47100 (Reflected Cross-Site Scripting in Follet School Solutions Destiny)

CVE-2024-47102 (N/A)

CVE-2024-47103 (IBM AIX denial of service)

CVE-2024-47104 (IBM Sterling B2B Integrator cross-site scripting)

CVE-2024-47106 (IBM i incorrect privilege assignment)

CVE-2024-47107 (IBM Jazz for Service Management information disclosure)

CVE-2024-47109 (IBM QRadar SIEM cross-site scripting)

CVE-2024-47113 (IBM Sterling File Gateway information disclosure)

CVE-2024-47115 (IBM ICP – Voice Gateway XML injection)

CVE-2024-47116 (IBM AIX command execution)

CVE-2024-47117 (IBM Sterling B2B Integrator cross-site scripting)

CVE-2024-47119 (IBM Carbon Design System cross-site scripting)

CVE-2024-47121 (IBM Storage Defender – Resiliency Service improper certificate validation)

CVE-2024-47122 (Weak Passwords Requirements in goTenna Pro)

CVE-2024-47123 (Insecure Storage of Sensitive Information in goTenna Pro)

CVE-2024-47124 (Missing Support for Integrity Check in goTenna Pro)

CVE-2024-47125 (Cleartext Transmission of Sensitive Information in goTenna Pro)