Lista CVE - 2024 / Luglio
Visualizzazione 301 - 400 di 3117 CVE per Luglio 2024 (Pagina 4 di 32)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-6052 | 2024-07-03 | XSS in SQL check parameters |
| CVE-2024-6126 | 2024-07-03 | Cockpit: authenticated user can kill any process when enabling pam_env's user_readenv option |
| CVE-2024-3332 | 2024-07-03 | bt: host/smp: DoS caused by null pointer dereference |
| CVE-2024-31223 | 2024-07-03 | Fides Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL |
| CVE-2024-35227 | 2024-07-03 | Discourse vulnerable to DoS through Onebox |
| CVE-2024-5821 | 2024-07-03 | Local File Inclusion (LFI) in stitionai/devika |
| CVE-2024-35234 | 2024-07-03 | Discourse vulnerable to stored-dom XSS via Facebook Oneboxes |
| CVE-2024-36113 | 2024-07-03 | Discourse missing authorization checks for suspending admins/moderators |
| CVE-2024-36122 | 2024-07-03 | Discourse doesn't limit reviewable user serializer payload |
| CVE-2024-37157 | 2024-07-03 | Discourse vulnerable to Server-Side Request Forgery via FastImage |
| CVE-2024-39683 | 2024-07-03 | ZITADEL Vulnerable to Session Information Leakage |
| CVE-2024-34750 | 2024-07-03 | Apache Tomcat: HTTP/2 excess header handling DoS |
| CVE-2024-6383 | 2024-07-03 | MongoDB C Driver bson_string_append may be vulnerable to a buffer overflow |
| CVE-2024-6284 | 2024-07-03 | Improper IPv4 and IPv6 byte order storage in github.com/google/nftables |
| CVE-2024-39165 | 2024-07-04 | QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers... |
| CVE-2024-39211 | 2024-07-04 | Kaiten 57.128.8 allows remote attackers to enumerate user accounts via... |
| CVE-2024-39930 | 2024-07-04 | The built-in SSH server of Gogs through 0.13.0 allows argument... |
| CVE-2024-39931 | 2024-07-04 | Gogs through 0.13.0 allows deletion of internal files. |
| CVE-2024-39932 | 2024-07-04 | Gogs through 0.13.0 allows argument injection during the previewing of... |
| CVE-2024-39933 | 2024-07-04 | Gogs through 0.13.0 allows argument injection during the tagging of... |
| CVE-2024-39934 | 2024-07-04 | Robotmk before 2.0.1 allows a local user to escalate privileges... |
| CVE-2024-39935 | 2024-07-04 | jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command... |
| CVE-2024-39937 | 2024-07-04 | supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files. |
| CVE-2024-39943 | 2024-07-04 | rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on... |
| CVE-2024-39929 | 2024-07-04 | Exim through 4.97.1 misparses a multiline RFC 2231 header filename,... |
| CVE-2024-39936 | 2024-07-04 | An issue was discovered in HTTP2 in Qt before 5.15.18,... |
| CVE-2024-38344 | 2024-07-04 | A cross-site request forgery vulnerability exists in WP Tweet Walls... |
| CVE-2024-38345 | 2024-07-04 | A cross-site request forgery vulnerability exists in Sola Testimonials versions... |
| CVE-2024-38471 | 2024-07-04 | Multiple TP-LINK products allow a network-adjacent attacker with an administrative... |
| CVE-2024-2385 | 2024-07-04 | Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Limited Local File Inclusion via Widgets |
| CVE-2024-3638 | 2024-07-04 | Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marquee Text Widget, Testimonials Widget, and Testimonial Slider Widgets |
| CVE-2024-2926 | 2024-07-04 | Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Various Widgets |
| CVE-2024-3639 | 2024-07-04 | Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Grid |
| CVE-2024-5641 | 2024-07-04 | One Click Order Re-Order <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-6318 | 2024-07-04 | IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload_img_file' |
| CVE-2024-6434 | 2024-07-04 | Premium Addons for Elementor <= 4.10.35 - Regular Expressions Denial of Service |
| CVE-2024-6319 | 2024-07-04 | IMGspider <= 2.3.10 - Authenticated (Contributor+) Arbitrary File Upload via 'upload' |
| CVE-2024-39884 | 2024-07-04 | Apache HTTP Server: source code disclosure with handlers configured via AddType |
| CVE-2024-1182 | 2024-07-04 | Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions,... |
| CVE-2024-1573 | 2024-07-04 | Improper Authentication vulnerability in the mobile monitoring feature of ICONICS... |
| CVE-2024-1574 | 2024-07-04 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe... |
| CVE-2024-3904 | 2024-07-04 | Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled... |
| CVE-2024-32754 | 2024-07-04 | Johnson Controls Kantech KT1, KT2, and KT400 Door Controllers - Exposure of Sensitive Information |
| CVE-2024-5943 | 2024-07-04 | Nested Pages <= 3.2.7 - Cross-Site Request Forgery to Local File Inclusion |
| CVE-2024-6507 | 2024-07-04 | Deep Lake Kaggle command injection |
| CVE-2024-6506 | 2024-07-04 | Information exposure vulnerability in the MRW plug-in |
| CVE-2024-22277 | 2024-07-04 | VMware Cloud Director Availability contains an HTML injection vulnerability. A... |
