Lista CVE - 2024 / Giugno
Visualizzazione 1601 - 1700 di 3082 CVE per Giugno 2024 (Pagina 17 di 31)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-32915 | 2024-06-13 | In CellInfoListParserV2::FillCellInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required.... |
| CVE-2024-32916 | 2024-06-13 | In fvp_freq_histogram_init of fvp.c, there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... |
| CVE-2024-32917 | 2024-06-13 | In pl330_dma_from_peri_start() of fp_spi_dma.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-32918 | 2024-06-13 | Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps |
| CVE-2024-32919 | 2024-06-13 | In lwis_add_completion_fence of lwis_fence.c, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2024-32920 | 2024-06-13 | In set_secure_reg of sac_handler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack... |
| CVE-2024-32921 | 2024-06-13 | In lwis_initialize_transaction_fences of lwis_fence.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-32922 | 2024-06-13 | In gpu_pm_power_on_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE... |
| CVE-2024-32923 | 2024-06-13 | there is a possible cellular denial of service due to a logic error in the code. This could lead to remote denial of service with no additional execution privileges needed.... |
| CVE-2024-32924 | 2024-06-13 | In DeregAcceptProcINT of cn_NrmmStateDeregInit.cpp, there is a possible denial of service due to a logic error in the code. This could lead to remote denial of service with no additional... |
| CVE-2024-32925 | 2024-06-13 | In dhd_prot_txstatus_process of dhd_msgbuf.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2024-32926 | 2024-06-13 | there is a possible information disclosure due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed... |
| CVE-2024-32930 | 2024-06-13 | In plugin_ipc_handler of slc_plugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional... |
| CVE-2024-0103 | 2024-06-13 | CVE |
| CVE-2024-0095 | 2024-06-13 | CVE |
| CVE-2024-0090 | 2024-06-13 | CVE |
| CVE-2024-0089 | 2024-06-13 | CVE |
| CVE-2024-0091 | 2024-06-13 | CVE |
| CVE-2024-0093 | 2024-06-13 | CVE |
| CVE-2024-0092 | 2024-06-13 | CVE |
| CVE-2024-0099 | 2024-06-13 | CVE |
| CVE-2024-0084 | 2024-06-13 | CVE |
| CVE-2024-0085 | 2024-06-13 | CVE |
| CVE-2024-0094 | 2024-06-13 | CVE |
| CVE-2024-0086 | 2024-06-13 | CVE |
| CVE-2023-37394 | 2024-06-13 | WordPress WP Dummy Content Generator plugin <= 2.3.0 - Broken Access Control vulnerability |
| CVE-2023-36695 | 2024-06-13 | WordPress Sublanguage plugin <= 2.9 - Broken Access Control vulnerability |
| CVE-2023-36694 | 2024-06-13 | WordPress Kingkong Board plugin <= 2.1.0.2 - Broken Access Control vulnerability |
| CVE-2023-36504 | 2024-06-13 | WordPress BBS e-Popup plugin <= 2.4.5 - Broken Access Control vulnerability |
| CVE-2023-35045 | 2024-06-13 | WordPress Fat Rat Collect plugin <= 2.6.7 - Broken Access Control vulnerability |
| CVE-2023-35040 | 2024-06-13 | WordPress SendPress Newsletters plugin <= 1.23.11.6 - Broken Access Control vulnerability |
| CVE-2023-29174 | 2024-06-13 | WordPress SKU Label Changer For WooCommerce plugin <= 3.0 - Broken Access Control vulnerability |
| CVE-2024-24320 | 2024-06-14 | Directory Traversal vulnerability in Mgt-commerce CloudPanel v.2.0.0 thru v.2.4.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the service parameter of the load-logfiles function. |
| CVE-2024-33373 | 2024-06-14 | An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the... |
| CVE-2024-33374 | 2024-06-14 | Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication. |
| CVE-2024-33377 | 2024-06-14 | LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on... |
| CVE-2024-34539 | 2024-06-14 | Hardcoded credentials in TerraMaster TOS firmware through 5.1 allow a remote attacker to successfully login to the mail or webmail server. These credentials can also be used to login to... |
| CVE-2024-36598 | 2024-06-14 | An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file. |
| CVE-2024-36600 | 2024-06-14 | Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a crafted ISO 9660 image file. |
| CVE-2024-36656 | 2024-06-14 | In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cross-site Scripting (XSS) attack. |
| CVE-2024-37637 | 2024-06-14 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWizardCfg. |
| CVE-2024-37639 | 2024-06-14 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules. |
| CVE-2024-37640 | 2024-06-14 | TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg. |
| CVE-2024-37641 | 2024-06-14 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule |
| CVE-2024-37642 | 2024-06-14 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a command injection vulnerability via the ipv4_ping, ipv6_ping parameter at /formSystemCheck . |
