Lista CVE - 2024 / Maggio
Visualizzazione 1601 - 1700 di 4994 CVE per Maggio 2024 (Pagina 17 di 50)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-20865 | 2024-05-07 | Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images. |
| CVE-2024-20866 | 2024-05-07 | Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step. |
| CVE-2024-20867 | 2024-05-07 | Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information. |
| CVE-2024-20868 | 2024-05-07 | Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions. |
| CVE-2024-20869 | 2024-05-07 | Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies. |
| CVE-2024-20870 | 2024-05-07 | Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store. |
| CVE-2024-20871 | 2024-05-07 | Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection. |
| CVE-2024-20872 | 2024-05-07 | Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE. |
| CVE-2024-20855 | 2024-05-07 | Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while. |
| CVE-2024-22472 | 2024-05-07 | Long S0 frames received by 500 series Z-Wave devices may cause buffer overflow |
| CVE-2024-4186 | 2024-05-07 | The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and... |
| CVE-2024-3628 | 2024-05-07 | EasyEvent <= 1.0.0 - Admin+ Stored XSS |
| CVE-2024-27217 | 2024-05-07 | MSDP has a use after free vulnerability |
| CVE-2024-23808 | 2024-05-07 | Arkcompiler ets frontend has an out-of-bounds read vulnerability |
| CVE-2024-31078 | 2024-05-07 | Bluetooth Service has a use after free vulnerability |
| CVE-2024-3757 | 2024-05-07 | Arkcompiler runtime has an integer overflow vulnerability |
| CVE-2024-3758 | 2024-05-07 | Hmdfs has a heap buffer overflow vulnerability |
| CVE-2024-3759 | 2024-05-07 | Hmdfs has a use after free vulnerability |
| CVE-2024-4345 | 2024-05-07 | The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up... |
| CVE-2024-4346 | 2024-05-07 | The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.7.13. This is due to the plugin not properly validating... |
| CVE-2023-6810 | 2024-05-07 | The ClickCease Click Fraud Protection plugin for WordPress is vulnerable to unauthorized access of data due to an improper capability check on the get_settings function in all versions up to,... |
| CVE-2024-4599 | 2024-05-07 | Denial of service vulnerability in LAN Messenger |
| CVE-2024-4582 | 2024-05-07 | Faraday GM8181/GM828x NTP Service os command injection |
| CVE-2024-4583 | 2024-05-07 | Faraday GM8181/GM828x Request information disclosure |
| CVE-2024-4600 | 2024-05-07 | Cross-Site Request Forgery vulnerability in Socomec Net Vision |
| CVE-2024-4584 | 2024-05-07 | Faraday GM8181/GM828x command_port.ini information disclosure |
| CVE-2024-4601 | 2024-05-07 | Improper Authentication vulnerability in Socomec Net Vision |
| CVE-2024-4537 | 2024-05-07 | IDOR vulnerability in Janto Ticketing Software |
| CVE-2024-4538 | 2024-05-07 | IDOR vulnerability in Janto Ticketing Software |
| CVE-2024-4585 | 2024-05-07 | DedeCMS member_type.php cross-site request forgery |
| CVE-2024-4586 | 2024-05-07 | DedeCMS shops_delivery.php cross-site request forgery |
| CVE-2024-4587 | 2024-05-07 | DedeCMS tpl.php cross-site request forgery |
| CVE-2024-4588 | 2024-05-07 | DedeCMS mytag_add.php cross-site request forgery |
| CVE-2024-4589 | 2024-05-07 | DedeCMS mytag_edit.php cross-site request forgery |
| CVE-2023-31234 | 2024-05-07 | WordPress Tilda Publishing plugin <= 0.3.23 - Broken Access Control vulnerability |
| CVE-2023-7240 | 2024-05-07 | Broken Access Control leading to SSRF in NetIQ Identity Console |
| CVE-2024-4536 | 2024-05-07 | Eclipse EDC: OAuth2 Credential Exfiltration Vulnerability |
| CVE-2024-4590 | 2024-05-07 | DedeCMS sys_info.php cross-site request forgery |
| CVE-2024-4591 | 2024-05-07 | DedeCMS sys_group_add.php cross-site request forgery |
| CVE-2024-28148 | 2024-05-07 | Apache Superset: Incorrect datasource authorization on explore REST API |
| CVE-2024-4592 | 2024-05-07 | DedeCMS sys_group_edit.php cross-site request forgery |
| CVE-2024-4593 | 2024-05-07 | DedeCMS sys_multiserv.php cross-site request forgery |
| CVE-2024-29889 | 2024-05-07 | GLPI contains an SQL injection through the saved searches |
| CVE-2024-31456 | 2024-05-07 | GLPI contains an authenticated SQL injection |
| CVE-2024-34084 | 2024-05-07 | Minder's Github Webhook Handler vulnerable to denial of service from un-validated requests |
| CVE-2024-34342 | 2024-05-07 | react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF |
| CVE-2024-4594 | 2024-05-07 | DedeCMS sys_safe.php cross-site request forgery |
| CVE-2024-32663 | 2024-05-07 | Suricata 's http2 parser contains an improper compressed header handling can lead to resource starvation |
| CVE-2024-32664 | 2024-05-07 | Suricata's base64 contains an out of bounds write |
| CVE-2024-4595 | 2024-05-07 | SEMCMS function.php locate sql injection |
| CVE-2024-32867 | 2024-05-07 | Suricata's defrag contains various issues leading to policy bypass |
| CVE-2024-34341 | 2024-05-07 | The Trix Editor Contains an Arbitrary Code Execution Vulnerability |
| CVE-2024-4596 | 2024-05-07 | Kimai Session information disclosure |
| CVE-2024-29208 | 2024-05-07 | An Unverified Password Change could allow a malicious actor with API access to the device to change the system password without knowing the previous password. Affected Products: UniFi Connect EV... |
