Lista CVE - 2024 / Giugno
Visualizzazione 1501 - 1600 di 3082 CVE per Giugno 2024 (Pagina 16 di 31)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-34108 | 2024-06-13 | Large attack surface through legit webhook usage in Adobe Commerce |
| CVE-2024-34102 | 2024-06-13 | XXE can expose crypt key and other secrets granting full admin access |
| CVE-2024-34104 | 2024-06-13 | Adobe Commerce | Improper Authorization (CWE-285) |
| CVE-2024-34105 | 2024-06-13 | Stored Cross Site Scripting in Order Comment |
| CVE-2024-34107 | 2024-06-13 | Adobe Commerce | Improper Access Control (CWE-284) |
| CVE-2024-34111 | 2024-06-13 | SSRF in service connector |
| CVE-2024-34110 | 2024-06-13 | RCE in the Adobe Commerce Webhook module through a legit webhook definition |
| CVE-2024-34109 | 2024-06-13 | Adobe Commerce | Improper Input Validation (CWE-20) |
| CVE-2024-34103 | 2024-06-13 | Customer account takeover via web API call & subsequent password reset |
| CVE-2024-34106 | 2024-06-13 | Insecure Direct Object Reference - An attacker can able to erase the victim quote details |
| CVE-2024-30278 | 2024-06-13 | Adobe Media Encoder 2024 TGA File parsing memory corruption |
| CVE-2024-30472 | 2024-06-13 | Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure. |
| CVE-2024-20753 | 2024-06-13 | Adobe Photoshop PDF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2024-30299 | 2024-06-13 | Tenable Vulnerability Disclosure | API Auth Bypass |
| CVE-2024-30300 | 2024-06-13 | Tenable Vulnerability Disclosure | Sensitive Information Disclosure Via Fake FMPS Worker |
| CVE-2024-34115 | 2024-06-13 | ZDI-CAN-24054: Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-34116 | 2024-06-13 | Adobe Creative Cloud App Install Arbitrary Folder Delete Vulnerability can be abuse to Privilege Escalation |
| CVE-2024-34113 | 2024-06-13 | ColdFusion | Weak Cryptography for Passwords (CWE-261) |
| CVE-2024-34112 | 2024-06-13 | ColdFusion CFDOCUMENT file retrieval / access control bypass |
| CVE-2024-34129 | 2024-06-13 | Acrobat Android : OverSecured Finding : Overwriting arbitrary files via attacker-controlled output file paths |
| CVE-2024-34130 | 2024-06-13 | Acrobat Android : OverSecured Finding : Access to arbitrary* content providers via insecure Intent configuration |
| CVE-2024-32856 | 2024-06-13 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information... |
| CVE-2024-36395 | 2024-06-13 | Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
| CVE-2024-36396 | 2024-06-13 | Verint - CWE-434: Unrestricted Upload of File with Dangerous Type |
| CVE-2024-32859 | 2024-06-13 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code... |
| CVE-2024-32858 | 2024-06-13 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code... |
| CVE-2024-32860 | 2024-06-13 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code... |
| CVE-2024-25052 | 2024-06-13 | IBM Jazz Reporting Service information disclosure |
| CVE-2024-37308 | 2024-06-13 | WordPress Cooked Plugin - Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability |
| CVE-2024-22333 | 2024-06-13 | IBM Maximo Application Suite information disclosure |
| CVE-2024-37309 | 2024-06-13 | Client initialized Session-Renegotiation DoS |
| CVE-2024-37164 | 2024-06-13 | CVAT SSRF via custom cloud storage endpoints |
| CVE-2024-37306 | 2024-06-13 | CVAT's export and backup-related API endpoints are susceptible to CSRF |
| CVE-2024-37131 | 2024-06-13 | SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions... |
| CVE-2024-28965 | 2024-06-13 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A... |
| CVE-2024-28966 | 2024-06-13 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A... |
| CVE-2024-28967 | 2024-06-13 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A... |
| CVE-2024-28968 | 2024-06-13 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from... |
| CVE-2024-28969 | 2024-06-13 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A... |
| CVE-2024-29168 | 2024-06-13 | Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability,... |
| CVE-2024-29169 | 2024-06-13 | Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability,... |
| CVE-2024-22441 | 2024-06-13 | HPE Cray Parallel Application Launch Service (PALS) is subject to an authentication bypass. |
| CVE-2024-37307 | 2024-06-13 | Cilium leaks sensitive information in cilium-bugtool |
| CVE-2024-37280 | 2024-06-13 | Elasticsearch StackOverflow vulnerability |
| CVE-2024-38279 | 2024-06-13 | Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
| CVE-2024-37279 | 2024-06-13 | Kibana Broken Access Control issue |
| CVE-2024-38280 | 2024-06-13 | Cleartext Storage in a File or on Disk in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
| CVE-2024-38281 | 2024-06-13 | Use of Hard-coded Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
| CVE-2024-38282 | 2024-06-13 | Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
| CVE-2024-38283 | 2024-06-13 | Missing Encryption of Sensitive Data in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
| CVE-2024-38284 | 2024-06-13 | Authentication Bypass by Capture-replay in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
| CVE-2024-37029 | 2024-06-13 | Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow |
| CVE-2024-37022 | 2024-06-13 | Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write |
