Lista CVE - 2024 / Agosto
Visualizzazione 301 - 400 di 2898 CVE per Agosto 2024 (Pagina 4 di 29)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-33027 | 2024-08-05 | Improper Access Control in Graphics Linux |
| CVE-2024-33028 | 2024-08-05 | Use After Free in Automotive Telematics |
| CVE-2024-33034 | 2024-08-05 | Use After Free in Graphics Linux |
| CVE-2023-31355 | 2024-08-05 | Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest. |
| CVE-2024-21978 | 2024-08-05 | Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption. |
| CVE-2024-21980 | 2024-08-05 | Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity. |
| CVE-2024-6361 | 2024-08-05 | Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane product. |
| CVE-2024-6915 | 2024-08-05 | JFrog Artifactory Cache Poisoning |
| CVE-2024-42350 | 2024-08-05 | Public key confusion in third party block in Biscuit |
| CVE-2024-41958 | 2024-08-05 | Two-Factor Authentication (2FA) Bypass in mailcow: dockerized |
| CVE-2024-41959 | 2024-08-05 | Cross-site Scripting (XSS) via API Logs in mailcow: dockerized |
| CVE-2024-41960 | 2024-08-05 | Cross-site Scripting (XSS) via Relay Hosts Configuration in mailcow: dockerized |
| CVE-2024-41820 | 2024-08-05 | Cluster-level privilege escalation in kubean |
| CVE-2024-41816 | 2024-08-05 | WordPress Cooked Plugin Persistent Cross-Site Scripting via Shortcode |
| CVE-2024-41811 | 2024-08-05 | ipl/web susceptible to Cross-Site Request Forgery (CSRF) |
| CVE-2024-23657 | 2024-08-05 | Path Traversal: '../filedir' in Nuxt Devtools |
| CVE-2024-34343 | 2024-08-05 | Cross-site Scripting (XSS) in navigateTo if used after SSR in nuxt |
| CVE-2024-34344 | 2024-08-05 | Remote code execution via the browser when running the test locally in nuxt |
| CVE-2024-42352 | 2024-08-05 | Server-Side Request Forgery (SSRF) in nuxt-icon |
| CVE-2024-7494 | 2024-08-05 | SourceCodester Clinics Patient Management System new_prescription.php sql injection |
| CVE-2024-7537 | 2024-08-05 | oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-7538 | 2024-08-05 | oFono CUSD AT Command Stack-based Buffer Overflow Code Execution Vulnerability |
| CVE-2024-7539 | 2024-08-05 | oFono CUSD Stack-based Buffer Overflow Code Execution Vulnerability |
| CVE-2024-7540 | 2024-08-05 | oFono AT CMGL Command Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2024-7541 | 2024-08-05 | oFono AT CMT Command Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2024-7542 | 2024-08-05 | oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2024-7543 | 2024-08-05 | oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability |
| CVE-2024-7544 | 2024-08-05 | oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability |
| CVE-2024-7545 | 2024-08-05 | oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability |
| CVE-2024-7546 | 2024-08-05 | oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability |
| CVE-2024-7547 | 2024-08-05 | oFono SMS Decoder Stack-based Buffer Overflow Privilege Escalation Vulnerability |
| CVE-2023-40819 | 2024-08-06 | ID4Portais in version < V.2022.837.002a returns message parameter unsanitized in the response, resulting in a HTML Injection vulnerability. |
| CVE-2024-28739 | 2024-08-06 | An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter. |
| CVE-2024-28740 | 2024-08-06 | Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. |
| CVE-2024-30170 | 2024-08-06 | PrivX before 34.0 allows data exfiltration and denial of service via the REST API. This is fixed in minor versions 33.1, 32.3, 31.3, and later, and in major version 34.0... |
| CVE-2024-33897 | 2024-08-06 | A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request from Talk2m for another device, resulting in an availability issue. The issue was patched on... |
| CVE-2024-39225 | 2024-08-06 | GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution (RCE) vulnerability. |
| CVE-2024-39226 | 2024-08-06 | GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious... |
| CVE-2024-39227 | 2024-08-06 | GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers... |
| CVE-2024-39228 | 2024-08-06 | GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config. |
| CVE-2024-39229 | 2024-08-06 | An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to intercept communications via a man-in-the-middle attack when... |
| CVE-2024-41226 | 2024-08-06 | A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker... |
| CVE-2024-41270 | 2024-08-06 | An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version. |
| CVE-2024-41616 | 2024-08-06 | D-Link DIR-300 REVA FIRMWARE v1.06B05_WW contains hardcoded credentials in the Telnet service. |
| CVE-2024-42218 | 2024-08-06 | 1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing macOS-specific security mechanisms. |
| CVE-2024-42219 | 2024-08-06 | 1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC inter-process communication validation is insufficient. |
| CVE-2024-36424 | 2024-08-06 | K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows local users to cause a denial of service (BSOD) because of a NULL pointer dereference. |
| CVE-2024-40101 | 2024-08-06 | A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter. |
| CVE-2024-41333 | 2024-08-06 | A reflected cross-site scripting (XSS) vulnerability in Phpgurukul Tourism Management System v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload... |
| CVE-2024-7495 | 2024-08-06 | itsourcecode Laravel Accounting System HomeController.php unrestricted upload |
| CVE-2024-7496 | 2024-08-06 | itsourcecode Airline Reservation System index.php file inclusion |
| CVE-2024-7484 | 2024-08-06 | CRM Perks Forms <= 1.1.3 - Authenticated (Administrator+) Arbitrary File Upload |
| CVE-2024-6315 | 2024-08-06 | Blox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2023-5000 | 2024-08-06 | Horizontal scrolling announcements <= 2.4 - Authenticated (Contributor+) SQL Injection via Shortcode |
| CVE-2024-7485 | 2024-08-06 | Traffic Manager <= 1.4.5 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-7497 | 2024-08-06 | itsourcecode Airline Reservation System index.php file inclusion |
| CVE-2024-5963 | 2024-08-06 | An unquoted executable path exists in Hitachi Device Manager |
| CVE-2024-5828 | 2024-08-06 | EL Injection Vulnerability in Hitachi Tuning Manager |
| CVE-2024-7498 | 2024-08-06 | itsourcecode Airline Reservation System Admin Login Page login.php login2 sql injection |
| CVE-2024-7499 | 2024-08-06 | itsourcecode Airline Reservation System flights.php sql injection |
| CVE-2024-6886 | 2024-08-06 | Inproper Sanitation of field leading to stored XSS |
| CVE-2024-7500 | 2024-08-06 | itsourcecode Airline Reservation System admin_class.php save_settings unrestricted upload |
| CVE-2024-6781 | 2024-08-06 | Calibre Arbitrary File Read |
| CVE-2024-6782 | 2024-08-06 | Calibre Remote Code Execution |
| CVE-2024-7008 | 2024-08-06 | Calibre Reflected Cross-Site Scripting (XSS) |
| CVE-2024-7009 | 2024-08-06 | Calibre SQL Injection |
| CVE-2024-28962 | 2024-08-06 | Dell Command | Update, Dell Update, and Alienware Update UWP, versions prior to 5.4, contain an Exposed Dangerous Method or Function vulnerability. An unauthenticated attacker with remote access could potentially... |
| CVE-2024-7505 | 2024-08-06 | itsourcecode Bike Delivery System contact_us_action.php sql injection |
| CVE-2024-7506 | 2024-08-06 | itsourcecode Tailoring Management System setlogo.php unrestricted upload |
| CVE-2024-39817 | 2024-08-06 | Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that... |
| CVE-2024-5708 | 2024-08-06 | WPBakery <= 7.7 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2024-5709 | 2024-08-06 | WPBakery <= 7.7 - Authenticated (Author+) Local File Inclusion |
| CVE-2024-6200 | 2024-08-06 | HaloITSM - Stored Cross-Site Scripting in Tickets |
| CVE-2024-6201 | 2024-08-06 | HaloITSM - Emailing Template Injection |
| CVE-2024-6651 | 2024-08-06 | WordPress File Upload < 4.24.8 - Reflected XSS |
| CVE-2024-6766 | 2024-08-06 | Shortcodes Ultimate Pro < 7.2.1 - Contributor+ Stored XSS |
| CVE-2024-7082 | 2024-08-06 | easy-table-of-contents < 2.0.68 - Editor+ Stored XSS |
| CVE-2024-7084 | 2024-08-06 | Ajax Search Lite < 4.12.1 - Admin+ Stored XSS |
| CVE-2024-7055 | 2024-08-06 | FFmpeg pnmdec.c pnm_decode_frame heap-based overflow |
| CVE-2024-6202 | 2024-08-06 | HaloITSM - SAML XML Signature Wrapping (XSW) |
| CVE-2024-6203 | 2024-08-06 | HaloITSM - Password Reset Poisoning |
| CVE-2024-41995 | 2024-08-06 | Initialization of a resource with an insecure default vulnerability exists in JavaTM Platform Ver.12.89 and earlier. If this vulnerability is exploited, the product may be affected by some known TLS1.0... |
| CVE-2024-7246 | 2024-08-06 | HPACK table poisoning in gRPC C++, Python & Ruby |
| CVE-2024-33975 | 2024-08-06 | Cross-site Scripting in Janobe E-Negosyo System |
| CVE-2024-33976 | 2024-08-06 | Cross-site Scripting in Janobe E-Negosyo System |
| CVE-2024-33977 | 2024-08-06 | Cross-site Scripting in Janobe E-Negosyo System |
| CVE-2024-7317 | 2024-08-06 | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-33978 | 2024-08-06 | Cross-site Scripting in Janobe E-Negosyo System |
| CVE-2024-33957 | 2024-08-06 | SQL injection in Janobe E-Negosyo System |
| CVE-2024-33958 | 2024-08-06 | SQL injection in Janobe E-Negosyo System |
| CVE-2024-33979 | 2024-08-06 | Cross-site Scripting in Janobe products |
| CVE-2024-33980 | 2024-08-06 | Cross-site Scripting in Janobe products |
| CVE-2024-33981 | 2024-08-06 | Cross-site Scripting in Janobe products |
| CVE-2024-33959 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-33960 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-33961 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-33962 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-33963 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-33964 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-33965 | 2024-08-06 | SQL injection in Janobe products |