Lista CVE - 2024 / Luglio
Visualizzazione 1301 - 1400 di 3117 CVE per Luglio 2024 (Pagina 14 di 32)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-40958 | 2024-07-12 | netns: Make get_net_ns() handle zero refcount net |
| CVE-2024-40959 | 2024-07-12 | xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() |
| CVE-2024-40960 | 2024-07-12 | ipv6: prevent possible NULL dereference in rt6_probe() |
| CVE-2024-40961 | 2024-07-12 | ipv6: prevent possible NULL deref in fib6_nh_init() |
| CVE-2024-40962 | 2024-07-12 | btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes |
| CVE-2024-40963 | 2024-07-12 | mips: bmips: BCM6358: make sure CBR is correctly set |
| CVE-2024-40964 | 2024-07-12 | ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind() |
| CVE-2024-40965 | 2024-07-12 | i2c: lpi2c: Avoid calling clk_get_rate during transfer |
| CVE-2024-40966 | 2024-07-12 | tty: add the option to have a tty reject a new ldisc |
| CVE-2024-40967 | 2024-07-12 | serial: imx: Introduce timeout when waiting on transmitter empty |
| CVE-2024-40968 | 2024-07-12 | MIPS: Octeon: Add PCIe link status check |
| CVE-2024-40969 | 2024-07-12 | f2fs: don't set RO when shutting down f2fs |
| CVE-2024-40970 | 2024-07-12 | Avoid hw_desc array overrun in dw-axi-dmac |
| CVE-2024-40971 | 2024-07-12 | f2fs: remove clear SB_INLINECRYPT flag in default_options |
| CVE-2024-40972 | 2024-07-12 | ext4: do not create EA inode under buffer lock |
| CVE-2024-40973 | 2024-07-12 | media: mtk-vcodec: potential null pointer deference in SCP |
| CVE-2024-40974 | 2024-07-12 | powerpc/pseries: Enforce hcall result buffer validity and size |
| CVE-2024-40975 | 2024-07-12 | platform/x86: x86-android-tablets: Unregister devices in reverse order |
| CVE-2024-40976 | 2024-07-12 | drm/lima: mask irqs in timeout path before hard reset |
| CVE-2024-40977 | 2024-07-12 | wifi: mt76: mt7921s: fix potential hung tasks during chip recovery |
| CVE-2024-40978 | 2024-07-12 | scsi: qedi: Fix crash while reading debugfs attribute |
| CVE-2024-40979 | 2024-07-12 | wifi: ath12k: fix kernel crash during resume |
| CVE-2024-40980 | 2024-07-12 | drop_monitor: replace spin_lock by raw_spin_lock |
| CVE-2024-40981 | 2024-07-12 | batman-adv: bypass empty buckets in batadv_purge_orig_ref() |
| CVE-2024-40983 | 2024-07-12 | tipc: force a dst refcount before doing decryption |
| CVE-2024-40984 | 2024-07-12 | ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." |
| CVE-2024-40985 | 2024-07-12 | net/tcp_ao: Don't leak ao_info on error-path |
| CVE-2024-40986 | 2024-07-12 | dmaengine: xilinx: xdma: Fix data synchronisation in xdma_channel_isr() |
| CVE-2024-40987 | 2024-07-12 | drm/amdgpu: fix UBSAN warning in kv_dpm.c |
| CVE-2024-40988 | 2024-07-12 | drm/radeon: fix UBSAN warning in kv_dpm.c |
| CVE-2024-40989 | 2024-07-12 | KVM: arm64: Disassociate vcpus from redistributor region on teardown |
| CVE-2024-40990 | 2024-07-12 | RDMA/mlx5: Add check for srq max_sge attribute |
| CVE-2024-40991 | 2024-07-12 | dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id() |
| CVE-2024-40992 | 2024-07-12 | RDMA/rxe: Fix responder length checking for UD request packets |
| CVE-2024-40993 | 2024-07-12 | netfilter: ipset: Fix suspicious rcu_dereference_protected() |
| CVE-2024-40994 | 2024-07-12 | ptp: fix integer overflow in max_vclocks_store |
| CVE-2024-40995 | 2024-07-12 | net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() |
