CVE List - 2024 / July
Showing 1501 - 1600 of 3115 CVEs for July 2024 (Page 16 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-38491 | 2024-07-15 | Symantec Privileged Access Manager SQL Injection vulnerability |
| CVE-2024-38492 | 2024-07-15 | Symantec Privileged Access Manager Remote Command Execution vulnerability |
| CVE-2024-38493 | 2024-07-15 | Symantec Privileged Access Manager Reflected Cross Site Scripting vulnerability |
| CVE-2024-38494 | 2024-07-15 | Symantec Privileged Access Manager Remote Command Execution vulnerability |
| CVE-2024-38495 | 2024-07-15 | Symantec Privileged Access Manager User Enumeration vulnerability |
| CVE-2024-38496 | 2024-07-15 | Symantec Privileged Access Manager Insecure Direct Object Reference vulnerability |
| CVE-2024-27240 | 2024-07-15 | Zoom Apps for Windows - Improper Input Validation |
| CVE-2024-27241 | 2024-07-15 | Zoom Apps and SDKs - Improper Input Validation |
| CVE-2024-27238 | 2024-07-15 | Zoom Apps and SDKs - Race Condition |
| CVE-2024-39826 | 2024-07-15 | Zoom Workplace Apps and SDKs - Path traversal |
| CVE-2024-39827 | 2024-07-15 | Zoom Workplace Desktop App for Windows - Improper Input Validation |
| CVE-2024-39819 | 2024-07-15 | Zoom Workplace Apps and SDK for Windows - Improper Privilege Management |
| CVE-2024-39820 | 2024-07-15 | Zoom Workplace Desktop App for macOS - Uncontrolled Search Path Element |
| CVE-2024-39821 | 2024-07-15 | Zoom Workplace App for Windows and Zoom Rooms App for Windows - Race Condition |
| CVE-2024-40631 | 2024-07-15 | Cross-site Scripting (XSS) in media embed element when using custom URL parsers in plate media |
| CVE-2024-40630 | 2024-07-15 | HEIF Heap OOB Read in OpenImageIO |
| CVE-2024-40627 | 2024-07-15 | OpaMiddleware does not filter HTTP OPTIONS requests |
| CVE-2024-40624 | 2024-07-15 | Deserialization of untrusted data in torrentpier/torrentpier |
| CVE-2024-39915 | 2024-07-15 | Authenticated remote code execution in Thruk |
| CVE-2024-39912 | 2024-07-15 | Enumeration of valid usernames in web-auth/webauthn-lib |
| CVE-2024-38360 | 2024-07-15 | Denial of service via Watched Words in Discourse |
| CVE-2024-39918 | 2024-07-15 | Path Traveral in @jmondi/url-to-png |
| CVE-2024-39919 | 2024-07-15 | Capture screenshot of localhost web services (unauthenticated pages) in @jmondi/url-to-png |
| CVE-2024-4224 | 2024-07-15 | TP-Link TL-SG1016DE XSS |
| CVE-2024-40632 | 2024-07-15 | Linkerd potential access to the shutdown endpoint |
| CVE-2024-4143 | 2024-07-15 | Certain HP PC products using AMI BIOS – Buffer Overflow |
| CVE-2019-16639 | 2024-07-16 | An issue was found on the Ruijie EG-2000 series gateway. There is a newcli.php API interface without access control, which can allow an attacker (who only has web interface access)... |
| CVE-2019-16640 | 2024-07-16 | An issue was found in upload.php on the Ruijie EG-2000 series gateway. A parameter passed to the class UploadFile is mishandled (%00 and /var/./html are not checked), which can allow... |
| CVE-2019-16641 | 2024-07-16 | An issue was found on the Ruijie EG-2000 series gateway. There is a buffer overflow in client.so. Consequently, an attacker can use login.php to login to any account, without providing... |
| CVE-2023-31456 | 2024-07-16 | There is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, where the server can be forced to make arbitrary requests to internal and external... |
| CVE-2024-33180 | 2024-07-16 | Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo. |
| CVE-2024-33181 | 2024-07-16 | Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceMac parameter at ip/goform/addWifiMacFilter. |
| CVE-2024-33182 | 2024-07-16 | Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter. |
| CVE-2024-35338 | 2024-07-16 | Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root. |
| CVE-2024-39036 | 2024-07-16 | SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php. |
| CVE-2024-40129 | 2024-07-16 | Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c. |
| CVE-2024-40130 | 2024-07-16 | open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c. |
| CVE-2024-40322 | 2024-07-16 | An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data |
| CVE-2024-40392 | 2024-07-16 | SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php. |
| CVE-2024-40394 | 2024-07-16 | Simple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an arbitrary file upload vulnerability via the component ajax.php. |
| CVE-2024-40425 | 2024-07-16 | File Upload vulnerability in Nanjin Xingyuantu Technology Co Sparkshop (Spark Mall B2C Mall v.1.1.6 and before allows a remote attacker to execute arbitrary code via the contorller/common.php component. |
| CVE-2024-40456 | 2024-07-16 | ThinkSAAS v3.7.0 was discovered to contain a SQL injection vulnerability via the name parameter at \system\action\update.php. |
| CVE-2024-40503 | 2024-07-16 | An issue in Tenda AX12 v.16.03.49.18_cn+ allows a remote attacker to cause a denial of service via the Routing functionality and ICMP packet handling. |
| CVE-2024-40505 | 2024-07-16 | Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component. |
| CVE-2024-40515 | 2024-07-16 | An issue in SHENZHEN TENDA TECHNOLOGY CO.,LTD Tenda AX2pro V16.03.29.48_cn allows a remote attacker to execute arbitrary code via the Routing functionality. |
| CVE-2024-40516 | 2024-07-16 | An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality. |
| CVE-2024-40535 | 2024-07-16 | Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a stack overflow via the apn_name_3g parameter in the config_3g_para function. |
| CVE-2024-40536 | 2024-07-16 | Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 were discovered to contain a stack overflow via the pin_3g_code parameter in the config_3g_para function. |
| CVE-2019-16638 | 2024-07-16 | An issue was found on the Ruijie EG-2000 series gateway. An attacker can easily dump cleartext stored passwords in /data/config.text with simple XORs. This affects EG-2000SE EG_RGOS 11.1(1)B1. |
| CVE-2024-40393 | 2024-07-16 | Online Clinic Management System In PHP With Free Source code v1.0 was discovered to contain a SQL injection vulnerability via the user parameter at login.php. |
| CVE-2024-40455 | 2024-07-16 | An arbitrary file deletion vulnerability in ThinkSAAS v3.7 allows attackers to delete arbitrary files via a crafted request. |
| CVE-2024-6780 | 2024-07-16 | Improper permission control in com.android.server.telecom |
| CVE-2024-6557 | 2024-07-16 | SchedulePress <= 5.1.3 - Unauthenticated Full Path Disclosure |
| CVE-2024-6559 | 2024-07-16 | XCloner <= 4.7.3 - Unauthenticated Full Path Disclosure |
| CVE-2024-4780 | 2024-07-16 | Image Hover Effects – Elementor Addon <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via eihe_link Parameter |
| CVE-2023-52290 | 2024-07-16 | Apache StreamPark (incubating): Unchecked SQL query fields trigger SQL injection vulnerability |
| CVE-2024-41008 | 2024-07-16 | drm/amdgpu: change vm->task_info handling |
| CVE-2024-3779 | 2024-07-16 | Denial of Service in ESET products for Windows |
| CVE-2024-2691 | 2024-07-16 | WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events' Shortcode |
| CVE-2024-5852 | 2024-07-16 | WordPress File Upload <= 4.24.7 - Authenticated (Contributor+) Directory Traversal |
| CVE-2024-6570 | 2024-07-16 | Glossary <= 2.2.26 - Unauthenticated Full Path Disclosure |
| CVE-2024-6565 | 2024-07-16 | AForms <= 2.2.6 - Unauthenticated Full Path Disclosure |
| CVE-2024-3587 | 2024-07-16 | Premium Portfolio Features for Phlox theme <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via ' Grid Portfolios' |
| CVE-2024-1937 | 2024-07-16 | Brizy – Page Builder <= 2.4.44 - Missing Authorization to Authenticated (Contributor+) Post Modification |
| CVE-2024-39887 | 2024-07-16 | Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions |
| CVE-2024-6579 | 2024-07-16 | Web and WooCommerce Addons for WPBakery Builder <= 1.4.5 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification |
| CVE-2023-52886 | 2024-07-16 | USB: core: Fix race by not overwriting udev->descriptor in hub_port_init() |
| CVE-2024-6621 | 2024-07-16 | WP RSS Aggregator <= 4.23.11 - Missing Authorization to Authenticated (Subscriber+) Feed State Update |
| CVE-2024-6457 | 2024-07-16 | HUSKY - Products Filter Professional for WooCommerce <= 1.3.6 - Unauthenticated Time-Based SQL Injection |
| CVE-2022-48773 | 2024-07-16 | xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create |
| CVE-2022-48774 | 2024-07-16 | dmaengine: ptdma: Fix the error handling path in pt_core_init() |
| CVE-2022-48775 | 2024-07-16 | Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj |
| CVE-2022-48776 | 2024-07-16 | mtd: parsers: qcom: Fix missing free for pparts in cleanup |
| CVE-2022-48777 | 2024-07-16 | mtd: parsers: qcom: Fix kernel panic on skipped partition |
| CVE-2022-48778 | 2024-07-16 | mtd: rawnand: gpmi: don't leak PM reference in error path |
| CVE-2022-48779 | 2024-07-16 | net: mscc: ocelot: fix use-after-free in ocelot_vlan_del() |
| CVE-2022-48780 | 2024-07-16 | net/smc: Avoid overwriting the copies of clcsock callback functions |
| CVE-2022-48781 | 2024-07-16 | crypto: af_alg - get rid of alg_memory_allocated |
| CVE-2022-48782 | 2024-07-16 | mctp: fix use after free |
| CVE-2022-48783 | 2024-07-16 | net: dsa: lantiq_gswip: fix use after free in gswip_remove() |
| CVE-2022-48784 | 2024-07-16 | cfg80211: fix race in netlink owner interface destruction |
| CVE-2022-48785 | 2024-07-16 | ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() |
| CVE-2021-47622 | 2024-07-16 | scsi: ufs: Fix a deadlock in the error handler |
| CVE-2021-47623 | 2024-07-16 | powerpc/fixmap: Fix VM debug warning on unmap |
| CVE-2021-47624 | 2024-07-16 | net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change |
| CVE-2022-48786 | 2024-07-16 | vsock: remove vsock from connected table when connect is interrupted by a signal |
| CVE-2022-48787 | 2024-07-16 | iwlwifi: fix use-after-free |
| CVE-2022-48788 | 2024-07-16 | nvme-rdma: fix possible use-after-free in transport error_recovery work |
| CVE-2022-48789 | 2024-07-16 | nvme-tcp: fix possible use-after-free in transport error_recovery work |
| CVE-2022-48790 | 2024-07-16 | nvme: fix a possible use-after-free in controller reset during load |
| CVE-2022-48791 | 2024-07-16 | scsi: pm8001: Fix use-after-free for aborted TMF sas_task |
| CVE-2022-48792 | 2024-07-16 | scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task |
| CVE-2022-48793 | 2024-07-16 | KVM: x86: nSVM: fix potential NULL derefernce on nested migration |
| CVE-2022-48794 | 2024-07-16 | net: ieee802154: at86rf230: Stop leaking skb's |
| CVE-2022-48795 | 2024-07-16 | parisc: Fix data TLB miss in sba_unmap_sg |
| CVE-2022-48796 | 2024-07-16 | iommu: Fix potential use-after-free during probe |
| CVE-2022-48797 | 2024-07-16 | mm: don't try to NUMA-migrate COW pages that have other uses |
| CVE-2022-48798 | 2024-07-16 | s390/cio: verify the driver availability for path_event call |
| CVE-2022-48799 | 2024-07-16 | perf: Fix list corruption in perf_cgroup_switch() |
| CVE-2022-48800 | 2024-07-16 | mm: vmscan: remove deadlock due to throttling failing to make progress |