Lista CVE - 2024 / Giugno
Visualizzazione 1801 - 1900 di 3082 CVE per Giugno 2024 (Pagina 19 di 31)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-3105 | 2024-06-15 | Woody code snippets – Insert Header Footer Code, AdSense Ads <= 2.5.0 -Authenticated (Contributor+) Remote Code Execution |
| CVE-2024-5858 | 2024-06-15 | Infographic Maker iList <= 4.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Title Update |
| CVE-2024-4258 | 2024-06-15 | Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion |
| CVE-2024-2695 | 2024-06-15 | Shariff Wrapper <= 4.6.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-4551 | 2024-06-15 | Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Authenticated (Contributor+) Arbitrary File Inclusion via Shortcode |
| CVE-2024-4095 | 2024-06-15 | Collapse-O-Matic <= 1.8.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-6005 | 2024-06-15 | ZKTeco ZKBio CVSecurity V5000 Department Section cross site scripting |
| CVE-2024-5611 | 2024-06-15 | Stratum – Elementor Widgets <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget |
| CVE-2024-6006 | 2024-06-15 | ZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scripting |
| CVE-2024-6007 | 2024-06-15 | Netentsec NS-ASG Application Security Gateway deleteiscgwrouteconf.php sql injection |
| CVE-2024-31870 | 2024-06-15 | IBM i information disclosure |
| CVE-2024-27275 | 2024-06-15 | IBM i privilege escalation |
| CVE-2024-6008 | 2024-06-15 | itsourcecode Online Book Store edit_book.php sql injection |
| CVE-2024-6009 | 2024-06-15 | itsourcecode Event Calendar process.php regDelete sql injection |
| CVE-2024-6013 | 2024-06-15 | itsourcecode Online Book Store admin_delete.php sql injection |
| CVE-2024-6014 | 2024-06-15 | itsourcecode Document Management System edithis.php sql injection |
| CVE-2024-6015 | 2024-06-15 | itsourcecode Online House Rental System manage_user.php sql injection |
| CVE-2024-6016 | 2024-06-15 | itsourcecode Online Laundry Management System admin_class.php sql injection |
| CVE-2023-27636 | 2024-06-16 | Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. |
| CVE-2024-34451 | 2024-06-16 | Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be... |
| CVE-2024-38395 | 2024-06-16 | In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable." |
| CVE-2024-38396 | 2024-06-16 | An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by... |
| CVE-2024-38427 | 2024-06-16 | In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false. |
| CVE-2024-38443 | 2024-06-16 | C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50 elements. |
| CVE-2024-38448 | 2024-06-16 | htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used. |
| CVE-2024-38457 | 2024-06-16 | Xenforo before 2.2.16 allows CSRF. |
| CVE-2024-38458 | 2024-06-16 | Xenforo before 2.2.16 allows code injection. |
| CVE-2024-38459 | 2024-06-16 | langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444. |
| CVE-2024-38461 | 2024-06-16 | irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a directory. |
| CVE-2024-38462 | 2024-06-16 | iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary, such as in the mailMS.cpp#L94-L106 reference. |
| CVE-2024-38467 | 2024-06-16 | Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval via the queryUser API. |
| CVE-2024-38428 | 2024-06-16 | url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be... |
| CVE-2024-38439 | 2024-06-16 | Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c. 2.4.1 and 3.1.19 are also fixed... |
| CVE-2024-38440 | 2024-06-16 | Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated:... |
| CVE-2024-38441 | 2024-06-16 | Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed... |
| CVE-2024-38454 | 2024-06-16 | ExpressionEngine before 7.4.11 allows XSS. |
| CVE-2024-38460 | 2024-06-16 | In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such... |
| CVE-2024-38465 | 2024-06-16 | Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error. |
| CVE-2024-38466 | 2024-06-16 | Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password. |
| CVE-2024-38468 | 2024-06-16 | Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the resetPassword API. |
| CVE-2024-36397 | 2024-06-16 | Vantiva - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2024-6039 | 2024-06-16 | Feng Office Workspaces sql injection |
| CVE-2024-6041 | 2024-06-16 | itsourcecode Gym Management System manage_user.php sql injection |
| CVE-2024-6042 | 2024-06-16 | itsourcecode Real Estate Management System property-detail.php sql injection |
| CVE-2024-34833 | 2024-06-17 | Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP... |
| CVE-2024-36527 | 2024-06-17 | puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the server. |
| CVE-2024-36543 | 2024-06-17 | Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics'... |
| CVE-2024-36573 | 2024-06-17 | almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269) component. |
| CVE-2024-36574 | 2024-06-17 | A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON (flatten-json/index.js:42) |
| CVE-2024-36575 | 2024-06-17 | A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via global.accessor. |
