CVE List - 2024 / June
Showing 2001 - 2100 of 3082 CVEs for June 2024 (Page 21 of 31)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-3984 | 2024-06-19 | EmbedSocial – Social Media Feeds, Reviews and Galleries <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-5724 | 2024-06-19 | Photo Video Gallery Master <= 1.5.3 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-5649 | 2024-06-19 | Universal Slider <= 1.6.5 - Authenticated (Contributor+) PHP Object Injection |
| CVE-2024-5768 | 2024-06-19 | MIMO Woocommerce Order Tracking <= 1.0.2 - Missing Authorization to Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4623 | 2024-06-19 | Blogmentor – Blog Layouts for Elementor <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via pagination_style Parameter |
| CVE-2024-2381 | 2024-06-19 | AliExpress Dropshipping with AliNext Lite <= 3.3.5 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-3229 | 2024-06-19 | Salon Booking System <= 10.2 - Unauthenticated Arbitrary File Upload |
| CVE-2024-35298 | 2024-06-19 | Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions prior to 7.39.6 allows an attacker to lead a user to access an arbitrary website... |
| CVE-2024-5343 | 2024-06-19 | Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.19 - Cross-Site Request Forgery to Post Creation and Limited Data Loss |
| CVE-2024-5574 | 2024-06-19 | WP Magazine Modules Lite <= 1.1.2 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2023-6692 | 2024-06-19 | Ultimate Blocks – WordPress Blocks Plugin <= 3.0.8 - Authenticated(Contributor+) Stored Cross-Site Scripting via metabox |
| CVE-2024-6132 | 2024-06-19 | Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2024-5853 | 2024-06-19 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.6 - Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2024-5208 | 2024-06-19 | Uncontrolled Resource Consumption in mintplex-labs/anything-llm |
| CVE-2024-36978 | 2024-06-19 | net: sched: sch_multiq: fix possible OOB write in multiq_tune() |
| CVE-2024-37881 | 2024-06-19 | SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions... |
| CVE-2024-36252 | 2024-06-19 | Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on... |
| CVE-2024-36480 | 2024-06-19 | Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where... |
| CVE-2024-37124 | 2024-06-19 | Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the... |
| CVE-2024-37387 | 2024-06-19 | Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, files in the PC where the product is installed may be altered. |
| CVE-2024-3894 | 2024-06-19 | Photo Gallery, Images, Slider in Rbs Image Gallery <= 3.2.19 - Authenticated (Author+) Stored Cross-Site Scripting via Image Title |
| CVE-2024-1407 | 2024-06-19 | Paid Memberships Pro <= 2.12.10 - Cross-Site Request Forgery to Membership Modification |
| CVE-2024-0789 | 2024-06-19 | WP Maintenance <= 6.1.9.2 - IP Spoofing to Maintenance Mode Bypass |
| CVE-2024-0383 | 2024-06-19 | WP Recipe Maker <= 9.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group_tag' |
| CVE-2023-6495 | 2024-06-19 | YARPP – Yet Another Related Posts Plugin <= 5.30.9 - Authenticated(Administrator+) Cross-Site Scripting |
| CVE-2024-4632 | 2024-06-19 | WooCommerce Checkout & Funnel Builder by CartFlows – Create High Converting Stores For WooCommerce <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-5676 | 2024-06-19 | Paradox IP150 Internet Module Cross-Site Request Forgery |
| CVE-2023-50900 | 2024-06-19 | WordPress Master Slider plugin <= 3.9.10 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-35780 | 2024-06-19 | WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ PHP Object Injection vulnerability |
