The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2024-48987 | Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product\'s repository, that have default APP_KEY values. | -- | Oct 11, 2024 |
CVE-2024-48958 | execute_filter_delta in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | -- | Oct 11, 2024 |
CVE-2024-48957 | execute_filter_audio in archive_read_support_format_rar.c in libarchive before 3.7.5 allows out-of-bounds access via a crafted archive file because src can move beyond dst. | -- | Oct 11, 2024 |
CVE-2024-48949 | The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg() validation. | -- | Oct 10, 2024 |
CVE-2024-48942 | The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to easily brute-force the 2FA PIN via the plugins/servlet/twofactor/public/pinvalidation endpoint. The last 30 and the next 30 tokens are valid. | -- | Oct 11, 2024 |
CVE-2024-48941 | The Syracom Secure Login (2FA) plugin for Jira, Confluence, and Bitbucket through 3.1.4.5 allows remote attackers to bypass 2FA by interacting with the /rest endpoint of Jira, Confluence, or Bitbucket. In the default configuration, /rest is allowlisted. | -- | Oct 11, 2024 |
CVE-2024-48938 | Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows DoS/ReDos via email. Parsing the content of emails where HTML code is copied from Microsoft Word could lead to high CPU usage and block the parsing process. | -- | Oct 11, 2024 |
CVE-2024-48937 | Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed. | -- | Oct 11, 2024 |
CVE-2024-48933 | A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters. | -- | Oct 11, 2024 |
CVE-2024-48902 | In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API | -- | Oct 10, 2024 |
CVE-2024-48827 | An issue in sbondCo Watcharr v.1.43.0 allows a remote attacker to execute arbitrary code and escalate privileges via the Change Password function. | -- | Oct 11, 2024 |
CVE-2024-48813 | SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the /update-employee.php component. | -- | Oct 11, 2024 |
CVE-2024-48788 | An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process. | -- | Oct 11, 2024 |
CVE-2024-48787 | An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. | -- | Oct 11, 2024 |
CVE-2024-48786 | An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. | -- | Oct 11, 2024 |
CVE-2024-48784 | An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process. | -- | Oct 11, 2024 |
CVE-2024-48778 | An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process. | -- | Oct 11, 2024 |
CVE-2024-48777 | LEDVANCE com.ledvance.smartplus.eu 2.1.10 allows a remote attacker to obtain sensitive information via the firmware update process. | -- | Oct 11, 2024 |
CVE-2024-48776 | An issue in Shelly com.home.shelly 1.0.4 allows a remote attacker to obtain sensitive information via the firmware update process | -- | Oct 11, 2024 |
CVE-2024-48775 | An issue in Plug n Play Camera com.ezset.delaney 1.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | -- | Oct 11, 2024 |
CVE-2024-48774 | An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process. | -- | Oct 11, 2024 |
CVE-2024-48773 | An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process | -- | Oct 11, 2024 |
CVE-2024-48772 | An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. | -- | Oct 11, 2024 |
CVE-2024-48771 | An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process | -- | Oct 11, 2024 |
CVE-2024-48770 | An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process. | -- | Oct 11, 2024 |
CVE-2024-48769 | An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. | -- | Oct 11, 2024 |
CVE-2024-48768 | An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process | -- | Oct 11, 2024 |
CVE-2024-48041 | Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in CreativeMindsSolutions CM Tooltip Glossary allows Stored XSS.This issue affects CM Tooltip Glossary: from n/a through 4.3.9. | -- | Oct 11, 2024 |
CVE-2024-48040 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Tainacan.Org Tainacan allows SQL Injection.This issue affects Tainacan: from n/a through 0.21.8. | -- | Oct 11, 2024 |
CVE-2024-48033 | Deserialization of Untrusted Data vulnerability in Elie Burstein, Baptiste Gourdin Talkback allows Object Injection.This issue affects Talkback: from n/a through 1.0. | -- | Oct 11, 2024 |
CVE-2024-48020 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Revmakx Backup and Staging by WP Time Capsule allows SQL Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.21. | -- | Oct 11, 2024 |
CVE-2024-47976 | Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access. | -- | Oct 10, 2024 |
CVE-2024-47975 | Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service. | -- | Oct 11, 2024 |
CVE-2024-47974 | Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service. | -- | Oct 10, 2024 |
CVE-2024-47973 | In some Solidigm DC Products, a defect in device overprovisioning may provide information disclosure to an attacker. | -- | Oct 10, 2024 |
CVE-2024-47972 | Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource. | -- | Oct 10, 2024 |
CVE-2024-47971 | Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial of service. | -- | Oct 10, 2024 |
CVE-2024-47969 | Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. | -- | Oct 10, 2024 |
CVE-2024-47968 | Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service. | -- | Oct 10, 2024 |
CVE-2024-47967 | Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. | -- | Oct 10, 2024 |
CVE-2024-47966 | Delta Electronics CNCSoft-G2 lacks proper initialization of memory prior to accessing it. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | -- | Oct 10, 2024 |
CVE-2024-47965 | Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | -- | Oct 10, 2024 |
CVE-2024-47964 | Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | -- | Oct 10, 2024 |
CVE-2024-47963 | Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | -- | Oct 10, 2024 |
CVE-2024-47962 | Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. | -- | Oct 10, 2024 |
CVE-2024-47951 | In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings | -- | Oct 11, 2024 |
CVE-2024-47950 | In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings | -- | Oct 11, 2024 |
CVE-2024-47949 | In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location | -- | Oct 11, 2024 |
CVE-2024-47948 | In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups | -- | Oct 11, 2024 |
CVE-2024-47913 | An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter. | -- | Oct 4, 2024 |