CVE List - 2024 / June
Showing 2201 - 2300 of 3082 CVEs for June 2024 (Page 23 of 31)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-38356 | 2024-06-19 | TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option |
| CVE-2024-38357 | 2024-06-19 | TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements |
| CVE-2024-5182 | 2024-06-19 | Path Traversal in mudler/localai |
| CVE-2024-6103 | 2024-06-19 | Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-6100 | 2024-06-19 | Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-6101 | 2024-06-19 | Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-6102 | 2024-06-19 | Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2022-45929 | 2024-06-20 | Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a... |
| CVE-2024-28397 | 2024-06-20 | An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. |
| CVE-2024-30848 | 2024-06-20 | Cross-site scripting (XSS) vulnerability in SilverSky E-mail service version 5.0.3126 allows remote attackers to inject arbitrary web script or HTML via the version parameter. |
| CVE-2024-31586 | 2024-06-20 | A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and... |
| CVE-2024-33335 | 2024-06-20 | SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted file. |
| CVE-2024-36071 | 2024-06-20 | Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted... |
| CVE-2024-37626 | 2024-06-20 | A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function. |
| CVE-2024-37674 | 2024-06-20 | Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity. |
| CVE-2024-37676 | 2024-06-20 | An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function. |
| CVE-2024-37699 | 2024-06-20 | An issue in DataLife Engine v.17.1 and before is vulnerable to SQL Injection in dboption. |
| CVE-2024-37818 | 2024-06-20 | Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /strapi.io/_next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a... |
| CVE-2022-41324 | 2024-06-20 | Northern.tech Mender 3.3.x before 3.3.2 and 3.4.x before 3.4.0 has Incorrect Access Control and allows low-privileged users default read access to some sensitive device information. |
| CVE-2024-29390 | 2024-06-20 | Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a... |
| CVE-2024-6176 | 2024-06-20 | Port scanning vulnerability in LG SuperSign CMS |
| CVE-2024-6177 | 2024-06-20 | XSS vulnerability in LG SuperSign CMS |
| CVE-2024-6178 | 2024-06-20 | XSS vulnerability in LG SuperSign CMS |
| CVE-2024-6179 | 2024-06-20 | XSS vulnerability in LG SuperSign CMS |
| CVE-2024-3602 | 2024-06-20 | Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer <= 1.1.0 - Missing Authorization |
| CVE-2024-3627 | 2024-06-20 | Wheel of Life: Coaching and Assessment Tool for Life Coach <= 1.1.7 - Missing Authorization on Several AJAX Endpoints |
| CVE-2024-4742 | 2024-06-20 | Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress <= 1.2.5 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-5432 | 2024-06-20 | Lifeline Donation <= 1.2.6 - Authentication Bypass |
| CVE-2024-4626 | 2024-06-20 | JetWidgets For Elementor <= 1.0.17 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_type and id Parameters |
| CVE-2024-3605 | 2024-06-20 | WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection |
| CVE-2024-3597 | 2024-06-20 | Export WP Page to Static HTML/CSS <= 2.2.2 - Open Redirect |
| CVE-2024-3558 | 2024-06-20 | Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via cfs[post_title] |
| CVE-2023-3204 | 2024-06-20 | Materialis <= 1.1.24 - Missing Authorization to Limited Arbitrary Options Update |
| CVE-2024-3561 | 2024-06-20 | Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) SQL Injection via Term Custom Field |
| CVE-2024-1168 | 2024-06-20 | SEOPress – On-site SEO <= 7.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Social Image URL |
| CVE-2024-3562 | 2024-06-20 | Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) PHP Code Injection via Loop Custom Field |
| CVE-2024-5213 | 2024-06-20 | Exposure of Sensitive Information in mintplex-labs/anything-llm |
| CVE-2024-5605 | 2024-06-20 | Media Library Assistant <= 3.16 - Authenticated (Contributor+) SQL Injection via order Parameter |
| CVE-2024-4390 | 2024-06-20 | Depicter <= 3.0.2 - Authenticated (Contributor+) Arbitrary Nonce Generation |
| CVE-2024-5686 | 2024-06-20 | WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Members Widget |
| CVE-2024-6113 | 2024-06-20 | itsourcecode Monbela Tourist Inn Online Reservation System login.php sql injection |
| CVE-2024-4565 | 2024-06-20 | Advanced Custom Fields < 6.3 - Contributor+ Custom Field Access |
| CVE-2024-5475 | 2024-06-20 | Responsive video embed < 0.5.1 - Contributor+ Stored XSS |
| CVE-2024-5522 | 2024-06-20 | HTML5 Video Player < 2.5.27 - Unauthenticated SQLi |
| CVE-2023-25646 | 2024-06-20 | Permission and Access Control Vulnerability in ZTE H388X |