| CVE-2024-29207 | 2024-05-07 | An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application (Version 3.7.9 and earlier)... |
| CVE-2024-27982 | 2024-05-07 | The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a... |
| CVE-2024-29206 | 2024-05-07 | An Improper Access Control could allow a malicious actor authenticated in the API to enable Android Debug Bridge (ADB) and make unsupported changes to the system. Affected Products: UniFi Connect... |
| CVE-2024-29210 | 2024-05-07 | A local privilege escalation (LPE) vulnerability has been identified in Phish Alert Button for Outlook (PAB), specifically within its configuration management functionalities. This vulnerability allows a regular user to modify... |
| CVE-2024-29209 | 2024-05-07 | A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the... |
| CVE-2024-4558 | 2024-05-07 | Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-4559 | 2024-05-07 | Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-27273 | 2024-05-07 | IBM AIX privilege escalation |
| CVE-2024-0022 | 2024-05-07 | In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional... |
| CVE-2024-0026 | 2024-05-07 | In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges... |
| CVE-2024-0027 | 2024-05-07 | In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional... |
| CVE-2024-0042 | 2024-05-07 | In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with... |
| CVE-2024-23704 | 2024-05-07 | In onCreate of WifiDialogActivity.java, there is a possible way to bypass the DISALLOW_ADD_WIFI_CONFIG restriction due to a missing permission check. This could lead to local escalation of privilege with no... |
| CVE-2024-23710 | 2024-05-07 | In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local... |
| CVE-2024-23712 | 2024-05-07 | In multiple functions of AppOpsService.java, there is a possible way to saturate the content of /data/system/appops_accesses.xml due to resource exhaustion. This could lead to local denial of service with no... |
| CVE-2024-23713 | 2024-05-07 | In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-34346 | 2024-05-07 | Deno contains a permission escalation via open of privileged files with missing `--deny` flag |
| CVE-2024-4030 | 2024-05-07 | tempfile.mkdtemp() may be readable and writeable by all users on Windows |
| CVE-2024-0024 | 2024-05-07 | In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with... |
| CVE-2024-0025 | 2024-05-07 | In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2024-0043 | 2024-05-07 | In multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the code. This could lead to... |
| CVE-2024-23705 | 2024-05-07 | In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional... |
| CVE-2024-23706 | 2024-05-07 | In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-23707 | 2024-05-07 | In multiple locations, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2024-23708 | 2024-05-07 | In multiple functions of NotificationManagerService.java, there is a possible way to not show a toast message when a clipboard message has been accessed. This could lead to local escalation of... |
| CVE-2024-23709 | 2024-05-07 | In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed.... |
| CVE-2023-40694 | 2024-05-07 | IBM Watson CP4D Data Stores information disclosure |
| CVE-2024-23551 | 2024-05-07 | HCL BigFix Compliance is potentially affected by Oracle database credentials stored at endpoint |
| CVE-2021-34947 | 2024-05-07 | NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-34948 | 2024-05-07 | Foxit PDF Reader Square Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34949 | 2024-05-07 | Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-34950 | 2024-05-07 | Foxit PDF Reader Annotation Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2021-34951 | 2024-05-07 | Foxit PDF Reader Annotation Use of Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2021-34952 | 2024-05-07 | Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34953 | 2024-05-07 | Foxit PDF Reader Annotation Use of Uninitialized Variable Remote Code Execution Vulnerability |
| CVE-2021-34954 | 2024-05-07 | Foxit PDF Editor StrikeOut Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34955 | 2024-05-07 | Foxit PDF Editor Stamp Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34956 | 2024-05-07 | Foxit PDF Editor Underline Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34957 | 2024-05-07 | Foxit PDF Editor Highlight Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34958 | 2024-05-07 | Foxit PDF Editor Text Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34959 | 2024-05-07 | Foxit PDF Editor Square Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34960 | 2024-05-07 | Foxit PDF Editor Circle Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34961 | 2024-05-07 | Foxit PDF Editor Ink Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34962 | 2024-05-07 | Foxit PDF Editor Caret Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34963 | 2024-05-07 | Foxit PDF Editor PolyLine Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2021-34964 | 2024-05-07 | Foxit PDF Editor Polygon Annotation Use-After-Free Remote Code Execution Vulnerability |