| CVE-2024-40996 | 2024-07-12 | bpf: Avoid splat in pskb_pull_reason |
| CVE-2024-40997 | 2024-07-12 | cpufreq: amd-pstate: fix memory leak on CPU EPP exit |
| CVE-2024-40998 | 2024-07-12 | ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() |
| CVE-2024-40999 | 2024-07-12 | net: ena: Add validation for completion descriptors consistency |
| CVE-2024-41000 | 2024-07-12 | block/ioctl: prefer different overflow check |
| CVE-2024-41001 | 2024-07-12 | io_uring/sqpoll: work around a potential audit memory leak |
| CVE-2024-41002 | 2024-07-12 | crypto: hisilicon/sec - Fix memory leak for sec resource release |
| CVE-2024-41003 | 2024-07-12 | bpf: Fix reg_set_min_max corruption of fake_reg |
| CVE-2024-41004 | 2024-07-12 | tracing: Build event generation tests only as modules |
| CVE-2024-41005 | 2024-07-12 | netpoll: Fix race condition in netpoll_owner_active |
| CVE-2024-41006 | 2024-07-12 | netrom: Fix a memory leak in nr_heartbeat_expiry() |
| CVE-2024-6495 | 2024-07-12 | Premium Addons for Elementor <= 4.10.36 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Animated Text Widget |
| CVE-2024-5325 | 2024-07-12 | Form Vibes <= 1.4.10 - Authenticated (Subscriber+) SQL Injection via fv_export_data |
| CVE-2024-37933 | 2024-07-12 | WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated SQL Injection vulnerability |
| CVE-2024-37564 | 2024-07-12 | WordPress PayPlus Payment Gateway plugin <= 7.0.7 - SQL Injection vulnerability |
| CVE-2024-37544 | 2024-07-12 | WordPress Get Better Reviews for WooCommerce plugin <= 4.0.6 - Broken Access Control vulnerability |
| CVE-2024-37213 | 2024-07-12 | WordPress AliExpress Dropshipping with AliNext Lite plugin <= 3.3.9 - CSRF to XSS vulnerability |
| CVE-2024-37202 | 2024-07-12 | WordPress Ultimate Custom Add To Cart Button (Ajax) For WooCommerce by Binary Carpenter plugin <= 1.222.16 - Broken Access Control to XSS vulnerability |
| CVE-2024-35773 | 2024-07-12 | WordPress Comment Reply Email plugin <= 1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-37941 | 2024-07-12 | WordPress Internal Link Juicer: SEO Auto Linker for WordPress plugin <= 2.24.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37940 | 2024-07-12 | WordPress Seraphinite Accelerator (Full, premium) plugin <= 2.21.13 - CSRF Leading to Arbitrary File Deletion vulnerability |
| CVE-2024-37939 | 2024-07-12 | WordPress Patricia Lite theme <= 1.2.3 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37938 | 2024-07-12 | WordPress SociallyViral theme <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-37560 | 2024-07-12 | WordPress WP User Switch plugin <= 1.1.0 - Privilege Escalation vulnerability |
| CVE-2024-37927 | 2024-07-12 | WordPress Jobmonster theme <= 4.7.0 - Unauthenticated Privilege Escalation vulnerability |
| CVE-2024-37928 | 2024-07-12 | WordPress Jobmonster theme <= 4.7.0 - Unauthenticated Arbitrary File Deletion vulnerability |
| CVE-2024-37932 | 2024-07-12 | WordPress Woocommerce OpenPos plugin <= 6.4.4 - Unauthenticated Arbitrary File Deletion vulnerability |
| CVE-2024-38700 | 2024-07-12 | WordPress WPCS – WordPress Currency Switcher Professional plugin <= 1.2.0.3 - Arbitrary Shortcode Execution vulnerability |
| CVE-2024-38704 | 2024-07-12 | WordPress Team Manager plugin <= 2.1.12 - Local File Inclusion vulnerability |
