Lista CVE - 2024 / Giugno
Visualizzazione 901 - 1000 di 3082 CVE per Giugno 2024 (Pagina 10 di 31)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-5597 | 2024-06-10 | Fuji Electric Monitouch V-SFT Type Confusion |
| CVE-2024-36409 | 2024-06-10 | SuiteCRM authenticated SQL Injection in TreeData entrypoint |
| CVE-2024-36410 | 2024-06-10 | SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller |
| CVE-2024-23299 | 2024-06-10 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to break out of... |
| CVE-2024-27792 | 2024-06-10 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data. |
| CVE-2022-32897 | 2024-06-10 | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted tiff file may lead to arbitrary code execution. |
| CVE-2023-40389 | 2024-06-10 | The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Ventura 13.6.5, macOS Monterey 12.7.4. An app may be able to access sensitive... |
| CVE-2022-48683 | 2024-06-10 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox. |
| CVE-2022-32933 | 2024-06-10 | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user... |
| CVE-2022-48578 | 2024-06-10 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5. Processing an AppleScript may result in unexpected termination or disclosure of process memory. |
| CVE-2024-36411 | 2024-06-10 | SuiteCRM authenticated SQL Injection in EmailUIAjax displayView controller |
| CVE-2024-36412 | 2024-06-10 | SuiteCRM unauthenticated SQL Injection |
| CVE-2024-36413 | 2024-06-10 | SuiteCRM authenticated Reflected Cross-Site Scripting |
| CVE-2024-36414 | 2024-06-10 | SuiteCRM authenticated Server-Side Request Forgery |
| CVE-2024-22279 | 2024-06-10 | GoRouter Denial of Service Attack |
| CVE-2024-36415 | 2024-06-10 | SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution |
| CVE-2024-36417 | 2024-06-10 | SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame |
| CVE-2024-36416 | 2024-06-10 | SuiteCRM v4 API Excessive log data DOS |
| CVE-2024-36418 | 2024-06-10 | SuiteCRM authenticated RCE using connectors |
| CVE-2024-27848 | 2024-06-10 | This issue was addressed with improved permissions checking. This issue is fixed in macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. A malicious app may be able to gain root... |
| CVE-2024-27833 | 2024-06-10 | An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5.... |
| CVE-2024-27844 | 2024-06-10 | The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5. A website's permission dialog may persist after navigation away from the... |
| CVE-2024-27805 | 2024-06-10 | An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5... |
| CVE-2024-27828 | 2024-06-10 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 1.2, watchOS 10.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may be able to... |
| CVE-2024-23282 | 2024-06-10 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A maliciously crafted... |
| CVE-2024-27812 | 2024-06-10 | The issue was addressed with improvements to the file handling protocol. This issue is fixed in visionOS 1.2. Processing web content may lead to a denial-of-service. |
| CVE-2024-27845 | 2024-06-10 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS 17.5 and iPadOS 17.5. An app may be able to access Notes attachments. |
| CVE-2024-27832 | 2024-06-10 | The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be... |
| CVE-2024-27808 | 2024-06-10 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing... |
| CVE-2024-27799 | 2024-06-10 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8. An unprivileged app... |
| CVE-2024-27815 | 2024-06-10 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An... |
| CVE-2024-27819 | 2024-06-10 | The issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able... |
| CVE-2024-23251 | 2024-06-10 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An... |
| CVE-2024-27838 | 2024-06-10 | The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS... |
| CVE-2024-27855 | 2024-06-10 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. A shortcut... |
| CVE-2024-27802 | 2024-06-10 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS... |
| CVE-2024-27814 | 2024-06-10 | This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A person with physical access to a device may be able to view contact information... |
| CVE-2024-27801 | 2024-06-10 | The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be... |
| CVE-2024-27817 | 2024-06-10 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5 and... |
| CVE-2024-27840 | 2024-06-10 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS 17.5... |
| CVE-2024-27820 | 2024-06-10 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS... |
| CVE-2024-27836 | 2024-06-10 | The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, iOS 17.5 and iPadOS 17.5. Processing a maliciously crafted image may lead to... |
| CVE-2024-27800 | 2024-06-10 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2, iOS... |
| CVE-2024-27857 | 2024-06-10 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, tvOS 17.5, iOS 17.5 and iPadOS 17.5. A remote attacker... |
| CVE-2024-27831 | 2024-06-10 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, visionOS 1.2,... |
| CVE-2024-27885 | 2024-06-10 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 14.5, macOS Ventura 13.6.7, macOS Monterey 12.7.5. An app may be able to modify... |
| CVE-2024-27850 | 2024-06-10 | This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously... |
| CVE-2024-27807 | 2024-06-10 | The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 16.7.8 and iPadOS 16.7.8. An app may be able to circumvent App... |
