CVE List - 2024 / May
Showing 1301 - 1400 of 4994 CVEs for May 2024 (Page 14 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-3480 | 2024-05-03 | An Implicit intent vulnerability was reported in the Motorola framework that could allow an attacker to read telephony-related data. |
| CVE-2022-48670 | 2024-05-03 | peci: cpu: Fix use-after-free in adev_release() |
| CVE-2022-48671 | 2024-05-03 | cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() |
| CVE-2022-48672 | 2024-05-03 | of: fdt: fix off-by-one error in unflatten_dt_nodes() |
| CVE-2022-48673 | 2024-05-03 | net/smc: Fix possible access to freed memory in link clear |
| CVE-2022-48674 | 2024-05-03 | erofs: fix pcluster use-after-free on UP platforms |
| CVE-2022-48675 | 2024-05-03 | IB/core: Fix a nested dead lock as part of ODP flow |
| CVE-2022-48686 | 2024-05-03 | nvme-tcp: fix UAF when detecting digest errors |
| CVE-2022-48687 | 2024-05-03 | ipv6: sr: fix out-of-bounds read when setting HMAC data. |
| CVE-2022-48688 | 2024-05-03 | i40e: Fix kernel crash during module removal |
| CVE-2022-48689 | 2024-05-03 | tcp: TX zerocopy should not sense pfmemalloc status |
| CVE-2022-48691 | 2024-05-03 | netfilter: nf_tables: clean up hook list when offload flags check fails |
| CVE-2022-48692 | 2024-05-03 | RDMA/srp: Set scmnd->result only when scmnd is not NULL |
| CVE-2022-48693 | 2024-05-03 | soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs |
| CVE-2022-48694 | 2024-05-03 | RDMA/irdma: Fix drain SQ hang with no completion |
| CVE-2022-48696 | 2024-05-03 | regmap: spi: Reserve space for register address/padding |
| CVE-2022-48697 | 2024-05-03 | nvmet: fix a use-after-free |
| CVE-2022-48698 | 2024-05-03 | drm/amd/display: fix memory leak when using debugfs_lookup() |
| CVE-2022-48699 | 2024-05-03 | sched/debug: fix dentry leak in update_sched_domain_debugfs |
| CVE-2022-48701 | 2024-05-03 | ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() |
| CVE-2022-48702 | 2024-05-03 | ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() |
| CVE-2022-48703 | 2024-05-03 | thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR |
| CVE-2023-37407 | 2024-05-03 | IBM Aspera Orchestrator command execution |
| CVE-2020-4874 | 2024-05-03 | IBM Cognos Controller information disclosure |
| CVE-2021-20450 | 2024-05-03 | IBM Cognos Controller information disclosure |
| CVE-2023-23474 | 2024-05-03 | IBM Cognos Controller information disclosure |
| CVE-2021-20556 | 2024-05-03 | IBM Cognos Controller information disclosure |
| CVE-2024-34068 | 2024-05-03 | Server-side Request Forgery during remote file pull in Pterodactyl wings |
| CVE-2023-40696 | 2024-05-03 | IBM Cognos Controller information disclosure |
| CVE-2023-38724 | 2024-05-03 | IBM Cognos Controller SQL injection |
| CVE-2024-34067 | 2024-05-03 | Multiple cross site scripting (XSS) vulnerabilities in the admin area of Pterodactyl panel |
| CVE-2023-28952 | 2024-05-03 | IBM Cognos Controller log injection |
| CVE-2024-34066 | 2024-05-03 | Arbitrary File Write/Read in Pterodactyl wings |
| CVE-2022-48690 | 2024-05-03 | ice: Fix DMA mappings leak |
| CVE-2022-48695 | 2024-05-03 | scsi: mpt3sas: Fix use-after-free warning |
| CVE-2022-48704 | 2024-05-03 | drm/radeon: add a force flush to delay work when radeon |
| CVE-2022-48705 | 2024-05-03 | wifi: mt76: mt7921e: fix crash in chip reset fail |
| CVE-2024-34075 | 2024-05-03 | kurwov vulnerable to Denial of Service due to improper data sanitization |
| CVE-2022-22364 | 2024-05-03 | IBM Cognos Controller security bypass |
| CVE-2021-20451 | 2024-05-03 | IBM Cognos Controller SQL injection |
