Lista CVE - 2024 / Giugno
Visualizzazione 1001 - 1100 di 3082 CVE per Giugno 2024 (Pagina 11 di 31)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-36360 | 2024-06-11 | OS command injection vulnerability exists in awkblog v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e00ece01c8d552) and earlier. If a remote unauthenticated attacker sends a specially crafted HTTP request, an arbitrary OS command may be executed... |
| CVE-2024-31400 | 2024-06-11 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail. |
| CVE-2024-31401 | 2024-06-11 | Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user... |
| CVE-2024-31403 | 2024-06-11 | Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo. |
| CVE-2024-31404 | 2024-06-11 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the... |
| CVE-2024-5530 | 2024-06-11 | ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via WL Product Horizontal Filter Widget |
| CVE-2024-31398 | 2024-06-11 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may... |
| CVE-2024-31402 | 2024-06-11 | Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos. |
| CVE-2024-4319 | 2024-06-11 | Advanced Contact form 7 DB <= 2.0.2 - Missing Authorization to Unauthenticated Information Disclosure |
| CVE-2024-3723 | 2024-06-11 | Advanced Contact form 7 DB <= 2.0.2 - Sensitive Information Exposure |
| CVE-2024-31399 | 2024-06-11 | Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition. |
| CVE-2024-31397 | 2024-06-11 | Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative... |
| CVE-2024-3549 | 2024-06-11 | Blog2Social: Social Media Auto Post & Scheduler <= 7.4.1 - Authenticated (Subscriber+) SQL Injection |
| CVE-2020-11843 | 2024-06-11 | Potential information leakage in administrator enabled debug mode |
| CVE-2024-4266 | 2024-06-11 | MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 3.8.8 - Unauthenticated Sensitive Information Exposure |
| CVE-2024-5531 | 2024-06-11 | Ocean Extra <= 2.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flickr Widget |
| CVE-2023-25799 | 2024-06-11 | WordPress Tutor LMS plugin <= 2.1.8 - Multiple Broken Access Control vulnerabilities |
| CVE-2023-28775 | 2024-06-11 | WordPress Yoast SEO Premium plugin <= 20.4 - Unauthenticated Zapier API Key Reset vulnerability |
| CVE-2023-33922 | 2024-06-11 | WordPress Elementor plugin <= 3.13.2 - Broken Access Control vulnerability |
| CVE-2024-35716 | 2024-06-11 | WordPress Copymatic plugin <= 1.9 - Broken Access Control vulnerability |
| CVE-2024-35692 | 2024-06-11 | WordPress GDPR/CCPA Cookie Consent Banner plugin <= 3.2 - Broken Access Control vulnerability |
| CVE-2023-52186 | 2024-06-11 | WordPress WooCommerce Product Vendors plugin <= 2.2.2 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-24704 | 2024-06-11 | WordPress Load More Anything plugin <= 3.3.3 - Broken Access Control vulnerability |
| CVE-2023-52217 | 2024-06-11 | WordPress WooCommerce Conversion Tracking plugin <= 2.0.11 - Broken Access Control vulnerability |
| CVE-2024-34824 | 2024-06-11 | WordPress SportsPress – Sports Club & League Manager plugin <= 2.7.20 - Broken Access Control vulnerability |
| CVE-2024-5584 | 2024-06-11 | WordPress Online Booking and Scheduling Plugin – Bookly <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter |
| CVE-2024-5829 | 2024-06-11 | smallweigit Avue avueUeditor cross site scripting |
| CVE-2024-34813 | 2024-06-11 | WordPress WooCommerce Wishlist plugin <= 1.7.8 - Broken Access Control vulnerability |
| CVE-2023-52179 | 2024-06-11 | WordPress Product Expiry for WooCommerce plugin <= 2.5 - Broken Access Control vulnerability |
| CVE-2024-35685 | 2024-06-11 | WordPress Radcliffe 2 theme <= 2.0.17 - Broken Access Control vulnerability |
| CVE-2023-38533 | 2024-06-11 | A vulnerability has been identified in TIA Administrator (All versions < V3 SP2). The affected component creates temporary download files in a directory with insecure permissions. This could allow any... |
| CVE-2023-50763 | 2024-06-11 | A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions <... |
