Lista CVE - 2024 / Agosto
Visualizzazione 2101 - 2200 di 2898 CVE per Agosto 2024 (Pagina 22 di 29)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-7603 | 2024-08-21 | Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability |
| CVE-2024-7604 | 2024-08-21 | Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability |
| CVE-2024-6811 | 2024-08-21 | IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-6812 | 2024-08-21 | IrfanView WSQ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-6813 | 2024-08-21 | NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability |
| CVE-2024-6814 | 2024-08-21 | NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability |
| CVE-2024-7448 | 2024-08-21 | Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability |
| CVE-2024-6141 | 2024-08-21 | Windscribe Directory Traversal Local Privilege Escalation Vulnerability |
| CVE-2024-5928 | 2024-08-21 | VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability |
| CVE-2024-5929 | 2024-08-21 | VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability |
| CVE-2024-5930 | 2024-08-21 | VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability |
| CVE-2024-5723 | 2024-08-21 | Centreon updateServiceHost SQL Injection Remote Code Execution Vulnerability |
| CVE-2024-5725 | 2024-08-21 | Centreon initCurveList SQL Injection Remote Code Execution Vulnerability |
| CVE-2024-5762 | 2024-08-21 | Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability |
| CVE-2024-33656 | 2024-08-21 | Memory Leak in SmmComuptrace Module |
| CVE-2024-33657 | 2024-08-21 | Smm Callout in SmmComputrace Module |
| CVE-2024-20375 | 2024-08-21 | A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated,... |
| CVE-2024-20488 | 2024-08-21 | Cisco Unified Communications Manager Cross-Site Scripting Vulnerability |
| CVE-2024-20486 | 2024-08-21 | Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability |
| CVE-2024-20466 | 2024-08-21 | Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability |
| CVE-2024-20417 | 2024-08-21 | Cisco Identity Services Engine REST API Blind SQL Injection Vulnerabities |
| CVE-2024-7964 | 2024-08-21 | Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2024-7965 | 2024-08-21 | Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-7966 | 2024-08-21 | Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access... |
| CVE-2024-7967 | 2024-08-21 | Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-7968 | 2024-08-21 | Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap... |
| CVE-2024-7969 | 2024-08-21 | Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-7971 | 2024-08-21 | Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-7972 | 2024-08-21 | Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity:... |
| CVE-2024-7973 | 2024-08-21 | Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security... |
| CVE-2024-7974 | 2024-08-21 | Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) |
| CVE-2024-7975 | 2024-08-21 | Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-7976 | 2024-08-21 | Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-7977 | 2024-08-21 | Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) |
| CVE-2024-7978 | 2024-08-21 | Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data... |
| CVE-2024-7979 | 2024-08-21 | Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) |
| CVE-2024-7980 | 2024-08-21 | Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) |
| CVE-2024-7981 | 2024-08-21 | Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2024-8033 | 2024-08-21 | Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via... |
| CVE-2024-8034 | 2024-08-21 | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2024-8035 | 2024-08-21 | Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
| CVE-2024-6386 | 2024-08-21 | WPML Multilingual CMS <= 4.6.12 - Authenticated(Contributor+) Remote Code Execution via Twig Server-Side Template Injection |
| CVE-2024-28987 | 2024-08-21 | SolarWinds Web Help Desk Hardcoded Credential Vulnerability |
| CVE-2024-36439 | 2024-08-22 | Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password. |
| CVE-2024-36440 | 2024-08-22 | An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is... |
| CVE-2024-36441 | 2024-08-22 | Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages that are received by the device. |
| CVE-2024-36442 | 2024-08-22 | cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gain access to arbitrary files on the device's file system. |
| CVE-2024-36443 | 2024-08-22 | Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP. |
| CVE-2024-36444 | 2024-08-22 | cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker to gain access to device logs. |
| CVE-2024-36445 | 2024-08-22 | Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without authentication. |
| CVE-2024-42599 | 2024-08-22 | SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write... |
| CVE-2024-42761 | 2024-08-22 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin_schedule.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via scheduleDurationPHP parameter. |
| CVE-2024-42762 | 2024-08-22 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone,... |
| CVE-2024-42763 | 2024-08-22 | A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via... |
| CVE-2024-42767 | 2024-08-22 | Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. |
| CVE-2024-42768 | 2024-08-22 | A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php. |
| CVE-2024-42769 | 2024-08-22 | A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "user_fname" and "user_lname"... |
| CVE-2024-42770 | 2024-08-22 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter. |
| CVE-2024-42771 | 2024-08-22 | A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of the Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via "room_name" parameter. |
| CVE-2024-42772 | 2024-08-22 | An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to view valid hotel room entries in administrator section. |
| CVE-2024-42773 | 2024-08-22 | An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room entries in the administrator... |
| CVE-2024-42774 | 2024-08-22 | An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. |
| CVE-2024-42775 | 2024-08-22 | An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator... |
| CVE-2024-42776 | 2024-08-22 | Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.php. |
| CVE-2024-43033 | 2024-08-22 | JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this... |
| CVE-2024-45163 | 2024-08-22 | The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a... |
| CVE-2024-45165 | 2024-08-22 | An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is sent between client and server with encryption. However, the key is derived from the... |
| CVE-2024-45166 | 2024-08-22 | An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of... |
| CVE-2024-45167 | 2024-08-22 | An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of... |
| CVE-2024-45168 | 2024-08-22 | An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not... |
| CVE-2024-45169 | 2024-08-22 | An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of... |
| CVE-2024-45191 | 2024-08-22 | An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a... |
| CVE-2024-45192 | 2024-08-22 | An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of... |
| CVE-2024-45193 | 2024-08-22 | An issue was discovered in Matrix libolm through 3.2.16. There is Ed25519 signature malleability due to lack of validation criteria (does not ensure that S < n). This refers to... |
| CVE-2024-45201 | 2024-08-22 | An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}. |
| CVE-2024-42056 | 2024-08-22 | Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with "Use" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The... |
| CVE-2021-4441 | 2024-08-22 | spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() |
| CVE-2022-48901 | 2024-08-22 | btrfs: do not start relocation until in progress drops are done |
| CVE-2022-48902 | 2024-08-22 | btrfs: do not WARN_ON() if we have PageError set |
| CVE-2022-48903 | 2024-08-22 | btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() |
| CVE-2022-48904 | 2024-08-22 | iommu/amd: Fix I/O page table memory leak |
| CVE-2022-48905 | 2024-08-22 | ibmvnic: free reset-work-item when flushing |
| CVE-2022-48906 | 2024-08-22 | mptcp: Correctly set DATA_FIN timeout when number of retransmits is large |
| CVE-2022-48907 | 2024-08-22 | auxdisplay: lcd2s: Fix memory leak in ->remove() |
| CVE-2022-48908 | 2024-08-22 | net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() |
| CVE-2022-48909 | 2024-08-22 | net/smc: fix connection leak |
| CVE-2022-48910 | 2024-08-22 | net: ipv6: ensure we call ipv6_mc_down() at most once |
| CVE-2022-48911 | 2024-08-22 | netfilter: nf_queue: fix possible use-after-free |
| CVE-2022-48912 | 2024-08-22 | netfilter: fix use-after-free in __nf_register_net_hook() |
| CVE-2022-48913 | 2024-08-22 | blktrace: fix use after free for struct blk_trace |
| CVE-2022-48914 | 2024-08-22 | xen/netfront: destroy queues before real_num_tx_queues is zeroed |
| CVE-2022-48915 | 2024-08-22 | thermal: core: Fix TZ_GET_TRIP NULL pointer dereference |
| CVE-2022-48916 | 2024-08-22 | iommu/vt-d: Fix double list_add when enabling VMD in scalable mode |
| CVE-2022-48918 | 2024-08-22 | iwlwifi: mvm: check debugfs_dir ptr before use |
| CVE-2022-48919 | 2024-08-22 | cifs: fix double free race when mount fails in cifs_get_root() |
| CVE-2022-48920 | 2024-08-22 | btrfs: get rid of warning on transaction commit when using flushoncommit |
| CVE-2022-48921 | 2024-08-22 | sched/fair: Fix fault in reweight_entity |
| CVE-2022-48922 | 2024-08-22 | riscv: fix oops caused by irqsoff latency tracer |
| CVE-2022-48923 | 2024-08-22 | btrfs: prevent copying too big compressed lzo segment |
| CVE-2022-48924 | 2024-08-22 | thermal: int340x: fix memory leak in int3400_notify() |