Lista CVE - 2024 / Agosto
Visualizzazione 601 - 700 di 2898 CVE per Agosto 2024 (Pagina 7 di 29)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2024-7143 | 2024-08-07 | Pulpcore: rbac permissions incorrectly assigned in tasks that create objects |
| CVE-2024-7585 | 2024-08-07 | Tenda i22 apPortalAuth formApPortalWebAuth buffer overflow |
| CVE-2024-41912 | 2024-08-07 | A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls. |
| CVE-2024-6706 | 2024-08-07 | Open WebUI Stored Cross-Site Scripting |
| CVE-2024-6707 | 2024-08-07 | Open WebUI Arbitrary File Upload + Path Traversal |
| CVE-2024-6890 | 2024-08-07 | Journyx Unauthenticated Password Reset Bruteforce |
| CVE-2024-6891 | 2024-08-07 | Journyx Authenticated Remote Code Execution |
| CVE-2024-6892 | 2024-08-07 | Journyx Reflected Cross Site Scripting |
| CVE-2024-6893 | 2024-08-07 | Journyx Unauthenticated XML External Entities Injection |
| CVE-2023-28865 | 2024-08-08 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR15, 4.0.0 SR05, 4.1.0 SR03, and 4.2.0 SR02 fails to validate the directory contents of certain directories (e.g., ensuring the expected hash... |
| CVE-2023-33206 | 2024-08-08 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR16, 4.0.0 SR06, 4.1.0 SR04, 4.2.0 SR03, and 4.3.0 SR01 fails to validate symlinks during the Pre-Boot Authorization (PBA) process. This can... |
| CVE-2024-37382 | 2024-08-08 | An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration. |
| CVE-2024-40473 | 2024-08-08 | A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "House_no" and... |
| CVE-2024-40474 | 2024-08-08 | A Reflected Cross Site Scripting (XSS) vulnerability was found in "edit-cate.php" in SourceCodester House Rental Management System v1.0. |
| CVE-2024-40475 | 2024-08-08 | SourceCodester Best House Rental Management System v1.0 is vulnerable to Incorrect Access Control via /rental/payment_report.php, /rental/balance_report.php, /rental/invoices.php, /rental/tenants.php, and /rental/users.php. |
| CVE-2024-40476 | 2024-08-08 | A Cross-Site Request Forgery (CSRF) vulnerability was found in SourceCodester Best House Rental Management System v1.0. This could lead to an attacker tricking the administrator into adding/modifying/deleting valid tenant data... |
| CVE-2024-40477 | 2024-08-08 | A SQL injection vulnerability in "/oahms/admin/forgot-password.php" in PHPGurukul Old Age Home Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "email" parameter. |
| CVE-2024-40481 | 2024-08-08 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/view-enquiry.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the Contact... |
| CVE-2024-40482 | 2024-08-08 | An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara Live Membership System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. |
| CVE-2024-40484 | 2024-08-08 | A Reflected Cross Site Scripting (XSS) vulnerability was found in "/oahms/search.php" in PHPGurukul Old Age Home Management System v1.0, which allows remote attackers to execute arbitrary code via the "searchdata"... |
| CVE-2024-40486 | 2024-08-08 | A SQL injection vulnerability in "/index.php" of Kashipara Live Membership System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email or password Login parameters. |
| CVE-2024-40487 | 2024-08-08 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType parameter. |
| CVE-2024-40488 | 2024-08-08 | A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Live Membership System v1.0. This could lead to an attacker tricking the administrator into deleting valid member data via... |
| CVE-2024-41238 | 2024-08-08 | A SQL injection vulnerability in /smsa/student_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. |
| CVE-2023-24062 | 2024-08-08 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR12, 4.0.0 SR04, 4.1.0 SR02, and 4.2.0 SR01 fails to validate the directory structure of the root file system during the Pre-Boot... |