| CVE-2024-33500 | 2024-06-11 | A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9... |
| CVE-2024-35206 | 2024-06-11 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application does not expire the session. This could allow an attacker to get unauthorized... |
| CVE-2024-35207 | 2024-06-11 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery(CSRF) attacks. By tricking... |
| CVE-2024-35208 | 2024-06-11 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged... |
| CVE-2024-35209 | 2024-06-11 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is allowing HTTP methods like PUT and Delete. This could allow an... |
| CVE-2024-35210 | 2024-06-11 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is not enforcing HSTS. This could allow an attacker to perform downgrade... |
| CVE-2024-35211 | 2024-06-11 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, without... |
| CVE-2024-35212 | 2024-06-11 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application lacks input validation due to which an attacker can gain access to the... |
| CVE-2024-35292 | 2024-06-11 | A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions),... |
| CVE-2024-35303 | 2024-06-11 | A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012), Tecnomatix Plant Simulation V2404 (All versions < V2404.0001). The affected applications contain a type confusion vulnerability... |
| CVE-2024-36266 | 2024-06-11 | A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application insufficiently protects responses to authentication requests. This could allow a local attacker to bypass authentication, thereby... |
| CVE-2024-5702 | 2024-06-11 | Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. |
| CVE-2024-5688 | 2024-06-11 | If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird... |
| CVE-2024-5690 | 2024-06-11 | By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR... |
| CVE-2024-5691 | 2024-06-11 | By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window.... |
| CVE-2024-5692 | 2024-06-11 | On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an... |
| CVE-2024-5693 | 2024-06-11 | Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127,... |
| CVE-2024-5696 | 2024-06-11 | By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR <... |
| CVE-2024-5700 | 2024-06-11 | Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2024-5687 | 2024-06-11 | If a specific sequence of actions is performed when opening a new tab, the triggering principal associated with the new tab may have been incorrect. The triggering principal is used... |
| CVE-2024-5689 | 2024-06-11 | In addition to detecting when a user was taking a screenshot (XXX), a website was able to overlay the 'My Shots' button that appeared, and direct the user to a... |
| CVE-2024-5694 | 2024-06-11 | An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127. |
| CVE-2024-5695 | 2024-06-11 | If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have... |
| CVE-2024-5697 | 2024-06-11 | A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. |
| CVE-2024-5698 | 2024-06-11 | By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible... |
| CVE-2024-5699 | 2024-06-11 | In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This... |
| CVE-2024-5701 | 2024-06-11 | Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2024-2462 | 2024-06-11 | Allow attackers to intercept or falsify data exchanges between the client and the server |
| CVE-2024-2461 | 2024-06-11 | If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible |
| CVE-2024-2013 | 2024-06-11 | An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack... |
| CVE-2024-2012 | 2024-06-11 | vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway that if exploited an attacker could use to allow unintended commands or code to be executed on the UNEM server allowing... |
| CVE-2024-2011 | 2024-06-11 | A heap-based buffer overflow vulnerability exists in the FOXMAN-UN/UNEM that if exploited will generally lead to a denial of service but can be used to execute arbitrary code, which is... |
| CVE-2024-28021 | 2024-06-11 | A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and... |
