Lista CVE - 2024 / Giugno
Visualizzazione 1901 - 2000 di 3082 CVE per Giugno 2024 (Pagina 20 di 31)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2018-25103 | 2024-06-17 | Use-after-free vulnerabilities in lighttpd <= 1.4.50 |
| CVE-2024-6059 | 2024-06-17 | Ingenico Estate Manager News Feed messages cross site scripting |
| CVE-2024-37890 | 2024-06-17 | Denial of service when handling a request with many HTTP headers in ws |
| CVE-2024-37891 | 2024-06-17 | Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3 |
| CVE-2024-37902 | 2024-06-17 | Path thraversal in DeepJavaLibrary |
| CVE-2024-37895 | 2024-06-17 | API Key Leak in lobe-chat |
| CVE-2024-6061 | 2024-06-17 | GPAC MP4Box isoffin_read.c isoffin_process infinite loop |
| CVE-2024-6062 | 2024-06-17 | GPAC MP4Box load_text.c swf_svg_add_iso_sample null pointer dereference |
| CVE-2024-37896 | 2024-06-17 | SQL injection vulnerability in Gin-vue-admin |
| CVE-2024-37893 | 2024-06-17 | MFA bypass in oauth flow in Firefly III |
| CVE-2024-37305 | 2024-06-17 | Buffer overflow in deserialization in oqs-provider |
| CVE-2024-6063 | 2024-06-17 | GPAC MP4Box dmx_m2ts.c m2tsdmx_on_event null pointer dereference |
| CVE-2024-6064 | 2024-06-17 | GPAC MP4Box loader_xmt.c xmt_node_end use after free |
| CVE-2024-6065 | 2024-06-17 | itsourcecode Bakery Online Ordering System index.php sql injection |
| CVE-2024-6066 | 2024-06-17 | SourceCodester Best House Rental Management System payment_report.php sql injection |
| CVE-2024-6067 | 2024-06-17 | SourceCodester Music Class Enrollment System sql injection |
| CVE-2024-6080 | 2024-06-17 | Intelbras InControl incontrolWebcam Service unquoted search path |
| CVE-2024-6082 | 2024-06-17 | PHPVibe Global Options Page functionalities.global.php cross site scripting |
| CVE-2024-6083 | 2024-06-17 | PHPVibe Media Upload Page upload-mp3.php unrestricted upload |
| CVE-2024-22002 | 2024-06-18 | CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation directory. |
| CVE-2024-37791 | 2024-06-18 | DuxCMS3 v3.1.3 was discovered to contain a SQL injection vulnerability via the keyword parameter at /article/Content/index?class_id. |
| CVE-2024-37799 | 2024-06-18 | CodeProjects Restaurant Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the reserv_id parameter at view_reservations.php. |
| CVE-2024-37800 | 2024-06-18 | CodeProjects Restaurant Reservation System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Date parameter at index.php. |
| CVE-2024-37802 | 2024-06-18 | CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Patient Info module via the searvalu parameter. |
| CVE-2024-37821 | 2024-06-18 | An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file. |
| CVE-2024-38347 | 2024-06-18 | CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter. |
| CVE-2024-38348 | 2024-06-18 | CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter. |
| CVE-2024-37803 | 2024-06-18 | Multiple stored cross-site scripting (XSS) vulnerabilities in CodeProjects Health Care hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2024-6084 | 2024-06-18 | itsourcecode Pool of Bethesda Online Reservation System uploadImage unrestricted upload |
| CVE-2024-4375 | 2024-06-18 | Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode |
| CVE-2024-0845 | 2024-06-18 | PDF Viewer for Elementor <= 2.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via render |
| CVE-2024-1634 | 2024-06-18 | Scheduling Plugin – Online Booking for WordPress <= 3.5.10 - Missing Authorization to Unauthenticated Service Disconnection |
| CVE-2024-5541 | 2024-06-18 | Ibtana - WordPress Website Builder <= 1.2.3.3 - Unauthenticated reCAPTCHA Settings Update |
| CVE-2024-5860 | 2024-06-18 | Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion |
| CVE-2023-5527 | 2024-06-18 | Business Directory Plugin <= 6.4.3 - Authenticated (Author+) CSV Injection |
| CVE-2024-37079 | 2024-06-18 | vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially... |
| CVE-2024-37080 | 2024-06-18 | vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially... |
| CVE-2024-37081 | 2024-06-18 | The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root... |
| CVE-2024-33622 | 2024-06-18 | Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored... |
| CVE-2024-33620 | 2024-06-18 | Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be... |
| CVE-2024-34024 | 2024-06-18 | Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid... |
| CVE-2024-3276 | 2024-06-18 | FooBox (Free and Premium) < 2.7.28 - Admin+ Stored XSS |
| CVE-2024-4094 | 2024-06-18 | Simple Share Buttons Adder < 8.5.1 - Admin+ Stored XSS |
| CVE-2024-5172 | 2024-06-18 | Expert Invoice <= 1.0.2 -Admin+ Stored XSS |
| CVE-2024-0066 | 2024-06-18 | Johan Fagerström, member of the AXIS OS Bug Bounty Program, has found that a O3C feature may expose sensitive traffic between the client (Axis device) and (O3C) server. If O3C... |
| CVE-2024-5533 | 2024-06-18 | Divi <= 4.25.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-5899 | 2024-06-18 | Improper trust check in Bazel Build intellij plugin |
| CVE-2024-6108 | 2024-06-18 | Genexis Tilgin Home Gateway Login cross site scripting |
| CVE-2024-5953 | 2024-06-18 | 389-ds-base: malformed userpassword hash may cause denial of service |
| CVE-2024-38504 | 2024-06-18 | In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles |
| CVE-2024-38505 | 2024-06-18 | In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site |
| CVE-2024-38506 | 2024-06-18 | In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows |
| CVE-2024-38507 | 2024-06-18 | In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible |
| CVE-2024-6109 | 2024-06-18 | itsourcecode Tailoring Management System addmeasurement.php sql injection |
| CVE-2024-6110 | 2024-06-18 | itsourcecode Magbanua Beach Resort Online Reservation System controller.php unrestricted upload |
| CVE-2024-5967 | 2024-06-18 | Keycloak: leak of configured ldap bind credentials through the keycloak admin console |
| CVE-2024-6111 | 2024-06-18 | itsourcecode Pool of Bethesda Online Reservation System login.php sql injection |
| CVE-2024-6112 | 2024-06-18 | itsourcecode Pool of Bethesda Online Reservation System index.php sql injection |
| CVE-2024-6114 | 2024-06-18 | itsourcecode Monbela Tourist Inn Online Reservation System controller.php unrestricted upload |
| CVE-2024-6115 | 2024-06-18 | itsourcecode Simple Online Hotel Reservation System add_room.php unrestricted upload |
| CVE-2024-6116 | 2024-06-18 | itsourcecode Simple Online Hotel Reservation System edit_room.php unrestricted upload |
| CVE-2023-47726 | 2024-06-18 | IBM QRadar Suite improper input validation |
| CVE-2024-5275 | 2024-06-18 | Hard-coded password in FileCatalyst Direct 3.8.10 Build 138 TransferAgent (and earlier) and FileCatalyst Workflow 5.1.6 Build 130 (and earlier) |
| CVE-2024-21685 | 2024-06-18 | This High severity Information Disclosure vulnerability was introduced in versions 9.4.0, 9.12.0, and 9.15.0 of Jira Core Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.4, allows... |
| CVE-2024-38351 | 2024-06-18 | Password auth and OAuth2 unverified email linking |
| CVE-2024-37904 | 2024-06-18 | Denial of service from maliciously configured Git repository in Minder |
| CVE-2022-23829 | 2024-06-18 | A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections. |
| CVE-2024-36974 | 2024-06-18 | net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP |
| CVE-2024-36975 | 2024-06-18 | KEYS: trusted: Do not use WARN when encode fails |
| CVE-2024-36976 | 2024-06-18 | Revert "media: v4l2-ctrls: show all owned controls in log_status" |
| CVE-2024-36977 | 2024-06-18 | usb: dwc3: Wait unconditionally after issuing EndXfer command |
| CVE-2024-38273 | 2024-06-18 | moodle: BigBlueButton web service leaks meeting joining information to users who should not have access |
| CVE-2024-38274 | 2024-06-18 | moodle: stored XSS via calendar's event title when deleting the event |
| CVE-2024-38275 | 2024-06-18 | moodle: HTTP authorization header is preserved between "emulated redirects" |
| CVE-2024-38276 | 2024-06-18 | moodle: CSRF risks due to misuse of confirm_sesskey |
| CVE-2024-38277 | 2024-06-18 | moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys |
| CVE-2024-6128 | 2024-06-18 | spa-cartcms Checkout Page checkout behavioral workflow |
| CVE-2024-6129 | 2024-06-18 | spa-cartcms Username login observable behavioral discrepancy |
| CVE-2024-5970 | 2024-06-18 | MaxGalleria <= 6.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via maxgallery_thumb Shortcode |
| CVE-2024-6142 | 2024-06-18 | Actiontec WCB6200Q uh_tcp_recv_content Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-6143 | 2024-06-18 | Actiontec WCB6200Q uh_tcp_recv_header Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-6144 | 2024-06-18 | Actiontec WCB6200Q Multipart Boundary Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-6145 | 2024-06-18 | Actiontec WCB6200Q Cookie Format String Remote Code Execution Vulnerability |
| CVE-2024-6146 | 2024-06-18 | Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-33836 | 2024-06-19 | In the module "JA Marketplace" (jamarketplace) up to version 9.0.1 from JA Module for PrestaShop, a guest can upload files with extensions .php. In version 6.X, the method `JmarketplaceproductModuleFrontController::init()` and... |
| CVE-2024-34990 | 2024-06-19 | In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket()`... |
| CVE-2024-34993 | 2024-06-19 | In the module "Bulk Export products to Google Merchant-Google Shopping" (bagoogleshopping) up to version 1.0.26 from Buy Addons for PrestaShop, a guest can perform SQL injection via`GenerateCategories::renderCategories(). |
| CVE-2024-34994 | 2024-06-19 | In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection via `ChannableFeedModuleFrontController::postProcess()`. |
| CVE-2024-36677 | 2024-06-19 | In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the... |
| CVE-2024-36678 | 2024-06-19 | In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed... |
| CVE-2024-36679 | 2024-06-19 | In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method `Lcp::saveTranslations()` suffer of... |
| CVE-2024-36680 | 2024-06-19 | In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with... |
| CVE-2024-36684 | 2024-06-19 | In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The script ajax.php have a sensitive SQL call that can be executed... |
| CVE-2024-6125 | 2024-06-19 | Login with phone number <= 1.7.34 - Insecure Password Reset Mechanism |
| CVE-2024-4450 | 2024-06-19 | AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Missing Authorization via Several Functions |
| CVE-2024-4787 | 2024-06-19 | Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending |
| CVE-2024-5021 | 2024-06-19 | WordPress Picture / Portfolio / Media Gallery <= 3.0.1 - Unauthenticated Server-Side Request Forgery |
| CVE-2024-4663 | 2024-06-19 | OSM Map Widget for Elementor <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2024-4541 | 2024-06-19 | Custom Product List Table <= 3.0.0 - Cross-Site Request Forgery |
| CVE-2024-4873 | 2024-06-19 | Replace Image <= 1.1.10 - Insecure Direct Object Reference |