| CVE-2024-37643 | 2024-06-14 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formPasswordAuth . |
| CVE-2024-37644 | 2024-06-14 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. |
| CVE-2024-37645 | 2024-06-14 | TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog . |
| CVE-2024-37831 | 2024-06-14 | Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter. |
| CVE-2024-33375 | 2024-06-14 | LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware. |
| CVE-2024-36597 | 2024-06-14 | Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php. |
| CVE-2024-36599 | 2024-06-14 | A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php. |
| CVE-2023-51523 | 2024-06-14 | WordPress WooCommerce Easy Duplicate Product plugin <= 0.3.0.7 - Broken Access Control vulnerability |
| CVE-2023-51516 | 2024-06-14 | WordPress Business Directory Plugin – Easy Listing Directories for WordPress plugin <= 6.3.9 - Broken Access Control vulnerability |
| CVE-2024-5981 | 2024-06-14 | itsourcecode Online House Rental System manage_user.php sql injection |
| CVE-2023-51507 | 2024-06-14 | WordPress Quiz And Survey Master plugin <= 8.1.16 - Broken Access Control vulnerability |
| CVE-2024-5983 | 2024-06-14 | itsourcecode Online Bookstore bookPerPub.php sql injection |
| CVE-2024-5984 | 2024-06-14 | itsourcecode Online Bookstore book.php sql injection |
| CVE-2024-5985 | 2024-06-14 | SourceCodester Best Online News Portal index.php sql injection |
| CVE-2024-27141 | 2024-06-14 | Pre-authenticated Time-Based Blind XXE injection |
| CVE-2024-27142 | 2024-06-14 | Pre-authenticated XXE injection |
| CVE-2024-27143 | 2024-06-14 | Pre-authenticated Remote Code Execution |
| CVE-2024-27144 | 2024-06-14 | Pre-authenticated Remote Code Execution |
| CVE-2024-3079 | 2024-06-14 | ASUS Router - Stack-based Buffer Overflow |
| CVE-2024-27145 | 2024-06-14 | Multiple Post-authenticated Remote Code Execution |
| CVE-2024-27146 | 2024-06-14 | Lack of privileges separation |
| CVE-2024-27147 | 2024-06-14 | Local Privilege Escalation and Remote Code Execution using snmpd |
| CVE-2024-27148 | 2024-06-14 | Local Privilege Escalation and Remote Code Execution using insecure PATH |
| CVE-2024-27149 | 2024-06-14 | Local Privilege Escalation and Remote Code Execution using insecure LD_PRELOAD |
| CVE-2024-27150 | 2024-06-14 | Local Privilege Escalation and Remote Code Execution using insecure LD_LIBRARY_PATH |
| CVE-2024-27151 | 2024-06-14 | Local Privilege Escalation and Remote Code Execution using insecure permissions |
| CVE-2024-27152 | 2024-06-14 | Local Privilege Escalation and Remote Code Execution using insecure permissions |
| CVE-2024-3080 | 2024-06-14 | ASUS Router - Improper Authentication |
| CVE-2024-27153 | 2024-06-14 | Local Privilege Escalation and Remote Code Execution |
| CVE-2024-27154 | 2024-06-14 | Passwords are stored in clear-text logs. |
| CVE-2024-27155 | 2024-06-14 | Local Privilege Escalation and Remote Code Execution using insecure permissions |
| CVE-2024-27156 | 2024-06-14 | Leak of authentication sessions in secure logs |
| CVE-2024-27157 | 2024-06-14 | Leak of authentication sessions in secure logs |
| CVE-2024-27158 | 2024-06-14 | Hardcoded root password |
| CVE-2024-31159 | 2024-06-14 | ASUS Download Master - Reflected XSS |
| CVE-2024-27159 | 2024-06-14 | Hardcoded password used to encrypt logs |
| CVE-2024-27160 | 2024-06-14 | Hardcoded password used to encrypt logs and use of weak cipher |
| CVE-2024-0892 | 2024-06-14 | Schema App Structured Data <= 2.2.0 - Cross-Site Request Forgery |
| CVE-2023-6492 | 2024-06-14 | Simple Sitemap <= 3.5.13 - Cross-Site Request Forgery via admin_notices |
| CVE-2024-27161 | 2024-06-14 | Hardcoded password used to encrypt files |
| CVE-2024-27162 | 2024-06-14 | DOM-based XSS |
| CVE-2024-27163 | 2024-06-14 | Leak of admin password and passwords |
| CVE-2024-31160 | 2024-06-14 | ASUS Download Master - Stored XSS |
| CVE-2024-27164 | 2024-06-14 | Hardcoded credentials |
| CVE-2024-27165 | 2024-06-14 | Local Privilege Escalation |
| CVE-2024-27166 | 2024-06-14 | Insecure permissions |
| CVE-2024-27167 | 2024-06-14 | Insecure permissions |
| CVE-2024-31161 | 2024-06-14 | ASUS Download Master - Arbitrary File Upload |
| CVE-2024-27168 | 2024-06-14 | Hardcoded keys used to generate authentication cookies |
| CVE-2024-27169 | 2024-06-14 | Lack of authentication |
| CVE-2024-27170 | 2024-06-14 | Hardcoded credentials for WebDAV access |
| CVE-2024-27171 | 2024-06-14 | Insecure permissions |
| CVE-2024-27172 | 2024-06-14 | Remote Code Execution |
| CVE-2024-27173 | 2024-06-14 | insecure upload |
| CVE-2024-27174 | 2024-06-14 | insecure upload |