CVE List - 2024 / June
Showing 2801 - 2900 of 3082 CVEs for June 2024 (Page 29 of 31)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-29175 | 2024-06-26 | Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle... |
| CVE-2024-27867 | 2024-06-26 | An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones... |
| CVE-2024-37138 | 2024-06-26 | Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this... |
| CVE-2024-37139 | 2024-06-26 | Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote... |
| CVE-2024-37140 | 2024-06-26 | Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially... |
| CVE-2024-37141 | 2024-06-26 | Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to... |
| CVE-2024-21520 | 2024-06-26 | Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with <br> tags. |
| CVE-2024-4105 | 2024-06-26 | A vulnerability has been found in FAST/TOOLS and CI Server. The affected product's WEB HMI server's function to process HTTP requests has a security flaw (Reflected XSS) that allows the... |
| CVE-2024-4106 | 2024-06-26 | A vulnerability has been found in FAST/TOOLS and CI Server. The affected products have built-in accounts with no passwords set. Therefore, if the product is operated without a password set... |
| CVE-2024-5332 | 2024-06-26 | Exclusive Addons for Elementor <= 2.6.9.8 - Authenticated (Contibutor+) Stored Cross-Site Scripting via Card Widget |
| CVE-2024-3633 | 2024-06-26 | WebP & SVG Support <= 1.4.0 - Author+ Stored XSS via SVG |
| CVE-2024-4758 | 2024-06-26 | Muslim Prayer Time BD <= 2.4 - Settings Reset via CSRF |
| CVE-2024-4957 | 2024-06-26 | Frontend Checklist <= 2.3.2 - Admin+ Stored XSS |
| CVE-2024-4959 | 2024-06-26 | Frontend Checklist <= 2.3.2 - Admin+ Stored XSS via Items |
| CVE-2024-5071 | 2024-06-26 | Bookster <= 1.1.0 - Unauthenticated Appointment Status Update |
| CVE-2024-5169 | 2024-06-26 | Video Widget <= 1.2.3 - Admin+ Stored XSS via Widget |
| CVE-2024-5199 | 2024-06-26 | Spotify Play Button <= 1.0 - Contributor+ Stored XSS |
| CVE-2024-5473 | 2024-06-26 | Simple Photoswipe <= 0.1 - Admin+ Stored XSS |
| CVE-2024-5573 | 2024-06-26 | Easy Table of Contents < 2.0.66 - Admin+ Stored XSS |
| CVE-2024-5215 | 2024-06-26 | HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets |
| CVE-2024-28830 | 2024-06-26 | Automation user secrets written to audit log |
| CVE-2024-37252 | 2024-06-26 | WordPress Email Subscribers by Icegram Express plugin <= 5.7.25 - SQL Injection vulnerability |
| CVE-2024-6344 | 2024-06-26 | ZKTeco ZKBio CVSecurity V5000 Push Configuration Section cross site scripting |
| CVE-2024-37098 | 2024-06-26 | WordPress BlossomThemes Email Newsletter plugin <= 2.2.6 - Server Side Request Forgery (SSRF) vulnerability |
| CVE-2024-4228 | 2024-06-26 | SQLi in Magarsus Consultancy's SSO |
| CVE-2024-4604 | 2024-06-26 | Open Redirect in Magarsus Consultancy's SSO |
| CVE-2024-38271 | 2024-06-26 | Denial of Service in Quick Share |
| CVE-2024-38272 | 2024-06-26 | Auth Bypass in Quick Share |
| CVE-2024-25637 | 2024-06-26 | Reflected XSS via X-October-Request-Handler Header |
| CVE-2024-6354 | 2024-06-26 | Improper access control in PAM dashboard in Devolutions Remote Desktop Manager 2024.2.11 and earlier on Windows allows an authenticated user to bypass the execute permission via the use of the... |
| CVE-2024-39458 | 2024-06-26 | When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially... |
| CVE-2024-39459 | 2024-06-26 | In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by... |
| CVE-2024-39460 | 2024-06-26 | Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. |
| CVE-2024-38375 | 2024-06-26 | @fastly/js-compute use-after-free in some host call implementations |
| CVE-2024-38520 | 2024-06-26 | SoftEther VPN with L2TP - 2.75x Amplification |
| CVE-2024-38527 | 2024-06-26 | Cross-site Scripting in ZenUML |
| CVE-2024-1839 | 2024-06-26 | Intrado 911 Emergency Gateway login form is vulnerable to an unauthenticated blind time-based SQL injection, which may allow an unauthenticated remote attacker to execute malicious code, exfiltrate data, or manipulate... |
| CVE-2024-6355 | 2024-06-26 | Genexis Tilgin Fiber Home Gateway HG1522 cross site scripting |
| CVE-2024-37248 | 2024-06-26 | WordPress Anima theme <= 1.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-37247 | 2024-06-26 | WordPress jQuery T(-) Countdown Widget plugin <= 2.3.25 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-28982 | 2024-06-26 | Hitachi Vantara Pentaho Business Analytics Server - Improper Restriction of XML External Entity Reference |
| CVE-2024-28983 | 2024-06-26 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2024-28984 | 2024-06-26 | Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2024-6323 | 2024-06-26 | Improper Isolation or Compartmentalization in GitLab |
| CVE-2024-5430 | 2024-06-26 | Improper Access Control in GitLab |
| CVE-2024-5655 | 2024-06-26 | Improper Access Control in GitLab |
| CVE-2024-4901 | 2024-06-26 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-4557 | 2024-06-26 | Uncontrolled Resource Consumption in GitLab |
| CVE-2024-4011 | 2024-06-26 | Improper Access Control in GitLab |
