CVE List - 2024 / May
Showing 2501 - 2600 of 4994 CVEs for May 2024 (Page 26 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-32352 | 2024-05-14 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the "ipsecL2tpEnable" parameter in the "cstecgi.cgi" binary. |
| CVE-2024-32353 | 2024-05-14 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'port' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. |
| CVE-2024-32354 | 2024-05-14 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'timeout' parameter in the setSSServer function at /cgi-bin/cstecgi.cgi. |
| CVE-2024-32355 | 2024-05-14 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection vulnerability via the 'password' parameter in the setSSServer function. |
| CVE-2024-1628 | 2024-05-14 | OS command injection vulnerabilities in GE HealthCare ultrasound devices |
| CVE-2024-26367 | 2024-05-14 | Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firmware 8.6.5, XPS-EDGE-* Build 1467, evEDGE-EO-* Build 0029, MMA10G-* Build 0498, 570IPG-X19-10G Build 0691 allows a remote attacker to execute arbitrary code... |
| CVE-2023-24203 | 2024-05-14 | Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s). |
| CVE-2024-31491 | 2024-05-14 | A client-side enforcement of server-side security in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 allows attacker to execute unauthorized code or commands via HTTP requests. |
| CVE-2024-31488 | 2024-05-14 | An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0... |
| CVE-2024-26007 | 2024-05-14 | An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS version 7.4.1 allows an unauthenticated attacker to provoke a denial of service on the administrative interface via... |
| CVE-2023-45586 | 2024-05-14 | An insufficient verification of data authenticity vulnerability [CWE-345] in Fortinet FortiOS SSL-VPN tunnel mode version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before 7.0.12 & FortiProxy SSL-VPN tunnel mode... |
| CVE-2023-40720 | 2024-05-14 | An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP configuration of other users via... |
| CVE-2023-44247 | 2024-05-14 | A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. |
| CVE-2023-46714 | 2024-05-14 | A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code... |
| CVE-2023-50180 | 2024-05-14 | An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiADC version 7.4.1 and below, version 7.2.3 and below, version 7.1.4 and below, version 7.0.5 and... |
| CVE-2024-23105 | 2024-05-14 | A Use Of Less Trusted Source [CWE-348] vulnerability in Fortinet FortiPortal version 7.0.0 through 7.0.6 and version 7.2.0 through 7.2.1 allows an unauthenticated attack to bypass IP protection through crafted... |
| CVE-2023-45583 | 2024-05-14 | A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.5, 7.0.0 through 7.0.11, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 FortiPAM versions 1.1.0, 1.0.0 through... |
| CVE-2023-36640 | 2024-05-14 | A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM versions... |
| CVE-2023-24204 | 2024-05-14 | SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php. |
| CVE-2024-1629 | 2024-05-14 | Path traversal vulnerability in “deleteFiles” function of Common Service Desktop, a GE HealthCare ultrasound device component |
| CVE-2024-1630 | 2024-05-14 | Path traversal vulnerability in “getAllFolderContents” function of Common Service Desktop, a GE HealthCare ultrasound device component |
| CVE-2024-29996 | 2024-05-14 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2024-29997 | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-29998 | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-29999 | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30000 | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30001 | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30002 | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30003 | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30004 | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30005 | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30006 | 2024-05-14 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-30007 | 2024-05-14 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| CVE-2024-30008 | 2024-05-14 | Windows DWM Core Library Information Disclosure Vulnerability |
| CVE-2024-30009 | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-30010 | 2024-05-14 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2024-30011 | 2024-05-14 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-30012 | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30014 | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-30015 | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-30016 | 2024-05-14 | Windows Cryptographic Services Information Disclosure Vulnerability |
| CVE-2024-30017 | 2024-05-14 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2024-30018 | 2024-05-14 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-30019 | 2024-05-14 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2024-30020 | 2024-05-14 | Windows Cryptographic Services Remote Code Execution Vulnerability |
| CVE-2024-30021 | 2024-05-14 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-30022 | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-30023 | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-30044 | 2024-05-14 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-30050 | 2024-05-14 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2024-30053 | 2024-05-14 | Azure Migrate Cross-Site Scripting Vulnerability |
| CVE-2024-30059 | 2024-05-14 | Microsoft Intune for Android Mobile Application Management Tampering Vulnerability |
| CVE-2024-26238 | 2024-05-14 | Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability |
| CVE-2024-29994 | 2024-05-14 | Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability |
| CVE-2024-30024 | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-30025 | 2024-05-14 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2024-30027 | 2024-05-14 | NTFS Elevation of Privilege Vulnerability |
| CVE-2024-30028 | 2024-05-14 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-30029 | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-30030 | 2024-05-14 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-30031 | 2024-05-14 | Windows CNG Key Isolation Service Elevation of Privilege Vulnerability |
| CVE-2024-30032 | 2024-05-14 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2024-30033 | 2024-05-14 | Windows Search Service Elevation of Privilege Vulnerability |
| CVE-2024-30034 | 2024-05-14 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
| CVE-2024-30035 | 2024-05-14 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2024-30036 | 2024-05-14 | Windows Deployment Services Information Disclosure Vulnerability |
| CVE-2024-30037 | 2024-05-14 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2024-30038 | 2024-05-14 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-30039 | 2024-05-14 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| CVE-2024-30040 | 2024-05-14 | Windows MSHTML Platform Security Feature Bypass Vulnerability |
| CVE-2024-30041 | 2024-05-14 | Microsoft Bing Search Spoofing Vulnerability |
| CVE-2024-30042 | 2024-05-14 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2024-30043 | 2024-05-14 | Microsoft SharePoint Server Information Disclosure Vulnerability |
| CVE-2024-30045 | 2024-05-14 | .NET and Visual Studio Remote Code Execution Vulnerability |
| CVE-2024-30046 | 2024-05-14 | Visual Studio Denial of Service Vulnerability |
| CVE-2024-30047 | 2024-05-14 | Dynamics 365 Customer Insights Spoofing Vulnerability |
| CVE-2024-30048 | 2024-05-14 | Dynamics 365 Customer Insights Spoofing Vulnerability |
| CVE-2024-30049 | 2024-05-14 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2024-30051 | 2024-05-14 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2024-30054 | 2024-05-14 | Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability |
| CVE-2024-27106 | 2024-05-14 | Vulnerable data in transit in GE HealthCare EchoPAC products |
| CVE-2024-27107 | 2024-05-14 | Weak account password in GE HealthCare EchoPAC products |
| CVE-2024-27108 | 2024-05-14 | Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products |
| CVE-2024-27109 | 2024-05-14 | Insufficiently protected credentials in GE HealthCare EchoPAC products |
| CVE-2024-27110 | 2024-05-14 | Elevation of privilege vulnerability in GE HealthCare EchoPAC products |
| CVE-2024-4367 | 2024-05-14 | A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11,... |
| CVE-2024-4767 | 2024-05-14 | If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox <... |
| CVE-2024-4768 | 2024-05-14 | A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR <... |
| CVE-2024-4769 | 2024-05-14 | When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects... |
| CVE-2024-4770 | 2024-05-14 | When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird <... |
| CVE-2024-4777 | 2024-05-14 | Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2024-4764 | 2024-05-14 | Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126. |
| CVE-2024-4765 | 2024-05-14 | Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application's manifest. This could have been exploited to run arbitrary... |
| CVE-2024-4766 | 2024-05-14 | Different techniques existed to obscure the fullscreen notification in Firefox for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox for Android.... |
| CVE-2024-4771 | 2024-05-14 | A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution.... |
| CVE-2024-4772 | 2024-05-14 | An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox < 126. |
| CVE-2024-4773 | 2024-05-14 | When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed... |
| CVE-2024-4774 | 2024-05-14 | The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox < 126. |
| CVE-2024-4775 | 2024-05-14 | An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application... |
| CVE-2024-4776 | 2024-05-14 | A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox < 126. |