| CVE-2024-34442 | 2024-06-11 | WordPress weDocs plugin <= 2.1.4 - Broken Access Control vulnerability |
| CVE-2023-52183 | 2024-06-11 | WordPress WordPress Backup & Migration plugin <= 1.4.3 - Broken Access Control vulnerability |
| CVE-2024-35683 | 2024-06-11 | WordPress Leyka plugin <= 3.31.1 - Broken Access Control vulnerability |
| CVE-2024-35671 | 2024-06-11 | WordPress MJ Update History plugin <= 1.0.4 - Broken Access Control vulnerability |
| CVE-2024-5189 | 2024-06-11 | Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.9.23 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-28023 | 2024-06-11 | A vulnerability exists in the message queueing mechanism that if exploited can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or... |
| CVE-2024-37161 | 2024-06-11 | MeterSphere front-end editor stores XSS vulnerability |
| CVE-2024-35667 | 2024-06-11 | WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Broken Access Control vulnerability |
| CVE-2024-35665 | 2024-06-11 | WordPress Insert Post Ads plugin <= 1.3.2 - Broken Access Control vulnerability |
| CVE-2024-35235 | 2024-06-11 | Cupsd Listen arbitrary chmod 0140777 |
| CVE-2023-52199 | 2024-06-11 | WordPress ActivityPub plugin <= 1.0.5 - Unauthenticated Broken Access Control vulnerability |
| CVE-2024-37294 | 2024-06-11 | Aimeos denial of service vulnerability in SaaS and marketplace setups |
| CVE-2024-35663 | 2024-06-11 | WordPress WP Translate plugin <= 5.3.0 - Broken Access Control vulnerability |
| CVE-2022-40225 | 2024-06-11 | A vulnerability has been identified in SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.4.8), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.4.8). Casting an internal value could lead to... |
| CVE-2024-35628 | 2024-06-11 | WordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerability |
| CVE-2024-31495 | 2024-06-11 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information... |
| CVE-2024-23110 | 2024-06-11 | A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0 all versions allows attacker to execute... |
| CVE-2024-23111 | 2024-06-11 | An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and... |
| CVE-2023-46720 | 2024-06-11 | A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through... |
| CVE-2023-23775 | 2024-06-11 | Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerabilities [CWE-89] in FortiSOAR 7.2.0 and before 7.0.3 may allow an authenticated attacker to execute unauthorized code or... |
| CVE-2024-21754 | 2024-06-11 | A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2... |
| CVE-2024-26010 | 2024-06-11 | A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3,... |
| CVE-2023-51498 | 2024-06-11 | WordPress WooCommerce Canada Post Shipping plugin <= 2.8.3 - Broken Access Control vulnerability |
| CVE-2024-37295 | 2024-06-11 | Aimeos Core remote code execution in web server context |
| CVE-2024-35168 | 2024-06-11 | WordPress WP Discourse plugin <= 2.5.1 - Broken Access Control vulnerability |
| CVE-2024-37296 | 2024-06-11 | Aimeos HTML client vulnerable to digital products download without proper payment status check |
| CVE-2024-32148 | 2024-06-11 | WordPress Pardot plugin <= 2.1.0 - Broken Access Control vulnerability |
| CVE-2024-24703 | 2024-06-11 | WordPress MultiVendorX plugin <= 4.0.25 - Broken Access Control vulnerability |
| CVE-2024-34820 | 2024-06-11 | WordPress If-So Dynamic Content Personalization plugin <= 1.7.1 - Broken Access Control vulnerability |
| CVE-2024-34826 | 2024-06-11 | WordPress CF7 WOW Styler plugin <= 1.6.4 - Broken Access Control vulnerability |
| CVE-2024-34822 | 2024-06-11 | WordPress weMail plugin <= 1.14.2 - Broken Access Control vulnerability |
| CVE-2023-51682 | 2024-06-11 | WordPress MC4WP plugin <= 4.9.9 - Broken Access Control vulnerability |
| CVE-2024-23521 | 2024-06-11 | WordPress Happyforms plugin <= 1.25.10 - Broken Access Control vulnerability |
| CVE-2024-5813 | 2024-06-11 | SSH Private Key Leak in BeyondInsight PasswordSafe |
| CVE-2024-5812 | 2024-06-11 | Smart Rule Overwrite Bypass in BeyondInsight PasswordSafe |