CVE List - 2024 / May
Showing 3501 - 3600 of 4994 CVEs for May 2024 (Page 36 of 50)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-35976 | 2024-05-20 | xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING |
| CVE-2024-35977 | 2024-05-20 | platform/chrome: cros_ec_uart: properly fix race condition |
| CVE-2024-35978 | 2024-05-20 | Bluetooth: Fix memory leak in hci_req_sync_complete() |
| CVE-2024-35979 | 2024-05-20 | raid1: fix use-after-free for original bio in raid1_write_request() |
| CVE-2024-35980 | 2024-05-20 | arm64: tlb: Fix TLBI RANGE operand |
| CVE-2024-35981 | 2024-05-20 | virtio_net: Do not send RSS key if it is not supported |
| CVE-2024-35982 | 2024-05-20 | batman-adv: Avoid infinite loop trying to resize local TT |
| CVE-2024-35983 | 2024-05-20 | bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS |
| CVE-2024-35984 | 2024-05-20 | i2c: smbus: fix NULL function pointer dereference |
| CVE-2024-35985 | 2024-05-20 | sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf() |
| CVE-2024-35986 | 2024-05-20 | phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered |
| CVE-2024-35987 | 2024-05-20 | riscv: Fix loading 64-bit NOMMU kernels past the start of RAM |
| CVE-2024-35988 | 2024-05-20 | riscv: Fix TASK_SIZE on 64-bit NOMMU |
| CVE-2024-35989 | 2024-05-20 | dmaengine: idxd: Fix oops during rmmod on single-CPU platforms |
| CVE-2024-35990 | 2024-05-20 | dma: xilinx_dpdma: Fix locking |
| CVE-2024-35991 | 2024-05-20 | dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue |
| CVE-2024-35992 | 2024-05-20 | phy: marvell: a3700-comphy: Fix out of bounds read |
| CVE-2024-35993 | 2024-05-20 | mm: turn folio_test_hugetlb into a PageType |
| CVE-2024-35994 | 2024-05-20 | firmware: qcom: uefisecapp: Fix memory related IO errors and crashes |
| CVE-2024-35995 | 2024-05-20 | ACPI: CPPC: Use access_width over bit_width for system memory accesses |
| CVE-2024-35996 | 2024-05-20 | cpu: Re-enable CPU mitigations by default for !X86 architectures |
| CVE-2024-35997 | 2024-05-20 | HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up |
| CVE-2024-35998 | 2024-05-20 | smb3: fix lock ordering potential deadlock in cifs_sync_mid_result |
| CVE-2024-35999 | 2024-05-20 | smb3: missing lock when picking channel |
| CVE-2024-36000 | 2024-05-20 | mm/hugetlb: fix missing hugetlb_lock for resv uncharge |
| CVE-2024-36001 | 2024-05-20 | netfs: Fix the pre-flush when appending to a file in writethrough mode |
| CVE-2024-36002 | 2024-05-20 | dpll: fix dpll_pin_on_pin_register() for multiple parent pins |
| CVE-2024-36003 | 2024-05-20 | ice: fix LAG and VF lock dependency in ice_reset_vf() |
| CVE-2024-36004 | 2024-05-20 | i40e: Do not use WQ_MEM_RECLAIM flag for workqueue |
| CVE-2024-36005 | 2024-05-20 | netfilter: nf_tables: honor table dormant flag from netdev release event path |
| CVE-2024-36006 | 2024-05-20 | mlxsw: spectrum_acl_tcam: Fix incorrect list API usage |
| CVE-2024-36007 | 2024-05-20 | mlxsw: spectrum_acl_tcam: Fix warning during rehash |
| CVE-2024-36008 | 2024-05-20 | ipv4: check for NULL idev in ip_route_use_hint() |
| CVE-2024-36009 | 2024-05-20 | ax25: Fix netdev refcount issue |
| CVE-2024-4323 | 2024-05-20 | Fluent Bit Memory Corruption Vulnerability |
| CVE-2023-49330 | 2024-05-20 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data. |
| CVE-2024-4287 | 2024-05-20 | Improper Input Validation in mintplex-labs/anything-llm |
| CVE-2024-27312 | 2024-05-20 | Authorization vulnerability in PAM360 |
| CVE-2024-34952 | 2024-05-20 | taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-34953 | 2024-05-20 | An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file |
| CVE-2024-3482 | 2024-05-20 | OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS |
| CVE-2024-2835 | 2024-05-20 | OpenText ArcSight Enterprise Security Manager and ArcSight Platform Stored XSS |
| CVE-2024-4151 | 2024-05-20 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-34947 | 2024-05-20 | Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect attack. |
| CVE-2024-34948 | 2024-05-20 | An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP connections. |
| CVE-2024-24294 | 2024-05-20 | A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js. |
| CVE-2024-0401 | 2024-05-20 | ASUS OVPN RCE |
| CVE-2024-29651 | 2024-05-20 | A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() functions. |
| CVE-2024-31714 | 2024-05-20 | Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an attacker to cause a denial of service via the Lua library component. |
| CVE-2024-35571 | 2024-05-20 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. |
| CVE-2024-35580 | 2024-05-20 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. |
| CVE-2024-24293 | 2024-05-20 | A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js. |
| CVE-2024-35579 | 2024-05-20 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv. |
| CVE-2024-35576 | 2024-05-20 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. |
| CVE-2024-35578 | 2024-05-20 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. |
