Lista CVE 2024/52xxx

CVE nel gruppo: 52xxx

CVE-2024-52053 (N/A)

CVE-2024-52054 (Stored Cross-Site Scripting in Wowza Streaming Engine)

CVE-2024-52055 (Application Creation Path Traversal in Wowza Streaming Engine)

CVE-2024-52056 (Application Copy Path Traversal in Wowza Streaming Engine)

CVE-2024-52057 (Application Delete Path Traversal in Wowza Streaming Engine)

CVE-2024-52058 (Potential arbitrary SQL query execution in Queuing Service while parsing malicious remote commands or configuration files)

CVE-2024-52059 (Potential arbitrary command execution in System Designer while parsing malicious HTTP/REST requests)

CVE-2024-52060 (Potential heap buffer overflow in Security Plugins while creating a DomainParticipant that uses a malformed Identity Certificate)

CVE-2024-52061 (Potential stack overflow when using XML configuration file referencing environment variables)

CVE-2024-52062 (Potential stack buffer overflow when parsing an XML type)

CVE-2024-52063 (Potential stack buffer write overflow in Connext applications while parsing malicious XML types document)

CVE-2024-52064 (Potential stack buffer write overflow in Connext applications while parsing malicious XML types document)

CVE-2024-52065 (Potential stack buffer write overflow in Connext applications while parsing malicious license file)

CVE-2024-52066 (Potential stack buffer write overflow in Persistence Service while parsing malicious environment variable on non-Windows systems)

CVE-2024-52067 (Potential stack corruption in Routing Service when using a malicious XML configuration document)

CVE-2024-52268 (Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log)

CVE-2024-52269 (N/A)

CVE-2024-52270 (AI Assistant PDF Document Spoofing in DocuSign)

CVE-2024-52271 (PDF Document Spoofing in DropBox Sign(HelloSign))

CVE-2024-52272 (PDF Document Spoofing in Documenso)

CVE-2024-52273 (Denial of Service on Tenda AC6V2 Due To Stack Overflow)

CVE-2024-52274 (Denial of Service on Tenda AC6V2 Due To Stack Overflow)

CVE-2024-52275 (Denial of Service on Tenda AC6V2 Due To Stack Overflow)

CVE-2024-52276 (Denial of Service on Tenda AC6V2 Due To Stack Overflow)

CVE-2024-52277 (PDF Document Spoofing in DocuSign)

CVE-2024-52278 (PDF Document Spoofing in DocuSeal)

CVE-2024-52283 (N/A)

CVE-2024-52285 (N/A)

CVE-2024-52286 (N/A)

CVE-2024-52287 (Self Cross Site Scripting (XSS) In Merge Functionality in Stirling-PDF)

CVE-2024-52288 (authentik performs insufficient validation of OAuth scopes)

CVE-2024-52289 (RMAC revert to the beginning of the session in libosdp)

CVE-2024-52291 (authentik has an insecure default configuration for OAuth2 Redirect URIs)

CVE-2024-52292 (Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution)

CVE-2024-52293 (Craft Allows Attackers to Read Arbitrary System Files)

CVE-2024-52294 (Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI)

CVE-2024-52295 (khoj has an IDOR in subscription management that allows unauthorized subscription modifications)

CVE-2024-52296 (DataEase has a forged JWT token vulnerability)

CVE-2024-52297 (libosdp has a null pointer deref in osdp_reply_name)

CVE-2024-52298 (Tolgee’s configuration all configuration properties leaked in public configuration DTO)

CVE-2024-52299 (macro-pdfviewer’s preview in WYSIWYG editor allows accessing any PDF document as the last author)

CVE-2024-52300 (The PDF viewer macro allows accessing any attachment without access right checks)

CVE-2024-52301 (macro-pdfviewer has a XSS through the width parameter)

CVE-2024-52302 (Laravel allows environment manipulation via query string)

CVE-2024-52303 (common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE))

CVE-2024-52304 (aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method)

CVE-2024-52305 (aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions)

CVE-2024-52306 (UnoPim Stored XSS : Cookie hijacking through Create User function)

CVE-2024-52307 (FileManager Deserialization of Untrusted Data)

CVE-2024-52308 (authentik allows a timing attack due to missing constant time comparison for metrics view)

CVE-2024-52309 (Connecting to a malicious Codespaces via GH CLI could allow command execution on the user’s computer)

CVE-2024-52311 (SFTPGo allows administrators to restrict command execution from the EventManager)

CVE-2024-52312 (data.all does not invalidate authentication token upon user logout)

CVE-2024-52313 (data.all authenticated users can perform restricted operations against DataSets and Environments)

CVE-2024-52314 (data.all authenticated users can obtain incorrect object level authorizations)

CVE-2024-52316 (data.all admin user may access potentially sensitive data stored by producers via logs)

CVE-2024-52317 (Apache Tomcat: Authentication bypass when using Jakarta Authentication API)

CVE-2024-52318 (Apache Tomcat: Request/response mix-up with HTTP/2)

CVE-2024-52319 (Apache Tomcat: Incorrect JSP tag recycling leads to XSS)

CVE-2024-52320 (mm: use aligned address in clear_gigantic_page())