CVE List - 2024 / May
Showing 4401 - 4500 of 4994 CVEs for May 2024 (Page 45 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-47554 | 2024-05-24 | vdpa_sim: avoid putting an uninitialized iova_domain |
| CVE-2021-47555 | 2024-05-24 | net: vlan: fix underflow for the real_dev refcnt |
| CVE-2021-47556 | 2024-05-24 | ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() |
| CVE-2021-47557 | 2024-05-24 | net/sched: sch_ets: don't peek at classes beyond 'nbands' |
| CVE-2021-47558 | 2024-05-24 | net: stmmac: Disable Tx queues when reconfiguring the interface |
| CVE-2021-47559 | 2024-05-24 | net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() |
| CVE-2021-47560 | 2024-05-24 | mlxsw: spectrum: Protect driver from buggy firmware |
| CVE-2021-47561 | 2024-05-24 | i2c: virtio: disable timeout handling |
| CVE-2021-47562 | 2024-05-24 | ice: fix vsi->txq_map sizing |
| CVE-2021-47563 | 2024-05-24 | ice: avoid bpf_prog refcount underflow |
| CVE-2021-47564 | 2024-05-24 | net: marvell: prestera: fix double free issue on err path |
| CVE-2021-47565 | 2024-05-24 | scsi: mpt3sas: Fix kernel panic during drive powercycle test |
| CVE-2021-47566 | 2024-05-24 | proc/vmcore: fix clearing user buffer by properly using clear_user() |
| CVE-2021-47567 | 2024-05-24 | powerpc/32: Fix hardlockup on vmap stack overflow |
| CVE-2021-47568 | 2024-05-24 | ksmbd: fix memleak in get_file_stream_info() |
| CVE-2021-47569 | 2024-05-24 | io_uring: fail cancellation for EXITING tasks |
| CVE-2021-47570 | 2024-05-24 | staging: r8188eu: fix a memory leak in rtw_wx_read32() |
| CVE-2021-47571 | 2024-05-24 | staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() |
| CVE-2021-47572 | 2024-05-24 | net: nexthop: fix null pointer dereference when IPv6 is not enabled |
| CVE-2023-52880 | 2024-05-24 | tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc |
| CVE-2024-35396 | 2024-05-24 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in /web_cste/cgi-bin/product.ini, which allows attackers to log in as root. |
| CVE-2024-35395 | 2024-05-24 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. |
| CVE-2024-34995 | 2024-05-24 | svnWebUI v1.8.3 was discovered to contain an arbitrary file deletion vulnerability via the dirTemps parameter under com.cym.controller.UserController#importOver. This vulnerability allows attackers to delete arbitrary files via a crafted POST request. |
| CVE-2023-46442 | 2024-05-24 | An infinite loop in the retrieveActiveBody function of Soot before v4.4.1 under Java 8 allows attackers to cause a Denial of Service (DoS). |
| CVE-2024-36049 | 2024-05-24 | Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection.... |
| CVE-2024-35387 | 2024-05-24 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. |
| CVE-2024-35388 | 2024-05-24 | TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password parameter in the function urldecode |
| CVE-2024-33471 | 2024-05-24 | An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability... |
| CVE-2024-35373 | 2024-05-24 | Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php. |
| CVE-2024-35374 | 2024-05-24 | Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary commands and potentially command injection, leading to remote... |
| CVE-2024-35232 | 2024-05-24 | github.com/huandu/facebook may expose access_token in error message |
| CVE-2024-36079 | 2024-05-24 | An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filename parameter is correct. As a result, a temporary file will be created outside... |
| CVE-2024-5220 | 2024-05-25 | ND Shortcodes <= 7.5 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2024-5229 | 2024-05-25 | Primary Addon for Elementor <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget |
| CVE-2024-4858 | 2024-05-25 | Testimonial Carousel For Elementor <= 10.2.0 - Missing Authorization to Limited Setting Update |
| CVE-2024-5218 | 2024-05-25 | Reviews and Rating – Google Reviews <= 5.2 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2024-4045 | 2024-05-25 | Popup Builder by OptinMonster – WordPress Popups for Optins, Email Newsletters and Lead Generation <= 2.16.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-5336 | 2024-05-25 | Ruijie RG-UAC vlan_add_commit.php addVlan os command injection |
| CVE-2024-5337 | 2024-05-25 | Ruijie RG-UAC user_commit.php os command injection |
| CVE-2024-5338 | 2024-05-25 | Ruijie RG-UAC online.php os command injection |
| CVE-2024-5339 | 2024-05-25 | Ruijie RG-UAC online_check.php os command injection |
| CVE-2024-30056 | 2024-05-25 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2024-5340 | 2024-05-25 | Ruijie RG-UAC sub_commit.php os command injection |
| CVE-2024-5350 | 2024-05-25 | anji-plus AJ-Report pageList sql injection |
| CVE-2024-5351 | 2024-05-26 | anji-plus AJ-Report Javascript getValueFromJs deserialization |
| CVE-2024-5352 | 2024-05-26 | anji-plus AJ-Report validationRules deserialization |
| CVE-2024-5353 | 2024-05-26 | anji-plus AJ-Report ZIP File decompress path traversal |
| CVE-2024-5354 | 2024-05-26 | anji-plus AJ-Report detailByCode information disclosure |
| CVE-2024-5355 | 2024-05-26 | anji-plus AJ-Report IGroovyHandler command injection |
| CVE-2024-5356 | 2024-05-26 | anji-plus AJ-Report testTransform;swagger-ui sql injection |
| CVE-2024-5357 | 2024-05-26 | PHPGurukul Zoo Management System forgot-password.php sql injection |