| CVE-2024-34193 | 2024-05-20 | smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading. |
| CVE-2023-49331 | 2024-05-20 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option. |
| CVE-2023-49332 | 2024-05-20 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares. |
| CVE-2024-34949 | 2024-05-20 | SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint. |
| CVE-2023-49333 | 2024-05-20 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature. |
| CVE-2023-49334 | 2024-05-20 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report. |
| CVE-2023-49335 | 2024-05-20 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details. |
| CVE-2024-29000 | 2024-05-20 | SolarWinds Platform Reflected XSS Vulnerability |
| CVE-2024-35195 | 2024-05-20 | Requests `Session` object does not verify requests after making first request with verify=False |
| CVE-2024-33901 | 2024-05-20 | Issue in KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover some passwords stored in the .kdbx database via a memory dump. NOTE: the vendor... |
| CVE-2024-35191 | 2024-05-20 | verbb/formie Server-Side Template Injection for variable-enabled settings |
| CVE-2024-33900 | 2024-05-20 | KeePassXC 2.7.7 allows an attacker (who has the privileges of the victim) to recover cleartext credentials via a memory dump. NOTE: the vendor disputes this because memory-management constraints make this... |
| CVE-2024-35192 | 2024-05-20 | Trivy possibly leaks registry credential when scanning images from malicious registries |
| CVE-2024-35194 | 2024-05-20 | Stacklok Minder vulnerable to denial of service from maliciously crafted templates |
| CVE-2024-4985 | 2024-05-20 | An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to... |
| CVE-2024-34710 | 2024-05-20 | Wiki.js Stored XSS through Client Side Template Injection |
| CVE-2024-5145 | 2024-05-20 | SourceCodester Vehicle Management System HTTP POST Request newdriver.php unrestricted upload |
| CVE-2024-35056 | 2024-05-21 | NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_packets and insert functions. |
| CVE-2024-35057 | 2024-05-21 | An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet. |
| CVE-2024-35058 | 2024-05-21 | An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via supplying a crafted string. |
| CVE-2024-35059 | 2024-05-21 | An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands. |
| CVE-2024-35060 | 2024-05-21 | An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary commands via supplying a crafted YAML file. |
| CVE-2024-35061 | 2024-05-21 | NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, allowing attackers to execute a man-in-the-middle attack. When chained with CVE-2024-35059, the CVE in subject... |
| CVE-2024-36039 | 2024-05-21 | PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict. |
| CVE-2023-37929 | 2024-05-21 | The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a... |
| CVE-2024-0816 | 2024-05-21 | The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted... |
| CVE-2024-3155 | 2024-05-21 | Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel – Combo Blocks <= 2.2.80 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4943 | 2024-05-21 | Blocksy <= 2.0.46 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-2189 | 2024-05-21 | Social Icons Widget & Block < 4.2.18 - Admin+ Stored XSS |
| CVE-2024-4061 | 2024-05-21 | Survey Maker < 4.2.9 - Admin+ Stored XSS via Plugin Settings |
| CVE-2024-4289 | 2024-05-21 | Sailthru Triggermail <= 1.1 - Reflected XSS |
| CVE-2024-4290 | 2024-05-21 | Sailthru Triggermail <= 1.1 - Admin+ Stored XSS |
| CVE-2024-4372 | 2024-05-21 | Carousel Slider < 2.2.11 - Editor+ Stored XSS |
| CVE-2024-4710 | 2024-05-21 | Uber Menu <= 3.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes |
| CVE-2024-4470 | 2024-05-21 | Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4442 | 2024-05-21 | Salon booking system <= 9.8 - Unauthenticated Arbitrary File Deletion |
| CVE-2024-4875 | 2024-05-21 | HT Mega – Absolute Addons For Elementor <= 2.5.2 - Missing Authorization to Options Update |
| CVE-2024-4566 | 2024-05-21 | ShopLentor <= 2.8.8 - Missing Authorization to WordPress Option Modification |
| CVE-2024-3345 | 2024-05-21 | ShopLentor <= 2.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via woolentorsearch Shortcode |
| CVE-2024-4700 | 2024-05-21 | WP Table Builder – WordPress Table Plugin <= 1.4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4695 | 2024-05-21 | Move Addons for Elementor <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-4553 | 2024-05-21 | WP Shortcodes Plugin — Shortcodes Ultimate <= 7.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_members Shortcode |
| CVE-2023-3938 | 2024-05-21 | Bypassing ZkTeco-based OEM devices/ZKTeco biometric authentication system via SQLi in QR code |
| CVE-2024-4435 | 2024-05-21 | BTreeMap memory leak when deallocating nodes with overflows |
| CVE-2023-3939 | 2024-05-21 | Multiple command injection in ZkTeco-based OEM devices |