| CVE-2024-35765 | 2024-06-19 | WordPress Greenshift – animation and page builder blocks plugin <= 8.8.9.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2023-48761 | 2024-06-19 | WordPress JetElements For Elementor plugin <= 2.6.13 - Broken Access Control vulnerability |
| CVE-2023-48760 | 2024-06-19 | WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-48759 | 2024-06-19 | WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Arbitrary Attachment Download vulnerability |
| CVE-2023-47788 | 2024-06-19 | WordPress Jetpack plugin < 12.7 - Contributor+ Broken Access Control vulnerability |
| CVE-2023-47783 | 2024-06-19 | WordPress Thrive Theme Builder theme < 3.24.0 - Multiple Authenticated Broken Access Control vulnerability |
| CVE-2023-47771 | 2024-06-19 | WordPress Essential Grid plugin <= 3.0.18 - Multiple Authenticated Broken Access Control vulnerability |
| CVE-2023-47681 | 2024-06-19 | WordPress WooCommerce Checkout Manager plugin <= 7.3.0 - Broken Access Control vulnerability |
| CVE-2023-47770 | 2024-06-19 | WordPress BeTheme theme <= 27.1.1 - Contributor+ Broken Access Control vulnerability |
| CVE-2023-46148 | 2024-06-19 | WordPress Themify Ultra theme <= 7.3.5 - Authenticated Arbitrary Settings Change vulnerability |
| CVE-2023-46146 | 2024-06-19 | WordPress Themify Ultra theme <= 7.3.5 - Multiple Broken Access Control vulnerability |
| CVE-2023-45658 | 2024-06-19 | WordPress Nexter theme <= 2.0.3 - Broken Access Control vulnerability |
| CVE-2023-44151 | 2024-06-19 | WordPress Pre-Publish Checklist plugin <= 1.1.1 - Broken Access Control vulnerability |
| CVE-2023-44148 | 2024-06-19 | WordPress Astra Bulk Edit plugin <= 1.2.7 - Broken Access Control vulnerability |
| CVE-2023-40608 | 2024-06-19 | WordPress Paid Memberships Pro CCBill Gateway plugin <= 0.3 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-40004 | 2024-06-19 | Unauth. Access Token Manipulation vulnerability in multiple ServMask WordPress plugins |
| CVE-2023-39998 | 2024-06-19 | WordPress BeTheme theme <= 27.1.1 - Author+ Broken Access Control vulnerability |
| CVE-2023-39993 | 2024-06-19 | WordPress ElementsKit Lite plugin <= 2.9.0 - Broken Access Control vulnerability |
| CVE-2023-39990 | 2024-06-19 | WordPress Paid Memberships Pro plugin <= 1.2.3 - Broken Access Control vulnerability |
| CVE-2023-39922 | 2024-06-19 | WordPress Avada theme <= 7.11.1 - Authenticated Broken Access Control vulnerability |
| CVE-2023-41805 | 2024-06-19 | Broken Access Control vulnerability in multiple Brainstorm Force plugins |
| CVE-2023-35049 | 2024-06-19 | WordPress WooCommerce Stripe Payment Gateway plugin <= 7.4.0 - Unauthenticated Broken Access Control vulnerability |
| CVE-2023-35050 | 2024-06-19 | WordPress Elementor Pro plugin <= 3.13.0 - Auth. Broken Access Control vulnerability |
| CVE-2023-37870 | 2024-06-19 | WordPress WooCommerce Warranty Requests plugin <= 2.1.9 - Broken Access Control vulnerability |
| CVE-2023-36512 | 2024-06-19 | WordPress AutomateWoo plugin <= 5.7.5 - Broken Access Control vulnerability |
| CVE-2023-38386 | 2024-06-19 | WordPress Ninja Forms plugin <= 3.6.25 - Contributor+ Broken Access Control vulnerability |
| CVE-2024-36979 | 2024-06-19 | net: bridge: mst: fix vlan use-after-free |
| CVE-2024-38538 | 2024-06-19 | net: bridge: xmit: make sure we have at least eth header len bytes |
| CVE-2024-38539 | 2024-06-19 | RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw |
| CVE-2024-38540 | 2024-06-19 | bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq |
| CVE-2024-38541 | 2024-06-19 | of: module: add buffer overflow check in of_modalias() |
| CVE-2024-38542 | 2024-06-19 | RDMA/mana_ib: boundary check before installing cq callbacks |
| CVE-2024-38543 | 2024-06-19 | lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure |
| CVE-2024-38544 | 2024-06-19 | RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt |
| CVE-2024-38545 | 2024-06-19 | RDMA/hns: Fix UAF for cq async event |
| CVE-2024-38546 | 2024-06-19 | drm: vc4: Fix possible null pointer dereference |
| CVE-2024-38547 | 2024-06-19 | media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries |
| CVE-2024-38548 | 2024-06-19 | drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference |
| CVE-2024-38549 | 2024-06-19 | drm/mediatek: Add 0 size check to mtk_drm_gem_obj |
| CVE-2024-38550 | 2024-06-19 | ASoC: kirkwood: Fix potential NULL dereference |
| CVE-2024-38551 | 2024-06-19 | ASoC: mediatek: Assign dummy when codec not specified for a DAI link |
| CVE-2024-38552 | 2024-06-19 | drm/amd/display: Fix potential index out of bounds in color transformation function |
| CVE-2024-38553 | 2024-06-19 | net: fec: remove .ndo_poll_controller to avoid deadlocks |
| CVE-2024-38554 | 2024-06-19 | ax25: Fix reference count leak issue of net_device |
| CVE-2024-38555 | 2024-06-19 | net/mlx5: Discard command completions in internal error |
| CVE-2024-38556 | 2024-06-19 | net/mlx5: Add a timeout to acquire the command queue semaphore |
| CVE-2024-38557 | 2024-06-19 | net/mlx5: Reload only IB representors upon lag disable/enable |
| CVE-2024-38558 | 2024-06-19 | net: openvswitch: fix overwriting ct original tuple for ICMPv6 |
| CVE-2024-38559 | 2024-06-19 | scsi: qedf: Ensure the copied buf is NUL terminated |
| CVE-2024-38560 | 2024-06-19 | scsi: bfa: Ensure the copied buf is NUL terminated |
| CVE-2024-38561 | 2024-06-19 | kunit: Fix kthread reference |
| CVE-2024-38562 | 2024-06-19 | wifi: nl80211: Avoid address calculations via out of bounds array indexing |
| CVE-2024-38563 | 2024-06-19 | wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature |
| CVE-2024-38564 | 2024-06-19 | bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE |
| CVE-2024-38565 | 2024-06-19 | wifi: ar5523: enable proper endpoint verification |
| CVE-2024-38566 | 2024-06-19 | bpf: Fix verifier assumptions about socket->sk |
| CVE-2024-38567 | 2024-06-19 | wifi: carl9170: add a proper sanity check for endpoints |
| CVE-2024-38568 | 2024-06-19 | drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group |
| CVE-2024-38569 | 2024-06-19 | drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group |
| CVE-2024-38570 | 2024-06-19 | gfs2: Fix potential glock use-after-free on unmount |
| CVE-2024-38571 | 2024-06-19 | thermal/drivers/tsens: Fix null pointer dereference |
| CVE-2024-38572 | 2024-06-19 | wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() |
| CVE-2024-38573 | 2024-06-19 | cppc_cpufreq: Fix possible null pointer dereference |
| CVE-2024-38574 | 2024-06-19 | libbpf: Prevent null-pointer dereference when prog to load has no BTF |
| CVE-2024-38575 | 2024-06-19 | wifi: brcmfmac: pcie: handle randbuf allocation failure |
| CVE-2024-38576 | 2024-06-19 | rcu: Fix buffer overflow in print_cpu_stall_info() |
| CVE-2024-38577 | 2024-06-19 | rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow |
| CVE-2024-38578 | 2024-06-19 | ecryptfs: Fix buffer size for tag 66 packet |
| CVE-2024-38579 | 2024-06-19 | crypto: bcm - Fix pointer arithmetic |
| CVE-2024-38580 | 2024-06-19 | epoll: be better about file lifetimes |
| CVE-2024-38581 | 2024-06-19 | drm/amdgpu/mes: fix use-after-free issue |