| CVE-2023-24063 | 2024-08-08 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR10 fails to validate /etc/mtab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able... |
| CVE-2023-24064 | 2024-08-08 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR4 fails to validate /etc/initab during the Pre-Boot Authorization (PBA) process. This can be exploited by a physical attacker who is able... |
| CVE-2023-40261 | 2024-08-08 | Diebold Nixdorf Vynamic Security Suite (VSS) before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization (PBA) process. This... |
| CVE-2024-41481 | 2024-08-08 | Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the Mermaid component. |
| CVE-2024-41482 | 2024-08-08 | Typora before 1.9.3 Markdown editor has a cross-site scripting (XSS) vulnerability via the MathJax component. |
| CVE-2024-7561 | 2024-08-08 | The Next <= 1.1.0 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-7560 | 2024-08-08 | News Flash <= 1.1.0 - Authenticated (Editor+) PHP Object Injection |
| CVE-2024-7486 | 2024-08-08 | MultiPurpose <= 1.2.0 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-21302 | 2024-08-08 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| CVE-2024-38202 | 2024-08-08 | Windows Update Stack Elevation of Privilege Vulnerability |
| CVE-2024-7350 | 2024-08-08 | Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress 1.1.6 - 1.1.7 - Authentication Bypass to Account Takeover |
| CVE-2024-7492 | 2024-08-08 | MainWP Child Reports <= 2.2 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-6254 | 2024-08-08 | Brizy – Page Builder <= 2.5.1 - Cross-Site Request Forgery |
| CVE-2024-6552 | 2024-08-08 | Booking for Appointments and Events Calendar – Amelia <= 1.2 - Unauthenticated Full Path Disclosure |
| CVE-2024-6987 | 2024-08-08 | Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation |
| CVE-2024-6869 | 2024-08-08 | Falang multilanguage for WordPress <= 1.3.52 - Missing Authorization to Translation Update and Information Exposure |
| CVE-2024-5668 | 2024-08-08 | Lightbox & Modal Popup WordPress Plugin – FooBox <= 2.7.28 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes |
| CVE-2024-5226 | 2024-08-08 | Fuse Social Floating Sidebar <= 5.4.10 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload |
| CVE-2024-7548 | 2024-08-08 | LearnPress – WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order Parameter |
| CVE-2024-7150 | 2024-08-08 | Slider by 10Web – Responsive Image Slider <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id Parameter |
| CVE-2024-6824 | 2024-08-08 | Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update |
| CVE-2024-6481 | 2024-08-08 | Search Filter Pro < 2.5.18 - Admin+ Stored XSS |
| CVE-2024-6884 | 2024-08-08 | Gutenberg Blocks with AI by Kadence WP < 3.2.39 - Contributor+ Stored XSS |
| CVE-2024-22069 | 2024-08-08 | Permission and Access Control Vulnerability in ZXV10 XT802/ET301 |
| CVE-2023-7265 | 2024-08-08 | Permission verification vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect availability |
| CVE-2024-42030 | 2024-08-08 | Access permission verification vulnerability in the content sharing pop-up module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-42251 | 2024-08-08 | mm: page_ref: remove folio_try_get_rcu() |
| CVE-2024-42252 | 2024-08-08 | closures: Change BUG_ON() to WARN_ON() |
| CVE-2024-42253 | 2024-08-08 | gpio: pca953x: fix pca953x_irq_bus_sync_unlock race |
| CVE-2024-42254 | 2024-08-08 | io_uring: fix error pbuf checking |
| CVE-2024-42255 | 2024-08-08 | tpm: Use auth only after NULL check in tpm_buf_check_hmac_response() |
| CVE-2024-42256 | 2024-08-08 | cifs: Fix server re-repick on subrequest retry |
| CVE-2024-42257 | 2024-08-08 | ext4: use memtostr_pad() for s_volume_name |
