CVE List - 2024 / July
Showing 1001 - 1100 of 3115 CVEs for July 2024 (Page 11 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-7062 | 2024-07-10 | Advanced File Manager Shortcodes <= 2.4 - Authenticated (Contributor+) Directory Traversal |
| CVE-2024-5792 | 2024-07-10 | Houzez CRM <= 1.4.2 - Authenticated (Seller+) SQL Injection |
| CVE-2024-38301 | 2024-07-10 | Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the... |
| CVE-2023-32472 | 2024-07-10 | Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of... |
| CVE-2023-32467 | 2024-07-10 | Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of... |
| CVE-2024-6550 | 2024-07-10 | Gravity Forms: Multiple Form Instances <= 1.1.1 - Unauthenticated Full Path Disclosure |
| CVE-2024-6411 | 2024-07-10 | ProfileGrid – User Profiles, Groups and Communities <= 5.8.9 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation |
| CVE-2024-6410 | 2024-07-10 | ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference |
| CVE-2024-21523 | 2024-07-10 | All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an... |
| CVE-2024-21525 | 2024-07-10 | All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new... |
| CVE-2024-21522 | 2024-07-10 | All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked... |
| CVE-2024-21526 | 2024-07-10 | All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to... |
| CVE-2024-21524 | 2024-07-10 | All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty... |
| CVE-2024-21521 | 2024-07-10 | All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Exploiting this vulnerability... |
| CVE-2024-39886 | 2024-07-10 | TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App communicates with TONE store website in cleartext, a man-in-the-middle attack may allow... |
| CVE-2024-39927 | 2024-07-10 | Out-of-bounds write vulnerability exists in Ricoh MFPs and printers. If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a... |
| CVE-2024-36450 | 2024-07-10 | Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user... |
| CVE-2024-36451 | 2024-07-10 | Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an... |
| CVE-2024-36452 | 2024-07-10 | Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious... |
| CVE-2024-36453 | 2024-07-10 | Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on... |
| CVE-2024-39488 | 2024-07-10 | arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY |
| CVE-2024-39489 | 2024-07-10 | ipv6: sr: fix memleak in seg6_hmac_init_algo |
| CVE-2024-39490 | 2024-07-10 | ipv6: sr: fix missing sk_buff release in seg6_input_core |
| CVE-2024-39491 | 2024-07-10 | ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance |
| CVE-2024-39492 | 2024-07-10 | mailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox shutdown |
| CVE-2024-39493 | 2024-07-10 | crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak |
| CVE-2023-6813 | 2024-07-10 | Login by Auth0 <= 4.6.0 - Reflected Cross-Site Scripting via wle |
| CVE-2024-5664 | 2024-07-10 | MP3 Audio Player for Music, Radio & Podcast by Sonaar <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode |
| CVE-2024-6421 | 2024-07-10 | Pepperl+Fuchs: Incorrectly configured FTP-Server in OIT Products |
| CVE-2024-6422 | 2024-07-10 | Pepperl+Fuchs: OIT Products can be manipulated via unintended Telnet access |
| CVE-2024-6556 | 2024-07-10 | SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer <= 3.10.8 - Unauthenticated Full Path Disclosure |
| CVE-2024-3798 | 2024-07-10 | Insecure handling of GET argument in Phoniebox |
| CVE-2024-3799 | 2024-07-10 | Shell command injection in Phoniebox |
| CVE-2024-28827 | 2024-07-10 | Privilege escalation in Windows agent |
| CVE-2024-28828 | 2024-07-10 | 1-Click compromize via CSRF |
| CVE-2023-35006 | 2024-07-10 | IBM Security ReaQta HTML injection |
| CVE-2023-33859 | 2024-07-10 | IBM Security ReaQta information disclosure |
| CVE-2023-33860 | 2024-07-10 | IBM Security ReaQta information disclosure |
| CVE-2024-20456 | 2024-07-10 | A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified... |
| CVE-2024-4879 | 2024-07-10 | Jelly Template Injection Vulnerability in ServiceNow UI Macros |
| CVE-2024-5178 | 2024-07-10 | Incomplete Input Validation in SecurelyAccess API |
| CVE-2024-5217 | 2024-07-10 | Incomplete Input Validation in GlideExpression Script |
| CVE-2024-6644 | 2024-07-10 | zmops ArgusDBM AviatorScript CalculateAlarm.java getDefaultClassLoader deserialization |
| CVE-2024-6645 | 2024-07-10 | WuKongOpenSource Wukong_nocode AviatorScript ExpressionUtil.java deserialization |
| CVE-2024-3325 | 2024-07-10 | JasperReports Server Driver upload vulnerability |
| CVE-2024-6646 | 2024-07-10 | Netgear WN604 Web Interface downloadFile.php information disclosure |
| CVE-2024-32759 | 2024-07-10 | Johnson Controls Software House C●CURE 9000 installer password strength |
| CVE-2024-37504 | 2024-07-10 | WordPress FileBird Document Library plugin <= 2.0.6 - Sensitive Data Exposure vulnerability |
| CVE-2024-37498 | 2024-07-10 | WordPress Tablesome plugin <= 1.0.33 - Sensitive Data Exposure via API vulnerability |
| CVE-2024-37270 | 2024-07-10 | WordPress TrustedLogin Vendor plugin < 1.1.1 - Sensitive Data Exposure vulnerability |
| CVE-2024-37205 | 2024-07-10 | WordPress affiliate-toolkit plugin <= 3.4.4 - Sensitive Data Exposure via Log File vulnerability |
