Lista CVE - 2024 / Luglio
Visualizzazione 901 - 1000 di 3115 CVE per Luglio 2024 (Pagina 10 di 32)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-38073 | 2024-07-09 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| CVE-2024-38074 | 2024-07-09 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-38076 | 2024-07-09 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-38078 | 2024-07-09 | Xbox Wireless Adapter Remote Code Execution Vulnerability |
| CVE-2024-38079 | 2024-07-09 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38081 | 2024-07-09 | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability |
| CVE-2024-38089 | 2024-07-09 | Microsoft Defender for IoT Elevation of Privilege Vulnerability |
| CVE-2024-38092 | 2024-07-09 | Azure CycleCloud Elevation of Privilege Vulnerability |
| CVE-2024-38094 | 2024-07-09 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2024-38095 | 2024-07-09 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2024-38099 | 2024-07-09 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| CVE-2024-38101 | 2024-07-09 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
| CVE-2024-38105 | 2024-07-09 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
| CVE-2024-5652 | 2024-07-09 | In Docker Desktop on Windows before v4.31.0 allows a user in the docker-users group to cause a Windows Denial-of-Service through the exec-path Docker daemon config option in Windows containers mode |
| CVE-2024-6222 | 2024-07-09 | In Docker Desktop before v4.29.0 an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages |
| CVE-2024-39698 | 2024-07-09 | Code Signing Bypass on Windows in electron-updater < 6.3.0-alpha.6 |
| CVE-2024-27183 | 2024-07-09 | Extension - dj-extensions.com - XSS vulnerability in DJ-HelpfulArticles component for Joomla 1.0.0-1.1.0 |
| CVE-2024-39897 | 2024-07-09 | Cache driver GetBlob() allows read access to any blob without access control check |
| CVE-2024-38517 | 2024-07-09 | Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Underflow |
| CVE-2024-39684 | 2024-07-09 | Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Overflow |
| CVE-2024-39899 | 2024-07-09 | PrivateBin allows shortening of URLs for other domains |
| CVE-2024-34123 | 2024-07-09 | Adobe Premiere Pro arbitrary DLL loading lead to remote code execution |
| CVE-2024-20782 | 2024-07-09 | Adobe Indesign WMF File Parsing Out Of Bound Write |
| CVE-2024-20783 | 2024-07-09 | Adobe Indesign 2024 RLE File Parsing Heap Memory Corruption |
| CVE-2024-20785 | 2024-07-09 | Adobe Indesign 2024 TIFF File Parsing Memory Corruption Remote Code Execution vulnerability |
| CVE-2024-20781 | 2024-07-09 | Adobe Indesign TIF File Parsing Heap Memory Corruption |
| CVE-2024-34139 | 2024-07-09 | Adobe Bridge has an integer overflow vulnerability when parsing SVG file |
| CVE-2024-34140 | 2024-07-09 | Adobe Bridge PDF File Parsing Memory Corruption |
| CVE-2024-6501 | 2024-07-09 | Networkmanager: denial of service |
| CVE-2023-21113 | 2024-07-09 | In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2023-21114 | 2024-07-09 | In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction... |
| CVE-2024-23695 | 2024-07-09 | In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in the kernel with no... |
| CVE-2024-23696 | 2024-07-09 | In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no... |
| CVE-2024-23697 | 2024-07-09 | In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no... |
| CVE-2024-23698 | 2024-07-09 | In RGXFWChangeOSidPriority of rgxfwutils.c, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no... |
| CVE-2024-23711 | 2024-07-09 | In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel... |
| CVE-2024-31310 | 2024-07-09 | In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to... |
| CVE-2024-31311 | 2024-07-09 | In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-31312 | 2024-07-09 | In multiple locations, there is a possible information leak due to a missing permission check. This could lead to local information disclosure exposing played media with no additional execution privileges... |
| CVE-2024-31313 | 2024-07-09 | In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-31314 | 2024-07-09 | In multiple functions of ShortcutService.java, there is a possible persistent DOS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User... |
| CVE-2024-31315 | 2024-07-09 | In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This... |
| CVE-2024-31316 | 2024-07-09 | In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no... |
| CVE-2024-31317 | 2024-07-09 | In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITE_SECURE_SETTINGS due to unsafe deserialization. This could lead to local escalation of... |
| CVE-2024-31318 | 2024-07-09 | In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with... |
| CVE-2024-31319 | 2024-07-09 | In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2024-31322 | 2024-07-09 | In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead... |
| CVE-2024-31323 | 2024-07-09 | In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with... |
| CVE-2024-31324 | 2024-07-09 | In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could... |
| CVE-2024-31325 | 2024-07-09 | In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege... |
| CVE-2024-31326 | 2024-07-09 | In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local... |
