CVE List - 2024 / June
Showing 2301 - 2400 of 3082 CVEs for June 2024 (Page 24 of 31)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-48753 | 2024-06-20 | block: fix memory leak in disk_register_independent_access_ranges |
| CVE-2022-48754 | 2024-06-20 | phylib: fix potential use-after-free |
| CVE-2022-48755 | 2024-06-20 | powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06 |
| CVE-2022-48756 | 2024-06-20 | drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable |
| CVE-2022-48757 | 2024-06-20 | net: fix information leakage in /proc/net/ptype |
| CVE-2022-48758 | 2024-06-20 | scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() |
| CVE-2022-48759 | 2024-06-20 | rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev |
| CVE-2022-48760 | 2024-06-20 | USB: core: Fix hang in usb_kill_urb by adding memory barriers |
| CVE-2022-48761 | 2024-06-20 | usb: xhci-plat: fix crash when suspend if remote wake enable |
| CVE-2022-48762 | 2024-06-20 | arm64: extable: fix load_unaligned_zeropad() reg indices |
| CVE-2022-48763 | 2024-06-20 | KVM: x86: Forcibly leave nested virt when SMM state is toggled |
| CVE-2022-48764 | 2024-06-20 | KVM: x86: Free kvm_cpuid_entry2 array on post-KVM_RUN KVM_SET_CPUID{,2} |
| CVE-2022-48765 | 2024-06-20 | KVM: LAPIC: Also cancel preemption timer during SET_LAPIC |
| CVE-2022-48766 | 2024-06-20 | drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU. |
| CVE-2022-48767 | 2024-06-20 | ceph: properly put ceph_string reference after async create attempt |
| CVE-2022-48768 | 2024-06-20 | tracing/histogram: Fix a potential memory leak for kstrdup() |
| CVE-2022-48769 | 2024-06-20 | efi: runtime: avoid EFIv2 runtime services on Apple x86 machines |
| CVE-2022-48770 | 2024-06-20 | bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack() |
| CVE-2022-48771 | 2024-06-20 | drm/vmwgfx: Fix stale file descriptors on failed usercopy |
| CVE-2024-6183 | 2024-06-20 | EZ-Suite EZ-Partner Forgot Password cross site scripting |
| CVE-2024-6184 | 2024-06-20 | Ruijie RG-UAC reboot_commit.php os command injection |
| CVE-2023-52883 | 2024-06-20 | drm/amdgpu: Fix possible null pointer dereference |
| CVE-2024-6185 | 2024-06-20 | Ruijie RG-UAC commit.php get_ip_addr_details os command injection |
| CVE-2021-4439 | 2024-06-20 | isdn: cpai: check ctr->cnr to avoid array index out of bound |
| CVE-2023-49110 | 2024-06-20 | XML External Entity Injection in Kiuwan SAST |
| CVE-2024-6186 | 2024-06-20 | Ruijie RG-UAC commit.php os command injection |
| CVE-2023-49111 | 2024-06-20 | Reflected Cross-Site-Scripting in Kiuwan SAST |
| CVE-2023-49112 | 2024-06-20 | Insecure Direct Object Reference in Kiuwan SAST |
| CVE-2023-49113 | 2024-06-20 | Sensitive Data Stored Insecurely in Kiuwan SAST Local Analyzer |
| CVE-2024-6187 | 2024-06-20 | Ruijie RG-UAC sub_commit.php os command injection |
| CVE-2024-37532 | 2024-06-20 | IBM WebSphere Application Server identity spoofing |
| CVE-2024-6188 | 2024-06-20 | Parsec Automation TrackSYS pagedefinition direct request |
| CVE-2024-6189 | 2024-06-20 | Tenda A301 WifiExtraSet fromSetWirelessRepeat stack-based overflow |
| CVE-2024-5156 | 2024-06-20 | Flatsome <= 3.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-37222 | 2024-06-20 | WordPress Master Slider plugin <= 3.10.0 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-6190 | 2024-06-20 | itsourcecode Farm Management System Login index.php sql injection |
| CVE-2024-6191 | 2024-06-20 | itsourcecode Student Management System Login Page login.php sql injection |
| CVE-2024-6162 | 2024-06-20 | Undertow: url-encoded request path information can be broken on ajp-listener |
| CVE-2024-6192 | 2024-06-20 | itsourcecode Loan Management System Login Page login.php sql injection |
| CVE-2024-6193 | 2024-06-20 | itsourcecode Vehicle Management System driverprofile.php sql injection |
| CVE-2024-6194 | 2024-06-20 | itsourcecode Tailoring Management System editmeasurement.php sql injection |
| CVE-2024-6195 | 2024-06-20 | itsourcecode Tailoring Management System orderadd.php sql injection |
| CVE-2024-6196 | 2024-06-20 | itsourcecode Banking Management System admin_class.php sql injection |
| CVE-2024-37343 | 2024-06-20 | Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06 |
| CVE-2024-37344 | 2024-06-20 | Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06 |
| CVE-2024-37345 | 2024-06-20 | Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06 |
| CVE-2024-37346 | 2024-06-20 | Insufficient input validation vulnerability in the Absolute Secure Access Warehouse prior to 13.06 |
| CVE-2024-37347 | 2024-06-20 | Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06 |
| CVE-2024-37348 | 2024-06-20 | Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06 |
| CVE-2024-37349 | 2024-06-20 | Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06 |
| CVE-2024-37350 | 2024-06-20 | Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06 |
| CVE-2024-37351 | 2024-06-20 | Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06 |
| CVE-2024-37352 | 2024-06-20 | Cross-site scripting vulnerability in the Absolute Secure Access administrative console prior to 13.06 |
| CVE-2024-37897 | 2024-06-20 | Insufficient access control for password reset in sftpgo |
| CVE-2024-38093 | 2024-06-20 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-38082 | 2024-06-20 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-6147 | 2024-06-20 | Poly Plantronics Hub Link Following Local Privilege Escalation Vulnerability |
| CVE-2024-6153 | 2024-06-20 | Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability |
| CVE-2024-6154 | 2024-06-20 | Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability |
| CVE-2024-5746 | 2024-06-20 | A Server-Side Request Forgery vulnerability was identified in GitHub Enterprise... |
| CVE-2024-37183 | 2024-06-20 | Westermo L210-F2G Lynx Cleartext Transmission of Sensitive Information |
| CVE-2024-35246 | 2024-06-20 | Westermo L210-F2G Lynx Improper Control of Interaction Frequency |
| CVE-2024-32943 | 2024-06-20 | Westermo L210-F2G Lynx Improper Control of Interaction Frequency |
| CVE-2024-37899 | 2024-06-20 | Disabling a user account changes its author, allowing RCE from user account in XWiki |
| CVE-2024-38359 | 2024-06-20 | Lightning Network Daemon Onion Bomb |
| CVE-2024-38361 | 2024-06-20 | Permissions processing error in spacedb |
| CVE-2012-6664 | 2024-06-21 | Multiple directory traversal vulnerabilities in the TFTP Server in Distinct... |
| CVE-2014-5470 | 2024-06-21 | Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters... |
| CVE-2022-42974 | 2024-06-21 | In Kostal PIKO 1.5-1 MP plus HMI OEM p 1.0.1,... |
| CVE-2024-34452 | 2024-06-21 | CMSimple_XH 1.7.6 allows XSS by uploading a crafted SVG document. |
| CVE-2024-34989 | 2024-06-21 | In the module RSI PDF/HTML catalog evolution (prestapdf) <= 7.0.0... |
| CVE-2024-36532 | 2024-06-21 | Insecure permissions in kruise v1.6.2 allows attackers to access sensitive... |
| CVE-2024-37654 | 2024-06-21 | An issue in BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD,... |
| CVE-2024-37672 | 2024-06-21 | Cross Site Scripting vulnerability in Tessi Docubase Document Management product... |
| CVE-2024-37673 | 2024-06-21 | Cross Site Scripting vulnerability in Tessi Docubase Document Management product... |
| CVE-2021-47621 | 2024-06-21 | ClassGraph before 4.8.112 was not resistant to XML eXternal Entity... |
| CVE-2024-35537 | 2024-06-21 | TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS... |
| CVE-2024-37671 | 2024-06-21 | Cross Site Scripting vulnerability in Tessi Docubase Document Management product... |
| CVE-2024-37675 | 2024-06-21 | Cross Site Scripting vulnerability in Tessi Docubase Document Management product... |
| CVE-2024-38873 | 2024-06-21 | An issue was discovered in the friendlycaptcha_official (aka Integration of... |
| CVE-2024-38874 | 2024-06-21 | An issue was discovered in the events2 (aka Events 2)... |
| CVE-2024-6212 | 2024-06-21 | SourceCodester Simple Student Attendance System student_form.php get_student cross site scripting |
| CVE-2024-6213 | 2024-06-21 | SourceCodester Food Ordering Management System Login Panel login.php sql injection |
| CVE-2024-6214 | 2024-06-21 | SourceCodester Food Ordering Management System add-item.php sql injection |
| CVE-2024-6215 | 2024-06-21 | SourceCodester Food Ordering Management System view-ticket-admin.php sql injection |
| CVE-2024-6216 | 2024-06-21 | SourceCodester Food Ordering Management System add-users.php sql injection |
| CVE-2024-6217 | 2024-06-21 | SourceCodester Food Ordering Management System user-router.php sql injection |
| CVE-2024-6218 | 2024-06-21 | itsourcecode Vehicle Management System busprofile.php sql injection |
| CVE-2024-5344 | 2024-06-21 | The Plus Addons for Elementor Page Builder <= 5.5.6 - Reflected Cross-Site Scripting via WP Login and Register Widget |
| CVE-2024-5503 | 2024-06-21 | WP Blog Post Layouts <= 1.1.3 - Authenticated (Contributor+) Local File Inlcusion |
| CVE-2024-3610 | 2024-06-21 | WP Child Theme Generator <= 1.1.1 - Missing Authorization to Unauthenticated Child Theme Creation/Activation |
| CVE-2024-1639 | 2024-06-21 | License Manager for WooCommerce <= 3.0.7 - Improper Authorization to Authenticated(Contributor+) Sensitive Information Exposure |
| CVE-2024-1955 | 2024-06-21 | Hide Dashboard Notifications <= 1.3 - Missing Authorization to Authenticated(Contributor+) Plugin Settings Modification |
| CVE-2023-3352 | 2024-06-21 | Smush – Lazy Load Images, Optimize & Compress Images <= 3.16.4 - Missing Authorization to Resmush List Deletion |
| CVE-2024-5455 | 2024-06-21 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.5.6 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-3961 | 2024-06-21 | ConvertKit <= 2.4.9 - Missing Authorization |
| CVE-2024-5756 | 2024-06-21 | Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin |
| CVE-2024-4377 | 2024-06-21 | DOP Shortcodes <= 1.2 - Contributor+ Stored XSS via Shortcode |
| CVE-2024-4381 | 2024-06-21 | CB (legacy) <= 0.9.4.18 - Admin+ Stored XSS |
| CVE-2024-4382 | 2024-06-21 | CB (legacy) <= 0.9.4.18 - Code/Timeframe/Booking Deletion via CSRF |