| CVE-2024-37115 | 2024-07-10 | WordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerability |
| CVE-2024-37113 | 2024-07-10 | WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Database Backup Download vulnerability |
| CVE-2024-37110 | 2024-07-10 | WordPress WishList Member X plugin < 3.26.7 - Unauthenticated Settings & Users Data Dump vulnerability |
| CVE-2024-6647 | 2024-07-10 | Croogo Setting Theme unrestricted upload |
| CVE-2024-27090 | 2024-07-10 | Decidim vulnerable to data disclosure through the embed feature |
| CVE-2024-6649 | 2024-07-10 | SourceCodester Employee and Visitor Gate Pass Logging System Users.php save_users cross-site request forgery |
| CVE-2024-37147 | 2024-07-10 | GLPI allows Authenticated File Upload to Restricted Tickets |
| CVE-2024-5910 | 2024-07-10 | Expedition: Missing Authentication Leads to Admin Account Takeover |
| CVE-2024-5911 | 2024-07-10 | PAN-OS: File Upload Vulnerability in the Panorama Web Interface |
| CVE-2024-5912 | 2024-07-10 | Cortex XDR Agent: Improper File Signature Verification Checks |
| CVE-2024-5913 | 2024-07-10 | PAN-OS: Improper Input Validation Vulnerability in PAN-OS |
| CVE-2024-5491 | 2024-07-10 | Denial of Service |
| CVE-2024-5492 | 2024-07-10 | Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites |
| CVE-2024-27095 | 2024-07-10 | Decidim cross-site scripting (XSS) in the admin panel |
| CVE-2024-6235 | 2024-07-10 | Sensitive information disclosure |
| CVE-2024-32469 | 2024-07-10 | Decidim has cross-site scripting (XSS) in the pagination |
| CVE-2024-37148 | 2024-07-10 | GLPI allows account takeover via SQL Injection in AJAX scripts |
| CVE-2024-37149 | 2024-07-10 | GLPI allows remote code execution through the plugin loader |
| CVE-2024-37310 | 2024-07-10 | EVerest has an integer overflow in the "v2g_incoming_v2gtp" function |
| CVE-2024-38354 | 2024-07-10 | Cross-site Scripting in Hackmd.io Notes lead by HTML Injection |
| CVE-2024-38353 | 2024-07-10 | CodiMD - Missing Image Access Controls and Unauthorized Image Access |
| CVE-2024-39693 | 2024-07-10 | Next.js Denial of Service (DoS) condition |
| CVE-2024-6236 | 2024-07-10 | Denial of Service |
| CVE-2024-6151 | 2024-07-10 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges |
| CVE-2024-6286 | 2024-07-10 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges |
| CVE-2024-6150 | 2024-07-10 | A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning |
| CVE-2024-6148 | 2024-07-10 | Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5 |
| CVE-2024-6149 | 2024-07-10 | Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5 |
| CVE-2024-6650 | 2024-07-10 | SourceCodester Employee and Visitor Gate Pass Logging System Master.php save_designation cross site scripting |
| CVE-2024-39554 | 2024-07-10 | Junos OS and Junos OS Evolved: BGP multipath incremental calculation is resulting in an rpd crash |
| CVE-2024-39555 | 2024-07-10 | Junos OS and Junos OS Evolved: Receipt of a specific malformed BGP update causes the session to reset |
| CVE-2024-39556 | 2024-07-10 | Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow |
| CVE-2024-39557 | 2024-07-10 | Junos OS Evolved: MAC table changes cause a memory leak |
| CVE-2024-39558 | 2024-07-10 | Junos OS and Junos OS Evolved: Receipt of specific PIM packet causes rpd crash when PIM is configured along with MoFRR |
| CVE-2024-39559 | 2024-07-10 | Junos OS Evolved: Receipt of a specific TCP packet may result in a system crash (vmcore) on dual RE systems with NSR enabled |
| CVE-2024-6037 | 2024-07-10 | Arbitrary Folder Creation in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-39560 | 2024-07-10 | Junos OS and Junos OS Evolved: Memory leak due to RSVP neighbor persistent error leading to kernel crash |
| CVE-2024-39561 | 2024-07-10 | Junos OS: SRX4600, SRX5000 Series: TCP packets with SYN/FIN or SYN/RST are transferred after enabling no-syn-check with Express Path |
| CVE-2024-39562 | 2024-07-10 | Junos OS Evolved: A high rate of SSH connections causes a Denial of Service |
| CVE-2024-39565 | 2024-07-10 | Junos OS: J-Web: An unauthenticated, network-based attacker can perform XPATH injection attack against a device. |
| CVE-2024-6036 | 2024-07-10 | Denial of Service in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-39511 | 2024-07-10 | Junos OS: The 802.1X Authentication Daemon crashes on running a specific command |
| CVE-2024-6652 | 2024-07-10 | itsourcecode Gym Management System manage_member.php sql injection |
| CVE-2024-39512 | 2024-07-10 | Junos OS Evolved: User is not logged out when the console cable is disconnected |
| CVE-2024-39513 | 2024-07-10 | Junos OS Evolved: Execution of a specific CLI command will cause a crash in the AFT manager |
| CVE-2024-39514 | 2024-07-10 | Junos OS and Junos OS Evolved: Receiving specific traffic on devices with EVPN-VPWS with IGMP-snooping enabled will cause the rpd to crash |
| CVE-2024-39517 | 2024-07-10 | Junos OS and Junos OS Evolved: Upon processing specific L2 traffic, rpd can hang in devices with EVPN/VXLAN configured |
| CVE-2024-39518 | 2024-07-10 | Junos OS: MX240, MX480, MX960 platforms using MPC10E: Memory leak will be observed when subscribed to a specific subscription on Junos Telemetry Interface |
| CVE-2024-6447 | 2024-07-10 | FULL <= 3.1.12 - Unauthenticated Stored Cross-Site Scripting via License Plan Parameter |