| CVE-2024-5358 | 2024-05-26 | PHPGurukul Zoo Management System normal-search.php sql injection |
| CVE-2024-5359 | 2024-05-26 | PHPGurukul Zoo Management System foreigner-search.php sql injection |
| CVE-2024-5360 | 2024-05-26 | PHPGurukul Zoo Management System foreigner-bwdates-reports-details.php sql injection |
| CVE-2024-5361 | 2024-05-26 | PHPGurukul Zoo Management System normal-bwdates-reports-details.php sql injection |
| CVE-2024-5362 | 2024-05-26 | SourceCodester Online Hospital Management System departmentDoctor.php sql injection |
| CVE-2024-5363 | 2024-05-26 | SourceCodester Best House Rental Management System manage_user.php sql injection |
| CVE-2024-5364 | 2024-05-26 | SourceCodester Best House Rental Management System manage_tenant.php sql injection |
| CVE-2024-5365 | 2024-05-26 | SourceCodester Best House Rental Management System manage_payment.php sql injection |
| CVE-2024-34029 | 2024-05-26 | AD/LDAP Group Members Leak |
| CVE-2024-34152 | 2024-05-26 | Playbook Run Metadata leak to Guest |
| CVE-2024-32045 | 2024-05-26 | Playbook run link to private channel grants channel access |
| CVE-2024-5272 | 2024-05-26 | Run Details leak to guest via webhook event "custom_playbooks_playbook_run_updated" |
| CVE-2024-5270 | 2024-05-26 | SAML to email switch possible when email signin is disabled |
| CVE-2024-31859 | 2024-05-26 | Member promoted to channel admin via playbooks run linking to channel |
| CVE-2024-36241 | 2024-05-26 | /playbook add slash command allows viewing arbitrary post contents |
| CVE-2024-36255 | 2024-05-26 | Post actions can run playbook checklist task commands |
| CVE-2024-29215 | 2024-05-26 | Slash commands run in channel without channel membership via playbook task commands |
| CVE-2024-5366 | 2024-05-26 | SourceCodester Best House Rental Management System edit-cate.php sql injection |
| CVE-2024-5367 | 2024-05-26 | Kashipara College Management System each_extracurricula_activities.php cross site scripting |
| CVE-2024-5368 | 2024-05-26 | Kashipara College Management System delete_faculty.php cross site scripting |
| CVE-2024-5369 | 2024-05-26 | Kashipara College Management System submit_admin.php cross site scripting |
| CVE-2024-5370 | 2024-05-26 | Kashipara College Management System submit_enroll_staff.php cross site scripting |
| CVE-2024-5371 | 2024-05-26 | Kashipara College Management System submit_enroll_student.php cross site scripting |
| CVE-2024-5372 | 2024-05-26 | Kashipara College Management System submit_extracurricular_activity.php cross site scripting |
| CVE-2024-5373 | 2024-05-26 | Kashipara College Management System submit_login.php cross site scripting |
| CVE-2024-5374 | 2024-05-26 | Kashipara College Management System submit_new_faculty.php cross site scripting |
| CVE-2024-5375 | 2024-05-26 | Kashipara College Management System submit_student.php cross site scripting |
| CVE-2024-5376 | 2024-05-26 | Kashipara College Management System view_each_faculty.php cross site scripting |
| CVE-2024-5377 | 2024-05-26 | SourceCodester Vehicle Management System newvehicle.php unrestricted upload |
| CVE-2024-5378 | 2024-05-26 | SourceCodester School Intramurals Student Attendance Management System manage_sy.php sql injection |
| CVE-2024-34454 | 2024-05-26 | Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks... |
| CVE-2024-5379 | 2024-05-26 | JFinalCMS template cross site scripting |
| CVE-2024-4286 | 2024-05-26 | Improper Neutralization of Special Elements in mintplex-labs/anything-llm |
| CVE-2024-5380 | 2024-05-26 | jsy-1 short-url admin.php cross site scripting |
| CVE-2024-5381 | 2024-05-26 | itsourcecode Student Information Management System view.php sql injection |
| CVE-2024-36054 | 2024-05-26 | Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily read kernel memory (and consequently gain all privileges) via IOCTL 0x9c4064b8 (via MmMapIoSpace) and IOCTL 0x9c406490 (via... |
| CVE-2024-36055 | 2024-05-26 | Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and... |
| CVE-2024-36056 | 2024-05-26 | Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages), leading to NT AUTHORITY\SYSTEM privilege escalation. |
| CVE-2024-5383 | 2024-05-26 | lakernote EasyAdmin upload cross site scripting |
| CVE-2024-5384 | 2024-05-26 | SourceCodester Facebook News Feed Like index.php sql injection |
| CVE-2024-36426 | 2024-05-27 | In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session. |
| CVE-2024-5385 | 2024-05-27 | oretnom23 Online Car Wash Booking System cross site scripting |
| CVE-2024-5390 | 2024-05-27 | itsourcecode Online Student Enrollment System listofstudent.php sql injection |
| CVE-2024-5391 | 2024-05-27 | itsourcecode Online Student Enrollment System listofsubject.php sql injection |
| CVE-2024-5392 | 2024-05-27 | itsourcecode Online Student Enrollment System editSubject.php sql injection |
| CVE-2024-5393 | 2024-05-27 | itsourcecode Online Student Enrollment System listofcourse.php sql injection |
| CVE-2024-5394 | 2024-05-27 | itsourcecode Online Student Enrollment System newDept.php sql injection |
| CVE-2024-5395 | 2024-05-27 | itsourcecode Online Student Enrollment System listofinstructor.php sql injection |
| CVE-2024-5396 | 2024-05-27 | itsourcecode Online Student Enrollment System newfaculty.php sql injection |