| CVE-2023-40695 | 2024-05-03 | IBM Cognos Controller session fixation |
| CVE-2023-52729 | 2024-05-04 | TCPServer.cpp in SimpleNetwork through 29bc615 has an off-by-one error that causes a buffer overflow when trying to add '\0' to the end of long msg data. It can be exploited... |
| CVE-2024-34460 | 2024-05-04 | The Tree Explorer tool from Organizer in Zenario before 9.5.60602 is affected by XSS. (This component was removed in 9.5.60602.) |
| CVE-2024-34462 | 2024-05-04 | Alinto SOGo through 5.10.0 allows XSS during attachment preview. |
| CVE-2024-34467 | 2024-05-04 | ThinkPHP 8.0.3 allows remote attackers to exploit XSS due to inadequate filtering of function argument values in think_exception.tpl. |
| CVE-2024-34468 | 2024-05-04 | Rukovoditel before 3.5.3 allows XSS via user_photo to My Page. |
| CVE-2024-34469 | 2024-05-04 | Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save. |
| CVE-2024-34475 | 2024-05-04 | Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: gmm_state_authentication in amf/gmm-sm.c for != OGS_ERROR. |
| CVE-2024-34476 | 2024-05-04 | Open5GS before 2.7.1 is vulnerable to a reachable assertion that can cause an AMF crash via NAS messages from a UE: ogs_nas_encrypt in lib/nas/common/security.c for pkbuf->len. |
| CVE-2024-34461 | 2024-05-04 | Zenario before 9.5.60437 uses Twig filters insecurely in the Twig Snippet plugin, and in the site-wide HEAD and BODY elements, enabling code execution by a designer or an administrator. |
| CVE-2024-34473 | 2024-05-04 | An issue was discovered in appmgr in O-RAN Near-RT RIC I-Release. An attacker could register an unintended RMR message type during xApp registration to disrupt other service components. |
| CVE-2024-3868 | 2024-05-04 | The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to... |
| CVE-2024-3237 | 2024-05-04 | The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25.... |
| CVE-2024-3240 | 2024-05-04 | The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the... |
| CVE-2023-7065 | 2024-05-04 | The Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2024.4. This is due... |
| CVE-2024-1050 | 2024-05-04 | The Import and export users and customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_force_reset_password_delete_metas() function in all versions... |
| CVE-2023-27283 | 2024-05-04 | IBM Aspera Orchestrator information disclosure |
| CVE-2024-4491 | 2024-05-04 | Tenda i21 formGetDiagnoseInfo stack-based overflow |
| CVE-2024-34474 | 2024-05-05 | Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM. |
| CVE-2024-34478 | 2024-05-05 | btcd before 0.24.0 does not correctly implement the consensus rules outlined in BIP 68 and BIP 112, making it susceptible to consensus failures. Specifically, it uses the transaction version as... |
| CVE-2024-34483 | 2024-05-05 | OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPBucket.len=0. |
| CVE-2024-34484 | 2024-05-05 | OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via action.len=0. |
| CVE-2024-34486 | 2024-05-05 | OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPQueueProp.len=0. |
| CVE-2024-34487 | 2024-05-05 | OFPFlowStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via inst.length=0. |
| CVE-2024-34488 | 2024-05-05 | OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via b.length=0. |
| CVE-2024-34489 | 2024-05-05 | OFPHello in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via length=0. |
| CVE-2024-34490 | 2024-05-05 | In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files... |
| CVE-2024-34510 | 2024-05-05 | Gradio before 4.20 allows credential leakage on Windows. |
| CVE-2024-34515 | 2024-05-05 | image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists(). |
