Lista CVE - 2024 / Luglio
Visualizzazione 401 - 500 di 3115 CVE per Luglio 2024 (Pagina 5 di 32)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-6524 | 2024-07-05 | ShopXO Uploader.php server-side request forgery |
| CVE-2024-6525 | 2024-07-05 | D-Link DAR-7000 decodmail.php deserialization |
| CVE-2024-23588 | 2024-07-05 | A denial of service vulnerability affects HCL Nomad server on Domino |
| CVE-2024-6526 | 2024-07-05 | CodeIgniter Ecommerce-CodeIgniter-Bootstrap cross site scripting |
| CVE-2024-39864 | 2024-07-05 | Apache CloudStack: Integration API service uses dynamic port when disabled |
| CVE-2024-38346 | 2024-07-05 | Apache CloudStack: Unauthenticated cluster service port leads to remote execution |
| CVE-2024-6505 | 2024-07-05 | Qemu-kvm: virtio-net: queue index out-of-bounds access in software rss |
| CVE-2024-37903 | 2024-07-05 | Mastodon has improper authorship check on audience extension for existing posts |
| CVE-2024-39321 | 2024-07-05 | Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes |
| CVE-2024-39687 | 2024-07-05 | Fedify vulnerable to allowing access to internal network resources |
| CVE-2024-34361 | 2024-07-05 | Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE) |
| CVE-2024-39689 | 2024-07-05 | Certifi removes GLOBALTRUST root certificate |
| CVE-2024-39691 | 2024-07-05 | Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to |
| CVE-2024-39696 | 2024-07-05 | Evmos vulnerable to exploit of smart contract account and vesting |
| CVE-2024-5753 | 2024-07-05 | Local File Read (LFI) by Prompt Injection via Postgres SQL in vanna-ai/vanna |
| CVE-2024-40594 | 2024-07-06 | The OpenAI ChatGPT app before 2024-07-05 for macOS opts out of the sandbox, and stores conversations in cleartext in a location accessible to other apps. |
| CVE-2024-40597 | 2024-07-06 | An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. It can expose suppressed information for log events. (The log_deleted attribute is not respected.) |
| CVE-2024-40600 | 2024-07-06 | An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. |
| CVE-2024-40601 | 2024-07-06 | An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules. |
| CVE-2024-40596 | 2024-07-06 | An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.) |
| CVE-2024-40598 | 2024-07-06 | An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.) |
| CVE-2024-40599 | 2024-07-06 | An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. |
| CVE-2024-40602 | 2024-07-06 | An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. |
| CVE-2024-40603 | 2024-07-06 | An issue was discovered in the ArticleRatings extension for MediaWiki through 1.42.1. Special:ChangeRating allows CSRF to alter data via a GET request. |
| CVE-2024-40604 | 2024-07-06 | An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via MediaWiki:Nimbus-sidebar menu and submenu entries. |
| CVE-2024-40605 | 2024-07-06 | An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries. |
| CVE-2024-5616 | 2024-07-06 | CSRF Vulnerability in mudler/LocalAI |
| CVE-2024-39486 | 2024-07-06 | drm/drm_file: Fix pid refcounting race |
| CVE-2024-37260 | 2024-07-06 | WordPress Foxiz Theme theme <= 2.3.5 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-37208 | 2024-07-06 | WordPress WP Scraper plugin <= 5.7 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-37234 | 2024-07-06 | WordPress Academy LMS plugin <= 2.0.4 - Open Redirection vulnerability |
| CVE-2024-37539 | 2024-07-06 | WordPress WP To Do plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37541 | 2024-07-06 | WordPress Elementor Addons, Widgets and Enhancements – Stax plugin <= 1.4.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37542 | 2024-07-06 | WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2024-37546 | 2024-07-06 | WordPress Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37547 | 2024-07-06 | WordPress Elementor Addons by Livemesh plugin <= 8.4.0 - Local File Inclusion vulnerability |
| CVE-2024-37553 | 2024-07-06 | WordPress Testimonials Widget plugin <= 4.0.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37554 | 2024-07-06 | WordPress UltraAddons plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-6095 | 2024-07-06 | SSRF and Partial LFI in /models/apply Endpoint in mudler/localai |
| CVE-2024-40614 | 2024-07-07 | EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting. |
| CVE-2024-6229 | 2024-07-07 | Stored XSS in stangirard/quivr |
| CVE-2024-3651 | 2024-07-07 | Denial of Service via Quadratic Complexity in kjd/idna |
| CVE-2024-6539 | 2024-07-07 | heyewei SpringBootCMS Guestbook guestbook cross site scripting |
| CVE-2024-31504 | 2024-07-08 | Buffer Overflow vulnerability in SILA Embedded Solutions GmbH freemodbus v.2018-09-12 allows a remtoe attacker to cause a denial of service via the LINUXTCP server component. |
| CVE-2024-39202 | 2024-07-08 | D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings. |
| CVE-2024-39203 | 2024-07-08 | A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2024-5711 | 2024-07-08 | Stored XSS in stitionai/devika |
| CVE-2024-39723 | 2024-07-08 | IBM FlashSystem denial of service |
| CVE-2024-38330 | 2024-07-08 | IBM i privilege escalation |
