Lista CVE - 2024 / Luglio
Visualizzazione 1 - 100 di 3115 CVE per Luglio 2024 (Pagina 1 di 32)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-32228 | 2024-07-01 | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a SEGV at libavcodec/hevcdec.c:2947:22 in hevc_frame_end. |
| CVE-2024-32229 | 2024-07-01 | FFmpeg 7.0 contains a heap-buffer-overflow at libavfilter/vf_tiltandshift.c:189:5 in copy_column. |
| CVE-2024-37762 | 2024-07-01 | MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution. |
| CVE-2024-37763 | 2024-07-01 | MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results. |
| CVE-2024-37764 | 2024-07-01 | MachForm up to version 19 is affected by an authenticated stored cross-site scripting. |
| CVE-2024-37765 | 2024-07-01 | Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page. |
| CVE-2024-38987 | 2024-07-01 | aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-38990 | 2024-07-01 | Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-38991 | 2024-07-01 | akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-38992 | 2024-07-01 | airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-38993 | 2024-07-01 | rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-38994 | 2024-07-01 | amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS)... |
| CVE-2024-38996 | 2024-07-01 | ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service... |
| CVE-2024-38997 | 2024-07-01 | adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-38999 | 2024-07-01 | jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-39000 | 2024-07-01 | adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-39001 | 2024-07-01 | ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting... |
| CVE-2024-39002 | 2024-07-01 | rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-39003 | 2024-07-01 | amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS)... |
| CVE-2024-39008 | 2024-07-01 | robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-39013 | 2024-07-01 | 2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting... |
| CVE-2024-39014 | 2024-07-01 | ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-39015 | 2024-07-01 | cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-39016 | 2024-07-01 | che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-39017 | 2024-07-01 | agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-39018 | 2024-07-01 | harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-39236 | 2024-07-01 | Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report... |
| CVE-2024-39249 | 2024-07-01 | Async <= 2.6.4 and <= 3.2.5 are vulnerable to ReDoS (Regular Expression Denial of Service) while parsing function in autoinject function. NOTE: this is disputed by the supplier because there... |
| CVE-2024-39853 | 2024-07-01 | adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-23737 | 2024-07-01 | Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Jira allows attackers to allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link... |
| CVE-2024-32230 | 2024-07-01 | FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 |
| CVE-2024-38953 | 2024-07-01 | phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file. |
| CVE-2024-39251 | 2024-07-01 | An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate privileges via sending crafted IOCTL requests. |
| CVE-2024-38480 | 2024-07-01 | "Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key.... |
| CVE-2024-3122 | 2024-07-01 | CHANGING Mobile One Time Password - Arbitrary File Reading |
| CVE-2024-3123 | 2024-07-01 | CHANGING Mobile One Time Password - Arbitrary File Upload |
| CVE-2024-20077 | 2024-07-01 | In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2024-20076 | 2024-07-01 | In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2024-20078 | 2024-07-01 | In venc, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2024-20079 | 2024-07-01 | In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-20080 | 2024-07-01 | In gnss service, there is a possible escalation of privilege due to improper certificate validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User... |
| CVE-2024-20081 | 2024-07-01 | In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2024-4934 | 2024-07-01 | Quiz And Survey Master < 9.0.2 - Contributor+ Stored XSS |
| CVE-2024-6130 | 2024-07-01 | Form Maker by 10Web < 1.15.26 - Admin+ Stored XSS |
| CVE-2024-39427 | 2024-07-01 | In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2024-39428 | 2024-07-01 | In trusty service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
| CVE-2024-39429 | 2024-07-01 | In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges... |
| CVE-2024-39430 | 2024-07-01 | In faceid servive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges... |