| CVE-2024-38706 | 2024-07-12 | WordPress HT Mega plugin <= 2.5.7 - JSON Path Traversal vulnerability |
| CVE-2024-38709 | 2024-07-12 | WordPress GD Rating System plugin <= 3.6 - Local File Inclusion vulnerability |
| CVE-2024-38715 | 2024-07-12 | WordPress ExS Widgets plugin <= 0.3.1 - Local File Inclusion vulnerability |
| CVE-2024-39903 | 2024-07-12 | Local File Inclusion in Solara |
| CVE-2024-39909 | 2024-07-12 | SQL Injection in the KubeClarity REST API |
| CVE-2024-39914 | 2024-07-12 | FOG has a command injection in /fog/management/export.php?filename= |
| CVE-2024-39916 | 2024-07-12 | NFS server misconfiguration allows file access outside the exported directory |
| CVE-2024-38716 | 2024-07-12 | WordPress Events Calendar for Google plugin <= 2.1.0 - Local File Inclusion vulnerability |
| CVE-2024-38717 | 2024-07-12 | WordPress Booking Ultra Pro Appointments Booking Calendar plugin <= 1.1.13 - Local File Inclusion vulnerability |
| CVE-2024-38734 | 2024-07-12 | WordPress Import Spreadsheets from Microsoft Excel plugin <= 10.1.4 - Arbitrary File Upload vulnerability |
| CVE-2024-38735 | 2024-07-12 | WordPress Event post plugin <= 5.9.5 - Local File Inclusion vulnerability |
| CVE-2024-38736 | 2024-07-12 | WordPress Realtyna Organic IDX plugin <= 4.14.13 - Arbitrary File Upload vulnerability |
| CVE-2024-39917 | 2024-07-12 | xrdp allows an ininite number of login attempts |
| CVE-2024-37405 | 2024-07-12 | Livechat messages can be leaked by combining two NoSQL injections... |
| CVE-2024-40690 | 2024-07-12 | IBM InfoSphere Server cross-site scripting |
| CVE-2023-41093 | 2024-07-12 | Loss of confidentiality due to potential race condition in Bluetooth controller Connection_Handle reuse |
| CVE-2024-5902 | 2024-07-12 | UserFeedback Lite <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Name Parameter |
| CVE-2023-39327 | 2024-07-13 | Openjpeg: malicious files can cause the program to enter a large loop |
| CVE-2023-39329 | 2024-07-13 | Openjpeg: resource exhaustion will occur in the opj_t1_decode_cblks function in the tcd.c |
| CVE-2024-6574 | 2024-07-13 | Laposta <= 1.12 - Unauthenticated Full Path Disclosure |
| CVE-2024-2870 | 2024-07-13 | Swift Framework < 2024.04.30 - Reflected XSS |
| CVE-2024-3026 | 2024-07-13 | WordPress Button Plugin MaxButtons < 9.7.8 - Editor+ Stored XSS |
| CVE-2024-3632 | 2024-07-13 | Smart Image Gallery < 1.0.19 - Update/Delete Google API Key via CSRF |
| CVE-2024-3710 | 2024-07-13 | Image Photo Gallery Final Tiles Grid < 3.6.0 - Contributor+ Stored XSS |
| CVE-2024-3751 | 2024-07-13 | Seriously Simple Podcasting < 3.3.0 - Admin+ Stored XSS |
| CVE-2024-3753 | 2024-07-13 | Hostel < 1.1.5.3 - Reflected XSS |
| CVE-2024-3919 | 2024-07-13 | OpenPGP Form Encryption for WordPress < 1.5.1 - Contributor+ Stored XSS |
| CVE-2024-3963 | 2024-07-13 | RafflePress Lite < 1.12.14 - Editor+ Stored XSS |
| CVE-2024-3964 | 2024-07-13 | Product Enquiry for WooCommerce < 3.1.8 - Admin+ Stored XSS |
| CVE-2024-4217 | 2024-07-13 | Shortcodes Ultimate Pro < 7.1.5 - Contributor+ Stored Cross-Site Scripting XSS |
| CVE-2024-4269 | 2024-07-13 | SVG Block < 1.1.20 - Author+ Stored XSS via SVG File Upload |
| CVE-2024-4272 | 2024-07-13 | Support SVG < 1.1.0 - Stored XSS via SVG Upload |
| CVE-2024-4602 | 2024-07-13 | Embed Peertube Playlist < 1.10 - Editor+ Stored XSS |
| CVE-2024-4752 | 2024-07-13 | EventON < 2.2.15 - Admin+ Stored Cross-Site Scripting via event subtitle |