| CVE-2024-38619 | 2024-06-20 | usb-storage: alauda: Check whether the media is initialized |
| CVE-2024-4098 | 2024-06-20 | Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion |
| CVE-2024-38620 | 2024-06-20 | Bluetooth: HCI: Remove HCI_AMP support |
| CVE-2024-29012 | 2024-06-20 | Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function. |
| CVE-2024-29013 | 2024-06-20 | Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function. |
| CVE-2024-34693 | 2024-06-20 | Apache Superset: Server arbitrary file read |
| CVE-2024-28147 | 2024-06-20 | Unrestricted Upload of Files in edu-sharing |
| CVE-2021-47617 | 2024-06-20 | PCI: pciehp: Fix infinite loop in IRQ handler upon power fault |
| CVE-2021-47618 | 2024-06-20 | ARM: 9170/1: fix panic when kasan and kprobe are enabled |
| CVE-2024-6181 | 2024-06-20 | LabVantage LIMS cross site scripting |
| CVE-2024-6182 | 2024-06-20 | LabVantage LIMS cross site scripting |
| CVE-2024-5036 | 2024-06-20 | Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.5.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2021-47619 | 2024-06-20 | i40e: Fix queues reservation for XDP |
| CVE-2021-47620 | 2024-06-20 | Bluetooth: refactor malicious adv data check |
| CVE-2022-48711 | 2024-06-20 | tipc: improve size validations for received domain records |
| CVE-2022-48712 | 2024-06-20 | ext4: fix error handling in ext4_fc_record_modified_inode() |
| CVE-2022-48713 | 2024-06-20 | perf/x86/intel/pt: Fix crash with stop filters in single-range mode |
| CVE-2022-48714 | 2024-06-20 | bpf: Use VM_MAP instead of VM_ALLOC for ringbuf |
| CVE-2022-48715 | 2024-06-20 | scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe |
| CVE-2022-48716 | 2024-06-20 | ASoC: codecs: wcd938x: fix incorrect used of portid |
| CVE-2022-48717 | 2024-06-20 | ASoC: max9759: fix underflow in speaker_gain_control_put() |
| CVE-2022-48718 | 2024-06-20 | drm: mxsfb: Fix NULL pointer dereference |
| CVE-2022-48719 | 2024-06-20 | net, neigh: Do not trigger immediate probes on NUD_FAILED from neigh_managed_work |
| CVE-2022-48720 | 2024-06-20 | net: macsec: Fix offload support for NETDEV_UNREGISTER event |
| CVE-2022-48721 | 2024-06-20 | net/smc: Forward wakeup to smc socket waitqueue after fallback |
| CVE-2022-48722 | 2024-06-20 | net: ieee802154: ca8210: Stop leaking skb's |
| CVE-2022-48723 | 2024-06-20 | spi: uniphier: fix reference count leak in uniphier_spi_probe() |
| CVE-2022-48724 | 2024-06-20 | iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() |
| CVE-2022-48725 | 2024-06-20 | RDMA/siw: Fix refcounting leak in siw_create_qp() |
| CVE-2022-48726 | 2024-06-20 | RDMA/ucma: Protect mc during concurrent multicast leaves |
| CVE-2022-48727 | 2024-06-20 | KVM: arm64: Avoid consuming a stale esr value when SError occur |
| CVE-2022-48728 | 2024-06-20 | IB/hfi1: Fix AIP early init panic |
| CVE-2022-48729 | 2024-06-20 | IB/hfi1: Fix panic with larger ipoib send_queue_size |
| CVE-2022-48730 | 2024-06-20 | dma-buf: heaps: Fix potential spectre v1 gadget |
| CVE-2022-48731 | 2024-06-20 | mm/kmemleak: avoid scanning potential huge holes |
| CVE-2022-48732 | 2024-06-20 | drm/nouveau: fix off by one in BIOS boundary checking |
| CVE-2022-48733 | 2024-06-20 | btrfs: fix use-after-free after failure to create a snapshot |
| CVE-2022-48734 | 2024-06-20 | btrfs: fix deadlock between quota disable and qgroup rescan worker |
| CVE-2022-48735 | 2024-06-20 | ALSA: hda: Fix UAF of leds class devs at unbinding |
| CVE-2022-48738 | 2024-06-20 | ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() |
| CVE-2022-48739 | 2024-06-20 | ASoC: hdmi-codec: Fix OOB memory accesses |
| CVE-2022-48740 | 2024-06-20 | selinux: fix double free of cond_list on error paths |
| CVE-2022-48741 | 2024-06-20 | ovl: fix NULL pointer dereference in copy up warning |
| CVE-2022-48742 | 2024-06-20 | rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() |
| CVE-2022-48743 | 2024-06-20 | net: amd-xgbe: Fix skb data length underflow |
| CVE-2022-48744 | 2024-06-20 | net/mlx5e: Avoid field-overflowing memcpy() |
| CVE-2022-48745 | 2024-06-20 | net/mlx5: Use del_timer_sync in fw reset flow of halting poll |
| CVE-2022-48746 | 2024-06-20 | net/mlx5e: Fix handling of wrong devices during bond netevent |
| CVE-2022-48747 | 2024-06-20 | block: Fix wrong offset in bio_truncate() |
| CVE-2022-48748 | 2024-06-20 | net: bridge: vlan: fix memory leak in __allowed_ingress |
| CVE-2022-48749 | 2024-06-20 | drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc |
| CVE-2022-48750 | 2024-06-20 | hwmon: (nct6775) Fix crash in clear_caseopen |
| CVE-2022-48751 | 2024-06-20 | net/smc: Transitional solution for clcsock race issue |
| CVE-2022-48752 | 2024-06-20 | powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending |
| CVE-2022-48753 | 2024-06-20 | block: fix memory leak in disk_register_independent_access_ranges |