| CVE-2024-27811 | 2024-06-10 | The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be... |
| CVE-2024-27806 | 2024-06-10 | This issue was addressed with improved environment sanitization. This issue is fixed in macOS Ventura 13.6.7, macOS Monterey 12.7.5, iOS 16.7.8 and iPadOS 16.7.8, tvOS 17.5, iOS 17.5 and iPadOS... |
| CVE-2024-27851 | 2024-06-10 | The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing... |
| CVE-2024-27830 | 2024-06-10 | This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A... |
| CVE-2024-36419 | 2024-06-10 | SuiteCRM-Core Host Header Injection in /legacy |
| CVE-2024-32849 | 2024-06-10 | Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. |
| CVE-2024-35241 | 2024-06-10 | Composer vulnerable to command injection via malicious git branch name |
| CVE-2024-36302 | 2024-06-10 | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2024-36303 | 2024-06-10 | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2024-36304 | 2024-06-10 | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note:... |
| CVE-2024-36305 | 2024-06-10 | A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the... |
| CVE-2024-36306 | 2024-06-10 | A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup Engine could allow a local attacker to create a denial-of-service condition on... |
| CVE-2024-36307 | 2024-06-10 | A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information about the agent on... |
| CVE-2024-36358 | 2024-06-10 | A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must... |
| CVE-2024-36359 | 2024-06-10 | A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 could allow an attacker to escalate privileges on affected installations. Please note: an attacker must... |
| CVE-2024-36473 | 2024-06-10 | Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and... |
| CVE-2024-37289 | 2024-06-10 | An improper access control vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability... |
| CVE-2024-35242 | 2024-06-10 | Composer vulnerable to command injection via malicious git/hg branch names |
| CVE-2024-37166 | 2024-06-10 | ghtml Cross-Site Scripting (XSS) vulnerability |
| CVE-2024-37168 | 2024-06-10 | @grpc/grpc-js can allocate memory for incoming messages well above configured limits |
| CVE-2024-37169 | 2024-06-10 | @jmondi/url-to-png arbitrary file read via Playwright's screenshot feature exploiting file wrapper |
| CVE-2024-36471 | 2024-06-10 | Apache Allura: sensitive information exposure via DNS rebinding |
| CVE-2022-37019 | 2024-06-10 | HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows |
| CVE-2022-37020 | 2024-06-10 | HP PC BIOS May 2024 Security Updates for Potential Stack Buffer Overflows |
| CVE-2024-22244 | 2024-06-10 | Harbor Open Redirect URL |
| CVE-2024-22261 | 2024-06-10 | SQL Injection in Harbor scan log API |
| CVE-2024-26330 | 2024-06-11 | An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, user credentials remain in memory while the process is still open, and can be obtained by... |
| CVE-2024-34405 | 2024-06-11 | Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app. |
| CVE-2024-34406 | 2024-06-11 | Improper exception handling in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to cause a denial of service through the use of a malformed deep link. |
| CVE-2024-36650 | 2024-06-11 | TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is not checked.... |
| CVE-2024-36702 | 2024-06-11 | libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c. |
| CVE-2024-36821 | 2024-06-11 | Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root. |
| CVE-2024-37130 | 2024-06-11 | Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their... |
| CVE-2024-37177 | 2024-06-11 | Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation |
| CVE-2024-37178 | 2024-06-11 | Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation |
| CVE-2023-6745 | 2024-06-11 | Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode |
| CVE-2024-5090 | 2024-06-11 | SiteOrigin Widgets Bundle <= 1.61.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via SiteOrigin Blog Widget |
| CVE-2024-0627 | 2024-06-11 | Custom Field Template <= 2.6.1 - Authenticated(Constibutor+) Stored Cross-Site Scripting via Custom Field Name |
| CVE-2023-6748 | 2024-06-11 | Custom Field Template <= 2.6.1 - Authenticated(Contributor+) Information Exposure |
| CVE-2024-0653 | 2024-06-11 | Custom Field Template <= 2.6.1 - Authenticated (Admin+) Stored Cross-Site Scritping |
| CVE-2024-2473 | 2024-06-11 | WPS Hide Login <= 1.9.15.2 - Login Page Disclosure |
| CVE-2024-34688 | 2024-06-11 | Denial of service (DOS) in SAP NetWeaver AS Java (Meta Model Repository) |
| CVE-2024-33001 | 2024-06-11 | Denial of service (DOS) in SAP NetWeaver and ABAP platform |
| CVE-2024-34683 | 2024-06-11 | Unrestricted file upload in SAP Document Builder (HTTP service) |
| CVE-2024-34686 | 2024-06-11 | Cross-Site Scripting (XSS) vulnerability in SAP CRM (WebClient UI) |
| CVE-2024-37176 | 2024-06-11 | Missing Authorization check in SAP BW/4HANA Transformation and DTP |
| CVE-2024-34690 | 2024-06-11 | Missing Authorization check in SAP Student Life Cycle Management (SLcM) |
| CVE-2024-28164 | 2024-06-11 | Information Disclosure vulnerability in SAP NetWeaver AS Java (Guided Procedures) |
| CVE-2024-34684 | 2024-06-11 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform (Scheduling) |
| CVE-2024-34691 | 2024-06-11 | Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files) |
| CVE-2023-7264 | 2024-06-11 | Build App Online <= 1.0.21 - Account Takeover via Weak Password Reset Mechanism |
| CVE-2024-29855 | 2024-06-11 | Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator |