CVE List - 2024 / July
Showing 1101 - 1200 of 3115 CVEs for July 2024 (Page 12 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-29946 | 2024-07-11 | NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one... |
| CVE-2024-36435 | 2024-07-11 | An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to... |
| CVE-2024-6653 | 2024-07-11 | code-projects Simple Task List Login loginForm.php sql injection |
| CVE-2024-40618 | 2024-07-11 | Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension. |
| CVE-2024-6676 | 2024-07-11 | witmy my-springsecurity-plus user sql injection |
| CVE-2024-6210 | 2024-07-11 | Duplicator <= 1.5.9 - Full Path Disclosure |
| CVE-2016-15039 | 2024-07-11 | mhuertos phpLDAPadmin ajax_functions.js makeHttpRequest request smuggling |
| CVE-2024-23485 | 2024-07-11 | Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation (CWE-1304) in the Controller 6000 and 7000 can lead to secured door locks connected via Aperio Communication Hubs... |
| CVE-2024-22387 | 2024-07-11 | External Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to unexpected behavior... |
| CVE-2024-23194 | 2024-07-11 | Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagher Command... |
| CVE-2024-23317 | 2024-07-11 | External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to perform arbitrary code execution. This... |
| CVE-2024-6554 | 2024-07-11 | Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.18 - Unauthenticated Full Path Disclosure |
| CVE-2024-6397 | 2024-07-11 | InstaWP Connect – 1-click WP Staging & Migration <= 0.1.0.44 - Authentication Bypass to Admin |
| CVE-2024-0619 | 2024-07-11 | Payflex Payment Gateway <= 2.5.0 - Missing Authorization to Order Status Update |
| CVE-2024-22280 | 2024-07-11 | VMSA-2024-0017: VMware Aria Automation updates address SQL-injection vulnerability (CVE-2024-22280) |
| CVE-2024-1845 | 2024-07-11 | VikRentCar Car Rental Management System < 1.3.2 - Cross Site Request Forgery |
| CVE-2024-4655 | 2024-07-11 | Ultimate Blocks < 3.1.9 - Contributor+ Stored XSS |
| CVE-2024-5444 | 2024-07-11 | Bible Text <= 0.2 - Contributor+ Stored XSS |
| CVE-2024-6025 | 2024-07-11 | Quiz and Survey Master < 9.0.5 - Contributor+ Stored XSS |
| CVE-2024-6026 | 2024-07-11 | Slider by 10Web < 1.2.56 - Editor+ Stored XSS |
| CVE-2024-6138 | 2024-07-11 | Secure Copy Content Protection < 4.0.9 - Admin+ Stored XSS |
| CVE-2024-6256 | 2024-07-11 | Feeds for YouTube (YouTube video, channel, and gallery plugin) <= 2.2.1 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-6624 | 2024-07-11 | JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation |
| CVE-2024-6666 | 2024-07-11 | WP ERP <= 1.13.0 - Authenticated (Accounting Manager+) SQL Injection via vendor_id |
| CVE-2024-6385 | 2024-07-11 | Improper Access Control in GitLab |
| CVE-2024-5470 | 2024-07-11 | Improper Access Control in GitLab |
| CVE-2024-5257 | 2024-07-11 | Improper Access Control in GitLab |
| CVE-2024-2880 | 2024-07-11 | Improper Access Control in GitLab |
| CVE-2024-38433 | 2024-07-11 | Nuvoton - CWE-305: Authentication Bypass by Primary Weakness |
| CVE-2024-5679 | 2024-07-11 | CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, or kernel memory leak when a malicious actor with local user access crafts a script/program using an IOCTL call in... |
| CVE-2024-5680 | 2024-07-11 | CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service when a malicious actor with local user access crafts a script/program using an IOCTL call in the... |
| CVE-2024-5681 | 2024-07-11 | CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an... |
| CVE-2024-2602 | 2024-07-11 | CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could result in remote code execution when an authenticated user executes a saved project file... |
| CVE-2024-6528 | 2024-07-11 | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause a vulnerability leading to a cross-site scripting condition where attackers can have a victim’s... |
| CVE-2024-6407 | 2024-07-11 | CWE-200: Information Exposure vulnerability exists that could cause disclosure of credentials when a specially crafted message is sent to the device. |
| CVE-2024-6035 | 2024-07-11 | Stored XSS in gaizhenbiao/chuanhuchatgpt |
| CVE-2024-37151 | 2024-07-11 | Suricata defrag: IP ID reuse can lead to policy bypass |
| CVE-2024-38534 | 2024-07-11 | Suricata modbus: txs without responses are never freed |
| CVE-2024-28872 | 2024-07-11 | Incorrect TLS certificate validation can lead to escalated privileges |
| CVE-2024-38535 | 2024-07-11 | Suricata http2: oom from duplicate headers |
| CVE-2024-38536 | 2024-07-11 | Suricata http/range: NULL-ptr deref when http.memcap is reached |
| CVE-2024-6679 | 2024-07-11 | witmy my-springsecurity-plus role sql injection |
| CVE-2024-39317 | 2024-07-11 | Wagtail regular expression denial-of-service via search query parsing |
| CVE-2024-32753 | 2024-07-11 | TYCO Illustra Pro Gen 4 - JQuery version |
| CVE-2024-39904 | 2024-07-11 | Code Execution Vulnerability via Local File Path Traversal in Vnote |
| CVE-2024-39905 | 2024-07-11 | Red-DiscordBot vulnerable to Incorrect Authorization in commands API |
| CVE-2024-39519 | 2024-07-11 | Junos OS Evolved: ACX 7000 Series: Multicast traffic is looped in a multihoming EVPN MPLS scenario |
| CVE-2024-39520 | 2024-07-11 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation |
| CVE-2024-39521 | 2024-07-11 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation |
| CVE-2024-39522 | 2024-07-11 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation |
| CVE-2024-6680 | 2024-07-11 | witmy my-springsecurity-plus build sql injection |
| CVE-2024-39523 | 2024-07-11 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation |
| CVE-2024-39524 | 2024-07-11 | Junos OS Evolved: CLI parameter processing issue allows privilege escalation |
| CVE-2024-39528 | 2024-07-11 | Junos OS and Junos OS Evolved: Concurrent deletion of a routing-instance and receipt of an SNMP request cause an RPD crash |
| CVE-2024-39529 | 2024-07-11 | Junos OS: SRX Series: If DNS traceoptions are configured in a DGA or tunnel detection scenario specific DNS traffic leads to a PFE crash |
| CVE-2024-39530 | 2024-07-11 | Junos OS: Attempting to access specific sensors on platforms not supporting these will lead to a chassisd crash |
| CVE-2024-39531 | 2024-07-11 | Junos OS Evolved: ACX 7000 Series: Protocol specific DDoS configuration affects other protocols |
| CVE-2024-39532 | 2024-07-11 | Junos OS and Junos OS Evolved: Confidential information in logs can be accessed by another user |
| CVE-2024-39533 | 2024-07-11 | Junos OS: QFX5000 Series and EX4600 Series: Output firewall filter is not applied if certain match criteria are used |
| CVE-2024-39535 | 2024-07-11 | Junos OS Evolved: ACX 7000 Series: When specific traffic is received in a VPLS scenario evo-pfemand crashes |
| CVE-2024-39536 | 2024-07-11 | Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak |
| CVE-2024-39537 | 2024-07-11 | Junos OS Evolved: ACX7000 Series: Ports which have been inadvertently exposed can be reached over the network |
| CVE-2024-39538 | 2024-07-11 | Junos OS Evolved: ACX7000 Series: When multicast traffic with a specific (S,G) is received evo-pfemand crashes |
| CVE-2024-39539 | 2024-07-11 | Junos OS: MX Series: Continuous subscriber logins will lead to a memory leak and eventually an FPC crash |
| CVE-2024-39540 | 2024-07-11 | Junos OS: SRX Series, and MX Series with SPC3: Specific valid TCP traffic can cause a pfe crash |
| CVE-2024-39541 | 2024-07-11 | Junos OS and Junos OS Evolved: Inconsistent information in the TE database can lead to an rpd crash |
| CVE-2024-39542 | 2024-07-11 | Junos OS and Junos OS Evolved: A malformed CFM packet or specific transit traffic leads to FPC crash |
| CVE-2024-39543 | 2024-07-11 | Junos OS and Junos OS Evolved: Receipt of a large RPKI-RTR PDU packet can cause rpd to crash |
| CVE-2024-39545 | 2024-07-11 | Junos OS: SRX Series, MX Series with SPC3 and NFX350: When VPN tunnels parameters are not configured in specific way the iked process will crash |
| CVE-2024-39546 | 2024-07-11 | Junos OS Evolved: Local low-privilege user can gain root permissions leading to privilege escalation |
| CVE-2024-39548 | 2024-07-11 | Junos OS Evolved: Receipt of specific packets in the aftmand process will lead to a memory leak |
| CVE-2024-39549 | 2024-07-11 | Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to a memory leak |
| CVE-2024-39550 | 2024-07-11 | Junos OS: MX Series with SPC3 line card: Port flaps causes rtlogd memory leak leading to Denial of Service |
| CVE-2024-39551 | 2024-07-11 | Junos OS: SRX Series and MX Series with SPC3 and MS-MPC/MIC: Receipt of specific packets in H.323 ALG causes traffic drop |
| CVE-2024-39552 | 2024-07-11 | Junos OS and Junos OS Evolved: Malformed BGP UPDATE causes RPD crash |
| CVE-2024-6681 | 2024-07-11 | witmy my-springsecurity-plus dept sql injection |
| CVE-2024-39553 | 2024-07-11 | Junos OS Evolved: Receipt of arbitrary data when sampling service is enabled, leads to partial Denial of Service (DoS). |
| CVE-2024-6485 | 2024-07-11 | XSS in Bootstrap button component |
| CVE-2024-6468 | 2024-07-11 | Vault Vulnerable to Denial of Service When Setting a Proxy Protocol Behavior |
| CVE-2024-6392 | 2024-07-11 | Image Optimizer, Resizer and CDN – Sirv <= 7.2.7 - Authenticated(Subscriber+) Missing Authorization to Plugin Settings Update |
| CVE-2024-30213 | 2024-07-12 | StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution. |
| CVE-2024-39340 | 2024-07-12 | The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification (when OTP is enabled) in both the administration web interface and the user portal.... |
| CVE-2024-40110 | 2024-07-12 | Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php. |
| CVE-2024-40518 | 2024-07-12 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_weixin.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated... |
| CVE-2024-40520 | 2024-07-12 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_config_mark.php directly splicing and writing the user input data into inc_photowatermark_config.php without processing it, which allows authenticated... |
| CVE-2024-40539 | 2024-07-12 | my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/user. |
| CVE-2024-40540 | 2024-07-12 | my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept. |
| CVE-2024-40541 | 2024-07-12 | my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/dept/build. |
| CVE-2024-40542 | 2024-07-12 | my-springsecurity-plus before v2024.07.03 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /api/role?offset. |
| CVE-2024-40543 | 2024-07-12 | PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/ueditor?action=catchimage. |
| CVE-2024-40545 | 2024-07-12 | An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2024-40546 | 2024-07-12 | An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2024-40548 | 2024-07-12 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2024-40550 | 2024-07-12 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2024-40551 | 2024-07-12 | An arbitrary file upload vulnerability in the component /admin/cmsTemplate/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2024-31947 | 2024-07-12 | StoneFly Storage Concentrator (SC and SCVM) before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information. |
| CVE-2024-40519 | 2024-07-12 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is caused by admin_smtp.php directly splicing and writing the user input data into weixin.php without processing it, which allows authenticated... |
| CVE-2024-40521 | 2024-07-12 | SeaCMS 12.9 has a remote code execution vulnerability. The vulnerability is due to the fact that although admin_template.php imposes certain restrictions on the edited file, attackers can still bypass the... |
| CVE-2024-40522 | 2024-07-12 | There is a remote code execution vulnerability in SeaCMS 12.9. The vulnerability is caused by phomebak.php writing some variable names passed in without filtering them before writing them into the... |
| CVE-2024-40544 | 2024-07-12 | PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery (SSRF) via the component /admin/#maintenance_sysTask/edit. |