| CVE-2024-36577 | 2024-06-17 | apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty. |
| CVE-2024-36578 | 2024-06-17 | akbr update 1.0.0 is vulnerable to Prototype Pollution via update/index.js. |
| CVE-2024-36580 | 2024-06-17 | A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code. |
| CVE-2024-36581 | 2024-06-17 | A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm. |
| CVE-2024-36582 | 2024-06-17 | alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js) |
| CVE-2024-36583 | 2024-06-17 | A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute arbitrary code via @byondreal/accessor/index. |
| CVE-2024-37619 | 2024-06-17 | StrongShop v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the spec_group_id parameter at /spec/index.blade.php. |
| CVE-2024-37620 | 2024-06-17 | PHPVOD v4.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /view/admin/view.php. |
| CVE-2024-37621 | 2024-06-17 | StrongShop v1.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the component /shippingOptionConfig/index.blade.php. |
| CVE-2024-37622 | 2024-06-17 | Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the num parameter at /flow/flow.php. |
| CVE-2024-37623 | 2024-06-17 | Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /kaoqin/tpl_kaoqin_locationchange.html component. |
| CVE-2024-37625 | 2024-06-17 | zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /index.php. |
| CVE-2024-37661 | 2024-06-17 | TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote... |
| CVE-2024-37662 | 2024-06-17 | TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and... |
| CVE-2024-37663 | 2024-06-17 | Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any... |
| CVE-2024-37664 | 2024-06-17 | Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim... |
| CVE-2024-37794 | 2024-06-17 | Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file. |
| CVE-2024-37795 | 2024-06-17 | A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT-LIB input file containing the `set-logic` command with specific formatting errors. |
| CVE-2024-37798 | 2024-06-17 | Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search... |
| CVE-2024-37828 | 2024-06-17 | A stored cross-site scripting (XSS) in Vermeg Agile Reporter v23.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the... |
| CVE-2024-37840 | 2024-06-17 | SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter. |
| CVE-2024-37848 | 2024-06-17 | SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admin_delete.php component. |
| CVE-2024-38449 | 2024-06-17 | A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the... |
| CVE-2024-38469 | 2024-06-17 | zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /pay.php. |
| CVE-2024-38470 | 2024-06-17 | zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /own.php. |
| CVE-2023-37057 | 2024-06-17 | An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism. |
| CVE-2023-37058 | 2024-06-17 | Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command. |
| CVE-2024-37624 | 2024-06-17 | Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component. |
| CVE-2024-6043 | 2024-06-17 | SourceCodester Best House Rental Management System admin_class.php login sql injection |
| CVE-2024-6044 | 2024-06-17 | D-Link router - Arbitrary File Reading |
| CVE-2024-5163 | 2024-06-17 | Improper permission settings in com.transsion.carlcare |
| CVE-2024-6045 | 2024-06-17 | D-Link router - Hidden Backdoor |
| CVE-2024-6047 | 2024-06-17 | GeoVision EOL device - OS Command Injection |
| CVE-2024-3236 | 2024-06-17 | Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS |
| CVE-2024-4305 | 2024-06-17 | PostX < 4.1.0 - Contributor+ Stored XSS |
| CVE-2024-5650 | 2024-06-17 | DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected... |
| CVE-2024-6048 | 2024-06-17 | Openfind MailGates and MailAudit - OS Command Injection |
| CVE-2024-36277 | 2024-06-17 | Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with... |
| CVE-2024-36279 | 2024-06-17 | Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this... |
| CVE-2024-36289 | 2024-06-17 | Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the... |
| CVE-2024-5741 | 2024-06-17 | XSS in inventory view |
| CVE-2024-6055 | 2024-06-17 | Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover... |
| CVE-2024-6057 | 2024-06-17 | Improper authentication in the vault password feature in Devolutions Remote Desktop Manager 2024.1.31.0 and earlier allows an attacker that has compromised an access to an RDM instance to bypass the... |
| CVE-2024-37158 | 2024-06-17 | Evmos is missing precompile checks |
| CVE-2024-37159 | 2024-06-17 | Evmos is missing create validator check |
| CVE-2024-4032 | 2024-06-17 | Incorrect IPv4 and IPv6 private ranges |
| CVE-2024-0397 | 2024-06-17 | Memory race condition in ssl.SSLContext certificate store methods |
| CVE-2024-6056 | 2024-06-17 | nasirkhan Laravel Starter Password Reset forgot-password observable response discrepancy |
| CVE-2024-36973 | 2024-06-17 | misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe() |
| CVE-2024-6058 | 2024-06-17 | LabVantage LIMS cross site scripting |