| CVE-2024-34519 | 2024-05-05 | Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may... |
| CVE-2024-34524 | 2024-05-05 | In XLANG OpenAgents through fe73ac4, the allowed_file protection mechanism can be bypassed by using an incorrect file extension for the nature of the file content. |
| CVE-2024-34525 | 2024-05-05 | FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file. |
| CVE-2024-34527 | 2024-05-05 | spaces_plugin/app.py in SolidUI 0.4.0 has an unnecessary print statement for an OpenAI key. The printed string might be logged. |
| CVE-2024-34528 | 2024-05-05 | WordOps through 3.20.0 has a wo/cli/plugins/stack_pref.py TOCTOU race condition because the conf_path os.open does not use a mode parameter during file creation. |
| CVE-2024-34500 | 2024-05-05 | An issue was discovered in the UnlinkedWikibase extension in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. XSS can occur through an interface message. Error messages (in the... |
| CVE-2024-34502 | 2024-05-05 | An issue was discovered in WikibaseLexeme in MediaWiki before 1.39.6, 1.40.x before 1.40.2, and 1.41.x before 1.41.1. Loading Special:MergeLexemes will (attempt to) make an edit that merges the from-id to... |
| CVE-2024-34506 | 2024-05-05 | An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage... |
| CVE-2024-34507 | 2024-05-05 | An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by... |
| CVE-2024-34508 | 2024-05-05 | dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. |
| CVE-2024-34509 | 2024-05-05 | dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. |
| CVE-2024-34529 | 2024-05-05 | Nebari through 2024.4.1 prints the temporary Keycloak root password. |
| CVE-2024-4492 | 2024-05-05 | Tenda i21 setStaOffline formOfflineSet stack-based overflow |
| CVE-2024-4493 | 2024-05-05 | Tenda i21 formSetAutoPing stack-based overflow |
| CVE-2024-4494 | 2024-05-05 | Tenda i21 setUplinkInfo formSetUplinkInfo stack-based overflow |
| CVE-2024-4495 | 2024-05-05 | Tenda i21 formWifiMacFilterGet stack-based overflow |
| CVE-2024-4496 | 2024-05-05 | Tenda i21 formWifiMacFilterSet stack-based overflow |
| CVE-2024-4497 | 2024-05-05 | Tenda i21 formexeCommand stack-based overflow |
| CVE-2024-4500 | 2024-05-05 | SourceCodester Prison Management System edit-photo.php unrestricted upload |
| CVE-2024-4501 | 2024-05-05 | Ruijie RG-UAC commit.php os command injection |
| CVE-2024-4502 | 2024-05-05 | Ruijie RG-UAC dhcp_client_commit.php os command injection |
| CVE-2024-4503 | 2024-05-05 | Ruijie RG-UAC dhcp_relay_commit.php os command injection |
| CVE-2024-4504 | 2024-05-05 | Ruijie RG-UAC commit.php os command injection |
| CVE-2024-4505 | 2024-05-05 | Ruijie RG-UAC ip_addr_add_commit.php os command injection |
| CVE-2024-4506 | 2024-05-05 | Ruijie RG-UAC ip_addr_edit_commit.php os command injection |
| CVE-2024-4507 | 2024-05-05 | Ruijie RG-UAC static_route_add_ipv6.php os command injection |
| CVE-2024-26312 | 2024-05-06 | Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. |
| CVE-2024-28725 | 2024-05-06 | Cross Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings. |
| CVE-2024-30973 | 2024-05-06 | An issue in V-SOL G/EPON ONU HG323AC-B with firmware version V2.0.08-210715 allows an attacker to execute arbtirary code and obtain sensitive information via crafted POST request to /boaform/getASPdata/formFirewall, /boaform/getASPdata/formAcc. |
| CVE-2024-33110 | 2024-05-06 | D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Permission Bypass via the getcfg.php component. |
| CVE-2024-33112 | 2024-05-06 | D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func. |