| CVE-2024-31327 | 2024-07-09 | In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-31320 | 2024-07-09 | In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege... |
| CVE-2024-31331 | 2024-07-09 | In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of... |
| CVE-2024-31332 | 2024-07-09 | In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. This could lead to local escalation of... |
| CVE-2024-31334 | 2024-07-09 | In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel... |
| CVE-2024-31335 | 2024-07-09 | In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel... |
| CVE-2024-31339 | 2024-07-09 | In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2024-34720 | 2024-07-09 | In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead... |
| CVE-2024-34721 | 2024-07-09 | In ensureFileColumns of MediaProvider.java, there is a possible disclosure of files owned by another user due to improper input validation. This could lead to local information disclosure with no additional... |
| CVE-2024-34722 | 2024-07-09 | In smp_proc_rand of smp_act.cc, there is a possible authentication bypass during legacy BLE pairing due to incorrect implementation of a protocol. This could lead to remote escalation of privilege with... |
| CVE-2024-34723 | 2024-07-09 | In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead... |
| CVE-2024-34724 | 2024-07-09 | In _UnrefAndMaybeDestroy of pmr.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional... |
| CVE-2024-34725 | 2024-07-09 | In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional... |
| CVE-2024-34726 | 2024-07-09 | In PVRSRV_MMap of pvr_bridge_k.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel... |
| CVE-2024-39901 | 2024-07-09 | OpenSearch Observability does not properly restrict access to private tenant resources |
| CVE-2024-39900 | 2024-07-09 | OpenSearch Dashboards Reports does not properly restrict access to private tenant resources |
| CVE-2024-39880 | 2024-07-09 | Stack-based Buffer Overflow in Delta Electronics CNCSoft-G2 |
| CVE-2024-39881 | 2024-07-09 | Out-of-bounds Write in Delta Electronics CNCSoft-G2 |
| CVE-2024-39882 | 2024-07-09 | Out-of-bounds Read in Delta Electronics CNCSoft-G2 |
| CVE-2024-39883 | 2024-07-09 | Heap-based Buffer Overflow in Delta Electronics CNCSoft-G2 |
| CVE-2024-21993 | 2024-07-09 | Information Disclosure Vulnerability in SnapCenter |
| CVE-2024-35154 | 2024-07-09 | IBM WebSphere Application Server code execution |
| CVE-2024-22477 | 2024-07-09 | PingFederate OIDC Policy Management Editor Cross-Site Scripting |
| CVE-2024-22377 | 2024-07-09 | PingFederate Runtime Node Path Traversal |
| CVE-2024-21832 | 2024-07-09 | PingFederate REST API Data Store Injection |
| CVE-2024-21417 | 2024-07-09 | Windows Text Services Framework Elevation of Privilege Vulnerability |
| CVE-2024-25023 | 2024-07-09 | IBM QRadar Suite Software information disclosure |
| CVE-2024-25076 | 2024-07-10 | An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The bootrom function responsible for validating the Flash Product Header directly uses a user-controllable size value (Length... |
| CVE-2024-25077 | 2024-07-10 | An issue was discovered on Renesas SmartBond DA14691, DA14695, DA14697, and DA14699 devices. The Nonce used for on-the-fly decryption of flash images is stored in an unsigned header, allowing its... |
| CVE-2024-37770 | 2024-07-10 | 14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload. |
| CVE-2024-40328 | 2024-07-10 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6 |
| CVE-2024-40329 | 2024-07-10 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup |
| CVE-2024-40331 | 2024-07-10 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup |
| CVE-2024-40332 | 2024-07-10 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord |
| CVE-2024-40333 | 2024-07-10 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2 |
| CVE-2024-40334 | 2024-07-10 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3 |
| CVE-2024-40336 | 2024-07-10 | idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.' |
| CVE-2024-40412 | 2024-07-10 | Tenda AX12 v1.0 v22.03.01.46 contains a stack overflow in the deviceList parameter of the sub_42E410 function. |
| CVE-2024-40417 | 2024-07-10 | A vulnerability was found in Tenda AX1806 1.0.0.1. Affected by this issue is the function formSetRebootTimer of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer... |
| CVE-2024-38875 | 2024-07-10 | An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a... |
| CVE-2024-39329 | 2024-07-10 | An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for... |
| CVE-2024-39330 | 2024-07-10 | An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from... |
| CVE-2024-39614 | 2024-07-10 | An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. |
| CVE-2024-6433 | 2024-07-10 | Local File Inclusion in stitionai/devika |
| CVE-2024-32670 | 2024-07-10 | Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting. |
| CVE-2024-22018 | 2024-07-10 | A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails... |
| CVE-2023-7061 | 2024-07-10 | Advanced File Manager Shortcode <= 2.5.3 - Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2024-4866 | 2024-07-10 | UltraAddons – Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-5677 | 2024-07-10 | Featured Image Generator <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Images Upload |