| CVE-2024-37476 | 2024-07-04 | WordPress Newspack Campaigns plugin <= 2.31.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37474 | 2024-07-04 | WordPress Newspack Ads plugin <= 1.47.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37472 | 2024-07-04 | WordPress Woffice theme <= 5.4.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37471 | 2024-07-04 | WordPress Woffice Core plugin <= 5.4.8 - Site Wide Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-6511 | 2024-07-04 | y_project RuoYi Content-Type isJsonRequest cross site scripting |
| CVE-2024-23997 | 2024-07-05 | Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting... |
| CVE-2024-23998 | 2024-07-05 | goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross... |
| CVE-2024-27709 | 2024-07-05 | SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a... |
| CVE-2024-27710 | 2024-07-05 | An issue in Eskooly Free Online School management Software v.3.0... |
| CVE-2024-27711 | 2024-07-05 | An issue in Eskooly Free Online School management Software v.3.0... |
| CVE-2024-27713 | 2024-07-05 | An issue in Eskooly Free Online School management Software v.3.0... |
| CVE-2024-27715 | 2024-07-05 | An issue in Eskooly Free Online School management Software v.3.0... |
| CVE-2024-27716 | 2024-07-05 | Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and... |
| CVE-2024-27717 | 2024-07-05 | Cross Site Request Forgery vulnerability in Eskooly Free Online School... |
| CVE-2024-29319 | 2024-07-05 | Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server... |
| CVE-2024-32498 | 2024-07-05 | An issue was discovered in OpenStack Cinder through 24.0.0, Glance... |
| CVE-2024-33862 | 2024-07-05 | A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could... |
| CVE-2024-34481 | 2024-07-05 | drupal-wiki.com Drupal Wiki before 8.31.1 allows XSS via comments, captions,... |
| CVE-2024-36041 | 2024-07-05 | KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and... |
| CVE-2024-37767 | 2024-07-05 | Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows... |
| CVE-2024-37769 | 2024-07-05 | Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges... |
| CVE-2024-39019 | 2024-07-05 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-39020 | 2024-07-05 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-39021 | 2024-07-05 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-39022 | 2024-07-05 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-39023 | 2024-07-05 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-39028 | 2024-07-05 | An issue was discovered in SeaCMS <=12.9 which allows remote... |
| CVE-2024-39150 | 2024-07-05 | vditor v.3.9.8 and before is vulnerable to Arbitrary file read... |
| CVE-2024-39174 | 2024-07-05 | A cross-site scripting (XSS) vulnerability in the Publish Article function... |
| CVE-2024-39178 | 2024-07-05 | MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file... |
| CVE-2024-39182 | 2024-07-05 | An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to... |
| CVE-2024-39210 | 2024-07-05 | Best House Rental Management System v1.0 was discovered to contain... |
| CVE-2023-52340 | 2024-07-05 | The IPv6 implementation in the Linux kernel before 6.3 has... |
| CVE-2024-27712 | 2024-07-05 | An issue in Eskooly Free Online School management Software v.3.0... |
| CVE-2024-29318 | 2024-07-05 | Volmarg Personal Management System 1.4.64 is vulnerable to stored cross... |
| CVE-2024-37768 | 2024-07-05 | 14Finger v1.1 was discovered to contain an arbitrary user deletion... |
| CVE-2024-39027 | 2024-07-05 | SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability... |
| CVE-2024-39472 | 2024-07-05 | xfs: fix log recovery buffer allocation for the legacy h_size fixup |
| CVE-2024-39473 | 2024-07-05 | ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension |
| CVE-2024-39474 | 2024-07-05 | mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL |
| CVE-2024-39475 | 2024-07-05 | fbdev: savage: Handle err return when savagefb_check_var failed |
| CVE-2024-39476 | 2024-07-05 | md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING |
| CVE-2024-39477 | 2024-07-05 | mm/hugetlb: do not call vma_add_reservation upon ENOMEM |
| CVE-2024-39478 | 2024-07-05 | crypto: starfive - Do not free stack buffer |
| CVE-2024-39479 | 2024-07-05 | drm/i915/hwmon: Get rid of devm |
| CVE-2024-39480 | 2024-07-05 | kdb: Fix buffer overflow during tab-complete |
| CVE-2024-39481 | 2024-07-05 | media: mc: Fix graph walk in media_pipeline_start |
| CVE-2024-39482 | 2024-07-05 | bcache: fix variable length array abuse in btree_iter |
| CVE-2024-39483 | 2024-07-05 | KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked |
| CVE-2024-39484 | 2024-07-05 | mmc: davinci: Don't strip remove function when driver is builtin |
| CVE-2024-39485 | 2024-07-05 | media: v4l: async: Properly re-initialise notifier entry in unregister |
| CVE-2024-6523 | 2024-07-05 | ZKTeco BioTime system-group-add cross site scripting |
| CVE-2024-6298 | 2024-07-05 | remote code execution |