| CVE-2024-38285 | 2024-06-13 | Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600) |
| CVE-2024-30058 | 2024-06-13 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-30057 | 2024-06-13 | Microsoft Edge for iOS Spoofing Vulnerability |
| CVE-2024-38083 | 2024-06-13 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-5924 | 2024-06-13 | Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability |
| CVE-2024-5952 | 2024-06-13 | Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability |
| CVE-2024-5951 | 2024-06-13 | Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability |
| CVE-2024-5950 | 2024-06-13 | Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-5949 | 2024-06-13 | Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability |
| CVE-2024-5948 | 2024-06-13 | Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-5947 | 2024-06-13 | Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability |
| CVE-2024-38313 | 2024-06-13 | In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for... |
| CVE-2024-38312 | 2024-06-13 | When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for... |
| CVE-2024-4696 | 2024-06-13 | A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited. |
| CVE-2024-32929 | 2024-06-13 | In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2024-5976 | 2024-06-13 | SourceCodester Employee and Visitor Gate Pass Logging System log_employee sql injection |
| CVE-2024-29778 | 2024-06-13 | In ProtocolPsDedicatedBearInfoAdapter::processQosSession of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required.... |
| CVE-2024-29780 | 2024-06-13 | In hwbcc_ns_deprivilege of trusty/user/base/lib/hwbcc/client/hwbcc.c, there is a possible uninitialized stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2024-29781 | 2024-06-13 | In ss_AnalyzeOssReturnResUssdArgIe of ss_OssAsnManagement.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed.... |
| CVE-2024-29784 | 2024-06-13 | In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2024-29785 | 2024-06-13 | In aur_get_state of aurora.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2024-29786 | 2024-06-13 | In pktproc_fill_data_addr_without_bm of link_rx_pktproc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2024-29787 | 2024-06-13 | In lwis_process_transactions_in_queue of lwis_transaction.c, there is a possible use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2024-32891 | 2024-06-13 | In sec_media_unprotect of media.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2024-32892 | 2024-06-13 | In handle_init of goodix/main/main.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2024-32893 | 2024-06-13 | In _s5e9865_mif_set_rate of exynos_dvfs.c, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2024-32894 | 2024-06-13 | In bc_get_converted_received_bearer of bc_utilities.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2024-32895 | 2024-06-13 | In BCMFASTPATH of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-32896 | 2024-06-13 | there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2024-32897 | 2024-06-13 | In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required.... |
| CVE-2024-32898 | 2024-06-13 | In ProtocolCellIdentityParserV4::Parse() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required.... |
| CVE-2024-32899 | 2024-06-13 | In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional... |
| CVE-2024-32900 | 2024-06-13 | In lwis_fence_signal of lwis_debug.c, there is a possible Use after Free due to improper locking. This could lead to local escalation of privilege from hal_camera_default SELinux label with no additional... |
| CVE-2024-32901 | 2024-06-13 | In v4l2_smfc_qbuf of smfc-v4l2-ioctls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-32902 | 2024-06-13 | Remote prevention of access to cellular service with no user interaction (for example, crashing the cellular radio service with a malformed packet) |
| CVE-2024-32903 | 2024-06-13 | In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2024-32904 | 2024-06-13 | In ProtocolVsimOperationAdapter() of protocolvsimadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required.... |
| CVE-2024-32905 | 2024-06-13 | In circ_read of link_device_memory_legacy.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2024-32906 | 2024-06-13 | In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... |
| CVE-2024-32907 | 2024-06-13 | In memcall_add of memlog.c, there is a possible buffer overflow due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2024-32908 | 2024-06-13 | In sec_media_protect of media.c, there is a possible permission bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2024-32909 | 2024-06-13 | In handle_msg of main.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-32910 | 2024-06-13 | In handle_msg_shm_map_req of trusty/user/base/lib/spi/srv/tipc/tipc.c, there is a possible stack data disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2024-32911 | 2024-06-13 | There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not... |
| CVE-2024-32912 | 2024-06-13 | there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the... |
| CVE-2024-32913 | 2024-06-13 | In wl_notify_rx_mgmt_frame of wl_cfg80211.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed.... |
| CVE-2024-32914 | 2024-06-13 | In tpu_get_int_state of tpu.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |