CVE List - 2024 / May
Showing 3301 - 3400 of 4994 CVEs for May 2024 (Page 34 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-31974 | 2024-05-17 | The com.solarized.firedown (aka Solarized FireDown Browser & Downloader) application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component... |
| CVE-2024-3289 | 2024-05-17 | When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow... |
| CVE-2024-3290 | 2024-05-17 | Race Condition |
| CVE-2023-5597 | 2024-05-17 | Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x |
| CVE-2024-35190 | 2024-05-17 | Asterisk' res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests |
| CVE-2024-3291 | 2024-05-17 | Privilege Escalation |
| CVE-2024-3292 | 2024-05-17 | Race Condition |
| CVE-2024-5063 | 2024-05-17 | PHPGurukul Online Course Registration System index.php sql injection |
| CVE-2024-5064 | 2024-05-17 | PHPGurukul Online Course Registration System news-details.php sql injection |
| CVE-2021-22508 | 2024-05-17 | Potential SQL injection in OpenText Operations Bridge Reporter |
| CVE-2024-5022 | 2024-05-17 | The file scheme of URLs would be hidden, resulting in potential spoofing of a website's address in the location bar This vulnerability affects Focus for iOS < 126. |
| CVE-2024-34959 | 2024-05-17 | DedeCMS V5.7.113 is vulnerable to Cross Site Scripting (XSS) via sys_data_replace.php. |
| CVE-2024-5065 | 2024-05-17 | PHPGurukul Online Course Registration System sql injection |
| CVE-2024-5066 | 2024-05-17 | PHPGurukul Online Course Registration System pincode-verification.php sql injection |
| CVE-2023-52424 | 2024-05-17 | The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE,... |
| CVE-2024-5069 | 2024-05-17 | SourceCodester Simple Online Mens Salon Management System view_service.php sql injection |
| CVE-2024-25742 | 2024-05-17 | In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and... |
| CVE-2024-35312 | 2024-05-17 | In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka TROVE-2024-003. |
| CVE-2024-35313 | 2024-05-17 | In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length of 3 (with full vanguards), aka TROVE-2024-004. |
| CVE-2024-23583 | 2024-05-17 | HCL BigFix Platform is susceptible to insufficiently protected credentials |
| CVE-2024-23554 | 2024-05-17 | HCL BigFix Platform is susceptible to Cross-Site Request Forgery |
| CVE-2024-23556 | 2024-05-17 | HCL BigFix Platform is impacted by a failure to restrict SSL/TLS renegotiation |
| CVE-2024-36048 | 2024-05-18 | QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the... |
| CVE-2024-4264 | 2024-05-18 | Remote Code Execution in berriai/litellm |
| CVE-2024-4865 | 2024-05-18 | Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via _id Parameter |
| CVE-2024-4374 | 2024-05-18 | DethemeKit For Elementor <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-3714 | 2024-05-18 | GiveWP – Donation Plugin and Fundraising Platform <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4891 | 2024-05-18 | Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 4.5.12 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4849 | 2024-05-18 | WordPress Automatic <= 3.94.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via autoplay Parameter |
| CVE-2024-3811 | 2024-05-18 | Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-3810 | 2024-05-18 | Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2024-3812 | 2024-05-18 | Salient Core <= 2.0.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode |
| CVE-2024-2771 | 2024-05-18 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation |
| CVE-2024-2782 | 2024-05-18 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation |
| CVE-2024-2772 | 2024-05-18 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-4698 | 2024-05-18 | Testimonial Carousel For Elementor <= 10.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4709 | 2024-05-18 | Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4432 | 2024-05-18 | Piotnet Addons For Elementor <= 2.4.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-5088 | 2024-05-18 | Happy Addons for Elementor <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-3745 | 2024-05-18 | MSI Afterburner v4.6.6.16381 Beta 3 - ACL Bypass |
| CVE-2024-31879 | 2024-05-18 | IBM i denial of service |
| CVE-2024-34083 | 2024-05-18 | STARTTLS unencrypted commands injection |
| CVE-2024-5093 | 2024-05-18 | SourceCodester Best House Rental Management System login.php sql injection |
| CVE-2024-36043 | 2024-05-18 | question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property. |
| CVE-2024-5094 | 2024-05-18 | SourceCodester Best House Rental Management System view_payment.php sql injection |
| CVE-2024-36050 | 2024-05-18 | Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting... |
| CVE-2024-28063 | 2024-05-18 | Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS. |