| CVE-2024-0153 | 2024-07-01 | Mali GPU Firmware allows improper GPU processing operations |
| CVE-2024-4007 | 2024-07-01 | Hard coded default credential contained in install package |
| CVE-2024-6387 | 2024-07-01 | Openssh: regresshion - race condition in ssh allows rce/dos |
| CVE-2024-6424 | 2024-07-01 | Server-Side Request Forgery vulnerability in MESbook |
| CVE-2024-6425 | 2024-07-01 | Incorrect Provision of Specified Functionality vulnerability in MESbook |
| CVE-2024-6050 | 2024-07-01 | Reflected XSS in SOWA OPAC |
| CVE-2024-24749 | 2024-07-01 | Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat |
| CVE-2023-43554 | 2024-07-01 | Improper Restriction of Operations withing the Bounds of a Memory Buffer in DSP Services |
| CVE-2024-21456 | 2024-07-01 | Buffer Over-read in WLAN HOST |
| CVE-2024-21457 | 2024-07-01 | Buffer Over-read in WLAN Host Communication |
| CVE-2024-21458 | 2024-07-01 | Buffer Over-read in WLAN HOST |
| CVE-2024-21460 | 2024-07-01 | Use of Insufficiently Random Values in Core |
| CVE-2024-21461 | 2024-07-01 | Double Free in HLOS |
| CVE-2024-21462 | 2024-07-01 | Buffer Over-read in TZ Secure OS |
| CVE-2024-21465 | 2024-07-01 | Buffer Over-read in Trusted Execution Environment |
| CVE-2024-21466 | 2024-07-01 | Integer Underflow (Wrap or Wraparound) in WLAN Host Communication |
| CVE-2024-21469 | 2024-07-01 | Permissions, Privileges, and Access Control issues in TZ Secure OS |
| CVE-2024-21482 | 2024-07-01 | Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux Boot Loader |
| CVE-2024-23368 | 2024-07-01 | Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Qualcomm IPC |
| CVE-2024-23372 | 2024-07-01 | Integer Overflow or Wraparound in Graphics |
| CVE-2024-23373 | 2024-07-01 | Use After Free in Graphics |
| CVE-2024-23380 | 2024-07-01 | Use After Free in Graphics |
| CVE-2024-34696 | 2024-07-01 | GeoServer's Server Status shows sensitive environmental variables and Java properties |
| CVE-2024-6375 | 2024-07-01 | Missing authorization check may lead to shard key refinement |
| CVE-2024-6376 | 2024-07-01 | ejson shell parser in MongoDB Compass maybe bypassed |
| CVE-2024-36401 | 2024-07-01 | Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver |
| CVE-2024-36420 | 2024-07-01 | GHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-file |
| CVE-2024-36421 | 2024-07-01 | GHSL-2023-234: Flowise Cors Misconfiguration in packages/server/src/index.ts |
| CVE-2024-36422 | 2024-07-01 | GHSL-2023-245: Flowise xss in api/v1/chatflows/id |
| CVE-2024-20399 | 2024-07-01 | Cisco NX-OS Software CLI Command Injection Vulnerability |
| CVE-2024-36987 | 2024-07-01 | Insecure File Upload in the indexing/preview REST endpoint |
| CVE-2024-36989 | 2024-07-01 | Low-privileged user could create notifications in Splunk Web Bulletin Messages |
| CVE-2024-36994 | 2024-07-01 | Persistent Cross-site Scripting (XSS) in Dashboard Elements |
| CVE-2024-36996 | 2024-07-01 | Information Disclosure of user names |
| CVE-2024-36983 | 2024-07-01 | Command Injection using External Lookups |
| CVE-2024-36986 | 2024-07-01 | Risky command safeguards bypass through Search ID query in Analytics Workspace |
| CVE-2024-36984 | 2024-07-01 | Remote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows |
| CVE-2024-36992 | 2024-07-01 | Persistent Cross-site Scripting (XSS) in Dashboard Elements |
| CVE-2024-36985 | 2024-07-01 | Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise |
| CVE-2024-36990 | 2024-07-01 | Denial of Service (DoS) on the datamodel/web REST endpoint |
| CVE-2024-36991 | 2024-07-01 | Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows |
| CVE-2024-36982 | 2024-07-01 | Denial of Service through null pointer reference in “cluster/config” REST endpoint |
| CVE-2024-21586 | 2024-07-01 | Junos OS: SRX Series and NFX Series: Specific valid traffic leads to a PFE crash |
| CVE-2024-36995 | 2024-07-01 | Low-privileged user could create experimental items |
| CVE-2024-36993 | 2024-07-01 | Persistent Cross-site Scripting (XSS) in Web Bulletin |
| CVE-2024-36997 | 2024-07-01 | Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint |
| CVE-2024-39878 | 2024-07-01 | In JetBrains TeamCity before 2024.03.3 private key could be exposed via testing GitHub App Connection |
| CVE-2024-39879 | 2024-07-01 | In JetBrains TeamCity before 2024.03.3 application token could be exposed in EC2 Cloud Profile settings |
| CVE-2024-36387 | 2024-07-01 | Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 |
| CVE-2024-38472 | 2024-07-01 | Apache HTTP Server on WIndows UNC SSRF |
| CVE-2024-38473 | 2024-07-01 | Apache HTTP Server proxy encoding problem |
| CVE-2024-38474 | 2024-07-01 | Apache HTTP Server weakness with encoded question marks in backreferences |