| CVE-2024-31897 | 2024-07-08 | IBM Cloud Pak for Business Automation server-side request forgery |
| CVE-2024-37528 | 2024-07-08 | IBM Cloud Pak for Business Automation cross-site scripting |
| CVE-2024-34602 | 2024-07-08 | Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this... |
| CVE-2024-34603 | 2024-07-08 | Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data. |
| CVE-2024-37389 | 2024-07-08 | Apache NiFi: Improper Neutralization of Input in Parameter Context Description |
| CVE-2024-27459 | 2024-07-08 | The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges. |
| CVE-2024-24974 | 2024-07-08 | The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service. |
| CVE-2024-27903 | 2024-07-08 | OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact... |
| CVE-2024-37999 | 2024-07-08 | A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated... |
| CVE-2024-6163 | 2024-07-08 | local IP restriction of internal HTTP endpoints |
| CVE-2024-39743 | 2024-07-08 | IBM MQ Container denial of service |
| CVE-2024-39742 | 2024-07-08 | IBM MQ Container authentication bypass |
| CVE-2024-4341 | 2024-07-08 | IDOR in ExtremePacs's Extreme XDS |
| CVE-2024-25639 | 2024-07-08 | Prompt Injection triggered XSS vulnerability in Khoj Obsidian, Desktop and Web clients |
| CVE-2024-39308 | 2024-07-08 | RailsAdmin Cross-site Scripting vulnerability in the list view |
| CVE-2024-39677 | 2024-07-08 | NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities |
| CVE-2024-6563 | 2024-07-08 | Buffer Overflow Arbitrary Write |
| CVE-2024-39695 | 2024-07-08 | Exiv2 has an out-of-bounds read in AsfVideo::streamProperties |
| CVE-2024-6564 | 2024-07-08 | Buffer overflow in Rensas RCAR |
| CVE-2023-49867 | 2024-07-08 | A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution.... |
| CVE-2023-50330 | 2024-07-08 | A stack-based buffer overflow vulnerability exists in the boa getInfo functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution.... |
| CVE-2023-50381 | 2024-07-08 | Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution.... |
| CVE-2023-50382 | 2024-07-08 | Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution.... |
| CVE-2023-50383 | 2024-07-08 | Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution.... |
| CVE-2023-50243 | 2024-07-08 | Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution.... |
| CVE-2023-50244 | 2024-07-08 | Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution.... |
| CVE-2023-41251 | 2024-07-08 | A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution.... |
| CVE-2023-50239 | 2024-07-08 | Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution.... |
| CVE-2023-50240 | 2024-07-08 | Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution.... |
| CVE-2023-47856 | 2024-07-08 | A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution.... |
| CVE-2023-45215 | 2024-07-08 | A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution.... |
| CVE-2023-49595 | 2024-07-08 | A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution.... |
| CVE-2023-45742 | 2024-07-08 | An integer overflow vulnerability exists in the boa updateConfigIntoFlash functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An... |
| CVE-2023-48270 | 2024-07-08 | A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution.... |
| CVE-2023-49073 | 2024-07-08 | A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution.... |
| CVE-2023-49593 | 2024-07-08 | Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution. |
| CVE-2023-46685 | 2024-07-08 | A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution. |
| CVE-2024-21778 | 2024-07-08 | A heap-based buffer overflow vulnerability exists in the configuration file mib_init_value_array functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted .dat file can lead to arbitrary code execution. An... |
| CVE-2023-34435 | 2024-07-08 | A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker can... |
| CVE-2023-47677 | 2024-07-08 | A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker... |
| CVE-2024-39699 | 2024-07-08 | Directus has a Blind SSRF On File Import |
| CVE-2024-23562 | 2024-07-08 | HCL Domino is susceptible to an information disclosure vulnerability |
| CVE-2024-34702 | 2024-07-08 | Botan has a Denial of Service Due to Excessive Name Constraints |
| CVE-2024-39312 | 2024-07-08 | Botan has an Authorization Error due to Name Constraint Decoding Bug |
| CVE-2024-39701 | 2024-07-08 | Directus Incorrectly handles _in` filter |
| CVE-2024-39895 | 2024-07-08 | Directus GraphQL Field Duplication Denial of Service (DoS) |
| CVE-2024-1305 | 2024-07-08 | tap-windows6 driver version 9.26 and earlier does not properly check the size data of incomming write operations which an attacker can use to overflow memory buffers, resulting in a bug... |
| CVE-2024-39896 | 2024-07-08 | Directus allows SSO User Enumeration |
| CVE-2024-4882 | 2024-07-08 | URL Redirection to Arbitrary Site Exists in Sitefinity |
| CVE-2024-6409 | 2024-07-08 | Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9 |
| CVE-2024-6580 | 2024-07-08 | /n software IPWorks SSH insufficient file access verification |