CVE List - 2024 / May
Showing 201 - 300 of 4994 CVEs for May 2024 (Page 3 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-48669 | 2024-05-01 | powerpc/pseries: Fix potential memleak in papr_get_attr() |
| CVE-2023-52652 | 2024-05-01 | NTB: fix possible name leak in ntb_register_device() |
| CVE-2023-52653 | 2024-05-01 | SUNRPC: fix a memleak in gss_import_v2_context |
| CVE-2024-27064 | 2024-05-01 | netfilter: nf_tables: Fix a memory leak in nf_tables_updchain |
| CVE-2024-27065 | 2024-05-01 | netfilter: nf_tables: do not compare internal table flags on updates |
| CVE-2024-27066 | 2024-05-01 | virtio: packed: fix unmap leak for indirect desc table |
| CVE-2024-27067 | 2024-05-01 | xen/evtchn: avoid WARN() when unbinding an event channel |
| CVE-2024-27068 | 2024-05-01 | thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path |
| CVE-2024-27069 | 2024-05-01 | ovl: relax WARN_ON in ovl_verify_area() |
| CVE-2024-27070 | 2024-05-01 | f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault |
| CVE-2024-27071 | 2024-05-01 | backlight: hx8357: Fix potential NULL pointer dereference |
| CVE-2024-27072 | 2024-05-01 | media: usbtv: Remove useless locks in usbtv_video_free() |
| CVE-2024-27073 | 2024-05-01 | media: ttpci: fix two memleaks in budget_av_attach |
| CVE-2024-27074 | 2024-05-01 | media: go7007: fix a memleak in go7007_load_encoder |
| CVE-2024-27075 | 2024-05-01 | media: dvb-frontends: avoid stack overflow warnings with clang |
| CVE-2024-27076 | 2024-05-01 | media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak |
| CVE-2024-27077 | 2024-05-01 | media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity |
| CVE-2024-27078 | 2024-05-01 | media: v4l2-tpg: fix some memleaks in tpg_alloc |
| CVE-2024-27079 | 2024-05-01 | iommu/vt-d: Fix NULL domain on device release |
| CVE-2024-27080 | 2024-05-01 | btrfs: fix race when detecting delalloc ranges during fiemap |
| CVE-2024-27388 | 2024-05-01 | SUNRPC: fix some memleaks in gssx_dec_option_array |
| CVE-2024-27389 | 2024-05-01 | pstore: inode: Only d_invalidate() is needed |
| CVE-2024-27390 | 2024-05-01 | ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() |
| CVE-2024-27391 | 2024-05-01 | wifi: wilc1000: do not realloc workqueue everytime an interface is added |
| CVE-2024-27392 | 2024-05-01 | nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse() |
| CVE-2024-24978 | 2024-05-01 | Denial-of-service (DoS) vulnerability exists in TvRock 0.9t8a. Receiving a specially crafted request by a remote attacker or having a user of TvRock click a specially crafted request may lead to... |
| CVE-2024-24912 | 2024-05-01 | Local privilege escalation in Harmony Endpoint Security Client for Windows via crafted DLL file |
| CVE-2024-26304 | 2024-05-01 | There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's... |
| CVE-2024-26305 | 2024-05-01 | There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access... |
| CVE-2024-33511 | 2024-05-01 | There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's... |
| CVE-2024-33512 | 2024-05-01 | There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the... |
| CVE-2023-49606 | 2024-05-01 | A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads... |
| CVE-2023-47166 | 2024-05-01 | A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. A specially crafted network request can lead to arbitrary firmware update. An attacker can send a... |
| CVE-2023-47212 | 2024-05-01 | A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a... |
| CVE-2024-28893 | 2024-05-01 | Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs). |
| CVE-2024-33513 | 2024-05-01 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of... |
| CVE-2024-25015 | 2024-05-01 | IBM MQ denial of service |
| CVE-2024-23457 | 2024-05-01 | Anti-tampering can be disabled with uninstall password enforced |
| CVE-2024-33514 | 2024-05-01 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of... |
| CVE-2024-23480 | 2024-05-01 | Insecure MacOS code sign check fallback |
| CVE-2024-33515 | 2024-05-01 | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of... |
| CVE-2024-33516 | 2024-05-01 | An unauthenticated Denial of Service (DoS) vulnerability exists in the Auth service accessed via the PAPI protocol provided by ArubaOS. Successful exploitation of this vulnerability results in the ability to... |
| CVE-2024-33517 | 2024-05-01 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal... |
| CVE-2024-33518 | 2024-05-01 | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Radio Frequency Manager service accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal... |
| CVE-2024-28764 | 2024-05-01 | IBM WebSphere Automation CSV injection |
| CVE-2024-20357 | 2024-05-01 | A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking... |
| CVE-2024-20378 | 2024-05-01 | A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due... |
| CVE-2024-20376 | 2024-05-01 | A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.... |
| CVE-2023-7241 | 2024-05-01 | Webroot Antivirus COM-Hijacking LPE |
| CVE-2024-29010 | 2024-05-01 | The XML document processed in the GMS ECM URL endpoint is vulnerable to XML external entity (XXE) injection, potentially resulting in the disclosure of sensitive information. This issue affects GMS:... |
| CVE-2024-29011 | 2024-05-01 | Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability. This issue affects GMS: 9.3.4 and earlier versions. |
| CVE-2024-4142 | 2024-05-01 | JFrog Artifactory Improper input validation within token creation flow |
| CVE-2023-51631 | 2024-05-01 | D-Link DIR-X3260 prog.cgi SetUsersSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2023-50685 | 2024-05-02 | An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the client_port parameter. |
| CVE-2024-25290 | 2024-05-02 | An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function. |
| CVE-2024-29309 | 2024-05-02 | An issue in Alfresco Content Services v.23.3.0.7 allows a remote attacker to execute arbitrary code via the Transfer Service. |
| CVE-2024-31963 | 2024-05-02 | A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an... |
| CVE-2024-31964 | 2024-05-02 | A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an... |
| CVE-2024-31965 | 2024-05-02 | A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an... |
| CVE-2024-31966 | 2024-05-02 | A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an... |
| CVE-2024-31967 | 2024-05-02 | A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an... |
| CVE-2024-32359 | 2024-05-02 | An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take... |
| CVE-2024-33302 | 2024-05-02 | SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via "Middle Name" under Add Users. |
| CVE-2024-33303 | 2024-05-02 | SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users. |
| CVE-2024-33394 | 2024-05-02 | An issue in kubevirt kubevirt v1.2.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. |
| CVE-2024-33396 | 2024-05-02 | An issue in karmada-io karmada v1.9.0 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. |
| CVE-2024-33305 | 2024-05-02 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Middle Name" parameter in Create User. |
| CVE-2024-33530 | 2024-05-02 | In Jitsi Meet before 9391, a logic flaw in password-protected Jitsi meetings (that make use of a lobby) leads to the disclosure of the meeting password when a user is... |
| CVE-2024-2405 | 2024-05-02 | Float menu < 6.0.1 - Menu Deletion via CSRF |
| CVE-2024-3471 | 2024-05-02 | Button Generator < 3.0 - Button Deletion via CSRF |
| CVE-2024-3472 | 2024-05-02 | Modal Window < 5.3.10 - Modal Deletion via CSRF |
| CVE-2024-3474 | 2024-05-02 | Wow Skype Buttons < 4.0.4 - Button Deletion via CSRF |
| CVE-2024-3475 | 2024-05-02 | Sticky Buttons < 3.2.4 - Button Deletion via CSRF |
| CVE-2024-3476 | 2024-05-02 | Side Menu Lite < 4.2.1 - Menu Deletion via CSRF |
| CVE-2024-3477 | 2024-05-02 | Popup Box < 2.2.7 - Popup Deletion via CSRF |
| CVE-2024-3478 | 2024-05-02 | Herd Effects < 5.2.7 - Effect Deletion via CSRF |
| CVE-2024-3481 | 2024-05-02 | Counter Box < 1.2.4 - Counter Deletion via CSRF |
| CVE-2024-32971 | 2024-05-02 | Defect in query plan cache may cause incorrect operations to be executed in Apollo Router |
| CVE-2024-32962 | 2024-05-02 | XML signature verification bypass due improper verification of signature / signature spoofing |
| CVE-2024-3490 | 2024-05-02 | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wprm-recipe-roundup-item shortcode in all versions up to, and including, 9.3.1 due to insufficient input... |
| CVE-2024-32882 | 2024-05-02 | Permission check bypass when editing a model with per-field restrictions in wagtail |
| CVE-2024-3280 | 2024-05-02 | The Follow Us Badges plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsite_follow_us_badges shortcode in all versions up to, and including, 3.1.10 due to insufficient input... |
| CVE-2024-32114 | 2024-05-02 | Apache ActiveMQ: Jolokia and REST API were not secured with default configuration |
| CVE-2024-3883 | 2024-05-02 | The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Bookmark URL field in all versions up to, and including, 1.15.4 due to insufficient input sanitization... |
| CVE-2024-32638 | 2024-05-02 | Apache APISIX: Forward-Auth Request Smuggling |
| CVE-2024-3955 | 2024-05-02 | Arbitrary code execution in CraftBeerPi 4 |
| CVE-2024-33913 | 2024-05-02 | WordPress Xserver Migrator plugin <= 1.6.1 - CSRF to Arbitrary File Upload vulnerability |
| CVE-2024-33930 | 2024-05-02 | WordPress Share This Image plugin <= 1.97 - Open Redirection vulnerability |
| CVE-2024-3005 | 2024-05-02 | The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's LaStudioKit Post Author widget in all versions up to, and including, 1.3.7.5... |
| CVE-2024-33922 | 2024-05-02 | WordPress WP Media Cleaner plugin <= 6.7.2 - Sensitive Data Exposure via Log File vulnerability |
| CVE-2024-33911 | 2024-05-02 | WordPress The School Management Pro plugin <= 10.3.4 - SQL Injection vulnerability |
| CVE-2024-33938 | 2024-05-02 | WordPress Sliding Widgets plugin <= 1.5.0 - Broken Access Control to XSS vulnerability |
| CVE-2024-33955 | 2024-05-02 | WordPress Freesia Empire theme <= 1.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33954 | 2024-05-02 | WordPress Pliska theme <= 0.3.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33953 | 2024-05-02 | WordPress Adventure Journal theme <= 1.7.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33952 | 2024-05-02 | WordPress Unique theme <= 0.3.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-33956 | 2024-05-02 | WordPress Custom WooCommerce Checkout Fields Editor plugin <= 1.3.0 - Broken Access Control vulnerability |
| CVE-2024-33944 | 2024-05-02 | WordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerability |
| CVE-2024-33942 | 2024-05-02 | WordPress Google Typography plugin <= 1.1.2 - Broken Access Control vulnerability |
| CVE-2024-33951 | 2024-05-02 | WordPress Perfect Pullquotes plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability |