CVE List - 2024 / June
Showing 2701 - 2800 of 3082 CVEs for June 2024 (Page 28 of 31)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-6303 | 2024-06-25 | Missing Authorization in Conduit |
| CVE-2024-6302 | 2024-06-25 | Improper Handling of Insufficient Permissions or Privileges in Conduit |
| CVE-2024-6301 | 2024-06-25 | Origin Validation Error in Conduit |
| CVE-2024-6299 | 2024-06-25 | Use of a Key Past its Expiration Date in Conduit |
| CVE-2024-32111 | 2024-06-25 | WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability |
| CVE-2024-5451 | 2024-06-25 | The7 — Website and eCommerce Builder for WordPress <= 11.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute |
| CVE-2024-21827 | 2024-06-25 | A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can... |
| CVE-2024-37085 | 2024-06-25 | VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use... |
| CVE-2024-37086 | 2024-06-25 | VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a... |
| CVE-2024-37087 | 2024-06-25 | The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition. |
| CVE-2021-4440 | 2024-06-25 | x86/xen: Drop USERGS_SYSRET64 paravirt call |
| CVE-2022-48772 | 2024-06-25 | media: lgdt3306a: Add a check against null-pointer-def |
| CVE-2024-37078 | 2024-06-25 | nilfs2: fix potential kernel bug due to lack of writeback flag waiting |
| CVE-2024-37354 | 2024-06-25 | btrfs: fix crash on racing fsync and size-extending write into prealloc |
| CVE-2024-38306 | 2024-06-25 | btrfs: protect folio::private when attaching extent buffer folios |
| CVE-2024-38385 | 2024-06-25 | genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() |
| CVE-2024-38661 | 2024-06-25 | s390/ap: Fix crash in AP internal function modify_bitmap() |
| CVE-2024-39276 | 2024-06-25 | ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() |
| CVE-2024-39293 | 2024-06-25 | Revert "xsk: Support redirect to any socket bound to the same umem" |
| CVE-2024-39296 | 2024-06-25 | bonding: fix oops during rmmod |
| CVE-2024-39298 | 2024-06-25 | mm/memory-failure: fix handling of dissolved but not taken off from buddy pages |
| CVE-2024-39301 | 2024-06-25 | net/9p: fix uninit-value in p9_client_rpc() |
| CVE-2024-39371 | 2024-06-25 | io_uring: check for non-NULL file pointer in io_file_can_poll() |
| CVE-2024-39461 | 2024-06-25 | clk: bcm: rpi: Assign ->num before accessing ->hws |
| CVE-2024-39462 | 2024-06-25 | clk: bcm: dvp: Assign ->num before accessing ->hws |
| CVE-2024-39463 | 2024-06-25 | 9p: add missing locking around taking dentry fid list |
| CVE-2024-39464 | 2024-06-25 | media: v4l: async: Fix notifier list entry init |
| CVE-2024-39465 | 2024-06-25 | media: mgb4: Fix double debugfs remove |
| CVE-2024-39466 | 2024-06-25 | thermal/drivers/qcom/lmh: Check for SCM availability at probe |
| CVE-2024-39467 | 2024-06-25 | f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() |
| CVE-2024-39468 | 2024-06-25 | smb: client: fix deadlock in smb2_find_smb_tcon() |
| CVE-2024-39469 | 2024-06-25 | nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors |
| CVE-2024-39470 | 2024-06-25 | eventfs: Fix a possible null pointer dereference in eventfs_find_events() |
| CVE-2024-39471 | 2024-06-25 | drm/amdgpu: add error handle to avoid out-of-bounds |
| CVE-2024-5805 | 2024-06-25 | MOVEit Gateway Authentication Bypass Vulnerability |
| CVE-2024-5806 | 2024-06-25 | MOVEit Transfer Authentication Bypass Vulnerability |
| CVE-2023-37541 | 2024-06-25 | HCL Connections is vulnerable to broken access control |
| CVE-2024-0171 | 2024-06-25 | Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources. |
| CVE-2024-5988 | 2024-06-25 | Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability |
| CVE-2024-5989 | 2024-06-25 | Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability |
| CVE-2024-5990 | 2024-06-25 | ThinManager® ThinServer™ Improper Input Validation Vulnerability |
| CVE-2024-6238 | 2024-06-25 | pgAdmin 4 Installation Directory permission issue |
| CVE-2024-6257 | 2024-06-25 | HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation |
| CVE-2024-6308 | 2024-06-25 | itsourcecode Simple Online Hotel Reservation System index.php sql injection |
| CVE-2024-5276 | 2024-06-25 | SQL Injection Vulnerability in FileCatalyst Workflow 5.1.6 Build 135 (and earlier) |
| CVE-2024-37167 | 2024-06-25 | Tuleap has improper permissions of the backlog items |
| CVE-2024-37894 | 2024-06-25 | Squid vulnerable to heap corruption in ESI assign |
| CVE-2024-4883 | 2024-06-25 | WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-4884 | 2024-06-25 | WhatsUp Gold CommunityController Unrestricted File Upload Remote Code Execution Vulnerability |
| CVE-2024-4885 | 2024-06-25 | WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability |
| CVE-2024-4498 | 2024-06-25 | Path Traversal and RFI Vulnerability in parisneo/lollms-webui |
| CVE-2024-5008 | 2024-06-25 | WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability |
| CVE-2024-5009 | 2024-06-25 | WhatsUp Gold SetAdminPassword Improper Access Control Privilege Escalation Vulnerability |
| CVE-2024-5010 | 2024-06-25 | WhatsUp Gold TestController multiple information disclosure vulnerabilities |
| CVE-2024-5011 | 2024-06-25 | WhatsUp Gold TestController Chart denial of service vulnerability |
| CVE-2024-6206 | 2024-06-25 | A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the... |
| CVE-2024-38516 | 2024-06-25 | Aimeos HTML client may potentially reveal sensitive information in error log |
| CVE-2024-5012 | 2024-06-25 | WhatsUp Gold Missing Authentication GetWindowsCredential Information Disclosure Vulnerability |
| CVE-2024-5013 | 2024-06-25 | WhatsUp Gold InstallController Denial-of-Service Vulnerability |
| CVE-2024-5014 | 2024-06-25 | WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure |
| CVE-2024-5015 | 2024-06-25 | WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability |
| CVE-2024-5016 | 2024-06-25 | WhatsUp Gold OnMessage Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| CVE-2024-5017 | 2024-06-25 | WhatsUp Gold AppProfileImport path traversal vulnerability |
| CVE-2024-5018 | 2024-06-25 | WhatsUp Gold LoadUsingBasePath Directory Traversal Information Disclosure Vulnerability |
| CVE-2024-5019 | 2024-06-25 | WhatsUp Gold LoadCSSUsingBasePath Directory Traversal Information Disclosure Vulnerability |
| CVE-2024-30112 | 2024-06-25 | HCL Connections is vulnerable to a cross-site scripting (XSS) vulnerability |
| CVE-2024-6060 | 2024-06-25 | An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information. |
| CVE-2024-29953 | 2024-06-25 | Encoded session passwords on session storage for Virtual Fabric platforms |
| CVE-2024-4869 | 2024-06-25 | WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.2.0 - Unauthenticated Stored Cross-Site Scripting via Client-IP header |
| CVE-2024-29954 | 2024-06-25 | password management API prints sensitive information in log files |
| CVE-2024-38364 | 2024-06-25 | DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document |
| CVE-2024-38526 | 2024-06-25 | pdoc embeds link to malicious CDN if math mode is enabled |
| CVE-2024-5460 | 2024-06-25 | Brocade Fabric OS versions prior to v9.0 have default community strings |
| CVE-2023-26877 | 2024-06-26 | File upload vulnerability found in Softexpert Excellence Suite v.2.1 allows attackers to execute arbitrary code via a .php file upload to the form/efms_exec_html/file_upload_parser.php endpoint. |
| CVE-2024-23765 | 2024-06-26 | An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes an unidentified service on port 7412 on the network. All the network services of the gateway... |
| CVE-2024-23767 | 2024-06-26 | An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. The HICP protocol allows unauthenticated changes to a device's network configurations. |
| CVE-2024-33326 | 2024-06-26 | A cross-site scripting (XSS) vulnerability in the component XsltResultControllerHtml.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2024-33327 | 2024-06-26 | A cross-site scripting (XSS) vulnerability in the component UrlAccessibilityEvaluation.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2024-34580 | 2024-06-26 | Apache XML Security for C++ through 2.0.4 implements the XML Signature Syntax and Processing (XMLDsig) specification without protection against an SSRF payload in a KeyInfo element. NOTE: the project disputes... |
| CVE-2024-34581 | 2024-06-26 | The W3C XML Signature Syntax and Processing (XMLDsig) specification, starting with 1.0, was originally published with a "RetrievalMethod is a URI ... that may be used to obtain key and/or... |
| CVE-2024-35545 | 2024-06-26 | MAP-OS v4.45.0 and earlier was discovered to contain a cross-site scripting (XSS) vulnerability. |
| CVE-2024-36829 | 2024-06-26 | Incorrect access control in Teldat M1 v11.00.05.50.01 allows attackers to obtain sensitive information via a crafted query string. |
| CVE-2024-37571 | 2024-06-26 | Buffer Overflow vulnerability in SAS Broker 9.2 build 1495 allows attackers to cause denial of service or obtain sensitive information via crafted payload to the '_debug' parameter. |
| CVE-2024-37734 | 2024-06-26 | An issue in OpenEMR 7.0.2 allows a remote attacker to escalate privileges viaa crafted POST request using the noteid parameter. |
| CVE-2024-38949 | 2024-06-26 | Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc |
| CVE-2024-38950 | 2024-06-26 | Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function. |
| CVE-2024-39243 | 2024-06-26 | An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save. |
| CVE-2024-23766 | 2024-06-26 | An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET request to a specific URL triggers the... |
| CVE-2024-33328 | 2024-06-26 | A cross-site scripting (XSS) vulnerability in the component main.jsp of Lumisxp v15.0.x to v16.1.x allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2024-33329 | 2024-06-26 | A hardcoded privileged ID within Lumisxp v15.0.x to v16.1.x allows attackers to bypass authentication and access internal pages and other sensitive information. |
| CVE-2024-39241 | 2024-06-26 | Cross Site Scripting (XSS) vulnerability in skycaiji 2.8 allows attackers to run arbitrary code via /admin/tool/preview. |
| CVE-2024-39242 | 2024-06-26 | A cross-site scripting (XSS) vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using eval(String.fromCharCode()). |
| CVE-2024-24764 | 2024-06-26 | October Open Redirect for Administrator Accounts |
| CVE-2024-5173 | 2024-06-26 | HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings |
| CVE-2024-28973 | 2024-06-26 | Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading... |
| CVE-2024-29176 | 2024-06-26 | Dell PowerProtect DD, version(s) 8.0, 7.13.1.0, 7.10.1.30, 7.7.5.40, contain(s) an Out-of-bounds Write vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
| CVE-2024-29177 | 2024-06-26 | Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this... |
| CVE-2024-29173 | 2024-06-26 | Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability,... |
| CVE-2024-5181 | 2024-06-26 | Command Injection in mudler/localai |
| CVE-2024-29174 | 2024-06-26 | Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution... |