| CVE-2024-42031 | 2024-08-08 | Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-42032 | 2024-08-08 | Access permission verification vulnerability in the Contacts module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-42033 | 2024-08-08 | Access control vulnerability in the security verification module mpact: Successful exploitation of this vulnerability will affect integrity and confidentiality. |
| CVE-2024-42034 | 2024-08-08 | LaunchAnywhere vulnerability in the account module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-42035 | 2024-08-08 | Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this vulnerability may affect functionality and confidentiality. |
| CVE-2024-42036 | 2024-08-08 | Access permission verification vulnerability in the Notepad module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-42037 | 2024-08-08 | Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-42038 | 2024-08-08 | Vulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. |
| CVE-2024-6329 | 2024-08-08 | Improper Encoding or Escaping of Output in GitLab |
| CVE-2024-4784 | 2024-08-08 | Authentication Bypass by Primary Weakness in GitLab |
| CVE-2024-4210 | 2024-08-08 | Uncontrolled Resource Consumption in GitLab |
| CVE-2024-7610 | 2024-08-08 | Uncontrolled Resource Consumption in GitLab |
| CVE-2024-7554 | 2024-08-08 | Exposure of Sensitive Information to an Unauthorized Actor in GitLab |
| CVE-2024-5423 | 2024-08-08 | Uncontrolled Resource Consumption in GitLab |
| CVE-2024-4207 | 2024-08-08 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-3958 | 2024-08-08 | Improper Control of Generation of Code ('Code Injection') in GitLab |
| CVE-2024-3114 | 2024-08-08 | Uncontrolled Resource Consumption in GitLab |
| CVE-2024-3035 | 2024-08-08 | Authorization Bypass Through User-Controlled Key in GitLab |
| CVE-2024-2800 | 2024-08-08 | Uncontrolled Resource Consumption in GitLab |
| CVE-2024-3659 | 2024-08-08 | Command injection in KAON AR2140 routers |
| CVE-2024-7348 | 2024-08-08 | PostgreSQL relation replacement during pg_dump executes arbitrary SQL |
| CVE-2024-41942 | 2024-08-08 | JupyterHub has a privilege escalation vulnerability with the `admin:users` scope |
| CVE-2024-42354 | 2024-08-08 | Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api |
| CVE-2024-42355 | 2024-08-08 | Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag |
| CVE-2024-42356 | 2024-08-08 | Shopware vulnerable to Server Side Template Injection in Twig using Context functions |
| CVE-2024-42357 | 2024-08-08 | Shopware vulnerable to blind SQL-injection in DAL aggregations |
| CVE-2024-7490 | 2024-08-08 | Remote Code Execution in Advanced Software Framework DHCP server |
| CVE-2024-7477 | 2024-08-08 | Avaya Aura System Manager SQL injection vulnerability |
| CVE-2024-7480 | 2024-08-08 | Improper access control in Avaya Aura System Manager |
| CVE-2024-0102 | 2024-08-08 | NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file.... |
| CVE-2024-0108 | 2024-08-08 | NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this... |
| CVE-2024-42365 | 2024-08-08 | Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan |
| CVE-2024-7394 | 2024-08-08 | Concrete CMS version 9.0.0 through 9.3.2 and below 8.5.18 - Stored XSS in getAttributeSetName() |
| CVE-2024-42366 | 2024-08-08 | VR Overlay RCE |
| CVE-2024-0107 | 2024-08-08 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability... |
| CVE-2024-0101 | 2024-08-08 | NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch.... |
| CVE-2024-0104 | 2024-08-08 | NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in the LDAP AAA component, where a user can cause improper access. A successful exploit of this vulnerability... |
| CVE-2024-42493 | 2024-08-08 | Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor |
| CVE-2024-39287 | 2024-08-08 | Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor |
| CVE-2024-42408 | 2024-08-08 | Dorsett Controls InfoScan Path Traversal |
| CVE-2024-41161 | 2024-08-08 | Vonets WiFi Bridges Use of Hard-coded Credentials |
| CVE-2024-29082 | 2024-08-08 | Vonets WiFi Bridges Improper Access Control |