| CVE-2024-28064 | 2024-05-18 | Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages). |
| CVE-2024-5095 | 2024-05-19 | Victor Zsviot Camera MQTT Packet denial of service |
| CVE-2024-5096 | 2024-05-19 | Hipcam Device MAC Address wifi.mac information disclosure |
| CVE-2024-5097 | 2024-05-19 | SourceCodester Simple Inventory System tableedit.php#page=editprice cross-site request forgery |
| CVE-2024-5098 | 2024-05-19 | SourceCodester Simple Inventory System login.php sql injection |
| CVE-2024-5099 | 2024-05-19 | SourceCodester Simple Inventory System updateprice.php sql injection |
| CVE-2024-35860 | 2024-05-19 | bpf: support deferring bpf_link dealloc to after RCU grace period |
| CVE-2024-35861 | 2024-05-19 | smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() |
| CVE-2024-35862 | 2024-05-19 | smb: client: fix potential UAF in smb2_is_network_name_deleted() |
| CVE-2024-35863 | 2024-05-19 | smb: client: fix potential UAF in is_valid_oplock_break() |
| CVE-2024-35864 | 2024-05-19 | smb: client: fix potential UAF in smb2_is_valid_lease_break() |
| CVE-2024-35865 | 2024-05-19 | smb: client: fix potential UAF in smb2_is_valid_oplock_break() |
| CVE-2024-35866 | 2024-05-19 | smb: client: fix potential UAF in cifs_dump_full_key() |
| CVE-2024-35867 | 2024-05-19 | smb: client: fix potential UAF in cifs_stats_proc_show() |
| CVE-2024-35868 | 2024-05-19 | smb: client: fix potential UAF in cifs_stats_proc_write() |
| CVE-2024-35869 | 2024-05-19 | smb: client: guarantee refcounted children from parent session |
| CVE-2024-35870 | 2024-05-19 | smb: client: fix UAF in smb2_reconnect_server() |
| CVE-2024-35871 | 2024-05-19 | riscv: process: Fix kernel gp leakage |
| CVE-2024-35872 | 2024-05-19 | mm/secretmem: fix GUP-fast succeeding on secretmem folios |
| CVE-2024-35873 | 2024-05-19 | riscv: Fix vector state restore in rt_sigreturn() |
| CVE-2024-35874 | 2024-05-19 | aio: Fix null ptr deref in aio_complete() wakeup |
| CVE-2024-35875 | 2024-05-19 | x86/coco: Require seeding RNG with RDRAND on CoCo systems |
| CVE-2024-35877 | 2024-05-19 | x86/mm/pat: fix VM_PAT handling in COW mappings |
| CVE-2024-35878 | 2024-05-19 | of: module: prevent NULL pointer dereference in vsnprintf() |
| CVE-2024-35879 | 2024-05-19 | of: dynamic: Synchronize of_changeset_destroy() with the devlink removals |
| CVE-2024-35880 | 2024-05-19 | io_uring/kbuf: hold io_buffer_list reference over mmap |
| CVE-2024-35882 | 2024-05-19 | SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP |
| CVE-2024-35883 | 2024-05-19 | spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe |
| CVE-2024-35884 | 2024-05-19 | udp: do not accept non-tunnel GSO skbs landing in a tunnel |
| CVE-2024-35885 | 2024-05-19 | mlxbf_gige: stop interface during shutdown |
| CVE-2024-35886 | 2024-05-19 | ipv6: Fix infinite recursion in fib6_dump_done(). |
| CVE-2024-35887 | 2024-05-19 | ax25: fix use-after-free bugs caused by ax25_ds_del_timer |
| CVE-2024-35888 | 2024-05-19 | erspan: make sure erspan_base_hdr is present in skb->head |
| CVE-2024-35889 | 2024-05-19 | idpf: fix kernel panic on unknown packet types |
| CVE-2024-35890 | 2024-05-19 | gro: fix ownership transfer |
| CVE-2024-35891 | 2024-05-19 | net: phy: micrel: Fix potential null pointer dereference |
| CVE-2024-35892 | 2024-05-19 | net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() |
| CVE-2024-35893 | 2024-05-19 | net/sched: act_skbmod: prevent kernel-infoleak |
| CVE-2024-35894 | 2024-05-19 | mptcp: prevent BPF accessing lowat from a subflow socket. |
| CVE-2024-35895 | 2024-05-19 | bpf, sockmap: Prevent lock inversion deadlock in map delete elem |
| CVE-2024-35896 | 2024-05-19 | netfilter: validate user input for expected length |
| CVE-2024-35897 | 2024-05-19 | netfilter: nf_tables: discard table flag update with pending basechain deletion |
| CVE-2024-35898 | 2024-05-19 | netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() |
| CVE-2024-35899 | 2024-05-19 | netfilter: nf_tables: flush pending destroy work before exit_net release |
| CVE-2024-35900 | 2024-05-19 | netfilter: nf_tables: reject new basechain after table flag update |
| CVE-2024-35901 | 2024-05-19 | net: mana: Fix Rx DMA datasize and skb_over_panic |
| CVE-2024-35902 | 2024-05-19 | net/rds: fix possible cp null dereference |
| CVE-2024-35903 | 2024-05-19 | x86/bpf: Fix IP after emitting call depth accounting |
| CVE-2024-35904 | 2024-05-19 | selinux: avoid dereference of garbage after mount failure |
| CVE-2024-35905 | 2024-05-19 | bpf: Protect against int overflow for stack access size |
| CVE-2024-35907 | 2024-05-19 | mlxbf_gige: call request_irq() after NAPI initialized |
| CVE-2024-35908 | 2024-05-19 | tls: get psock ref after taking rxlock to avoid leak |
| CVE-2024-35909 | 2024-05-19 | net: wwan: t7xx: Split 64bit accesses to fix alignment issues |