| CVE-2024-3959 | 2024-06-26 | Improper Authorization in GitLab |
| CVE-2024-3115 | 2024-06-26 | Exposure of Sensitive Information to an Unauthorized Actor in GitLab |
| CVE-2024-2191 | 2024-06-26 | Improper Access Control in GitLab |
| CVE-2024-1816 | 2024-06-26 | Uncontrolled Resource Consumption in GitLab |
| CVE-2024-1493 | 2024-06-26 | Uncontrolled Resource Consumption in GitLab |
| CVE-2023-52892 | 2024-06-27 | In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in... |
| CVE-2024-28820 | 2024-06-27 | Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control... |
| CVE-2024-31802 | 2024-06-27 | DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code. |
| CVE-2024-36059 | 2024-06-27 | Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.5 allows attackers to read/write arbitrary files via the IEC61850 File Transfer protocol. |
| CVE-2024-36072 | 2024-06-27 | Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which... |
| CVE-2024-36073 | 2024-06-27 | Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent which allows... |
| CVE-2024-36074 | 2024-06-27 | Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock... |
| CVE-2024-36075 | 2024-06-27 | The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector... |
| CVE-2024-36755 | 2024-06-27 | D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change... |
| CVE-2024-39129 | 2024-06-27 | Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function PushTSBuf() at /src/PayloadBuf.cpp. |
| CVE-2024-39130 | 2024-06-27 | A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function DumpOneStream() at /src/DumpStream.cpp. |
| CVE-2024-39132 | 2024-06-27 | A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function VerifyCommandLine() at /src/DumpTS.cpp. |
| CVE-2024-39133 | 2024-06-27 | Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c. |
| CVE-2024-39134 | 2024-06-27 | A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c. |
| CVE-2024-39153 | 2024-06-27 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN. |
| CVE-2024-39154 | 2024-06-27 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN. |
| CVE-2024-39155 | 2024-06-27 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add. |
| CVE-2024-39156 | 2024-06-27 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add. |
| CVE-2024-39157 | 2024-06-27 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1. |
| CVE-2024-39158 | 2024-06-27 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet. |
| CVE-2024-39207 | 2024-06-27 | lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function. |
| CVE-2024-39208 | 2024-06-27 | luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials. |
| CVE-2024-39209 | 2024-06-27 | luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter. |
| CVE-2024-39669 | 2024-06-27 | In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and... |
| CVE-2024-39705 | 2024-06-27 | NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt. |
| CVE-2024-39708 | 2024-06-27 | An issue was discovered in the Agent in Delinea Privilege Manager (formerly Thycotic Privilege Manager) before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to... |
| CVE-2016-20022 | 2024-06-27 | In the Linux kernel before 4.8, usb_parse_endpoint in drivers/usb/core/config.c does not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported... |
| CVE-2024-6054 | 2024-06-27 | Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload |
| CVE-2024-5289 | 2024-06-27 | Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting in Google Maps Widget |
| CVE-2024-4569 | 2024-06-27 | Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-4570 | 2024-06-27 | Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-6283 | 2024-06-27 | DethemeKit For Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via URL Parameter of the De Gallery Widget |
| CVE-2024-1330 | 2024-06-27 | Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access |
| CVE-2024-3111 | 2024-06-27 | H5P < 1.15.8 - Contributor+ Stored XSS |
| CVE-2024-4664 | 2024-06-27 | WP Chat App < 3.6.5 - Admin+ Stored XSS |
| CVE-2024-4704 | 2024-06-27 | Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect |
| CVE-2024-22231 | 2024-06-27 | Syndic cache directory creation is vulnerable to a directory traversal attack |
| CVE-2024-22232 | 2024-06-27 | Specially crafted url can be created which leads to a directory traversal in the salt file server |
| CVE-2024-5601 | 2024-06-27 | Create by Mediavine <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Schema Meta Shortcode |
| CVE-2024-4983 | 2024-06-27 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.0- Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-0947 | 2024-06-27 | Cookies Manipulation in Talya Informatics' Elektraweb |
| CVE-2023-7270 | 2024-06-27 | Local Privilege Escalation via MSI installer |
| CVE-2024-0949 | 2024-06-27 | Improper Access Control in Talya Informatics' Elektraweb |
| CVE-2024-5535 | 2024-06-27 | SSL_select_next_proto buffer overread |
| CVE-2024-6262 | 2024-06-27 | Portfolio Gallery – Image Gallery Plugin <= 1.6.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-6367 | 2024-06-27 | LabVantage LIMS POST Request cross site scripting |