CVE List - 2024 / July
Showing 101 - 200 of 3115 CVEs for July 2024 (Page 2 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-38475 | 2024-07-01 | Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. |
| CVE-2024-38476 | 2024-07-01 | Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect |
| CVE-2024-38477 | 2024-07-01 | Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request |
| CVE-2024-39573 | 2024-07-01 | Apache HTTP Server: mod_rewrite proxy handler substitution |
| CVE-2024-36423 | 2024-07-01 | GHSL-2023-246: Flowise xss in /api/v1/public-chatflows/id |
| CVE-2024-37145 | 2024-07-01 | GHSL-2023-247: Flowise xss in /api/v1/chatflows-streaming/id |
| CVE-2024-37146 | 2024-07-01 | GHSL-2023-248: Flowise xss in /api/v1/credentials/id |
| CVE-2024-37298 | 2024-07-01 | Potential memory exhaustion attack due to sparse slice deserialization |
| CVE-2024-38513 | 2024-07-01 | Fiber Session Middleware Token Injection Vulnerability |
| CVE-2024-39303 | 2024-07-01 | Weblate vulnerabler to improper sanitization of project backups |
| CVE-2024-38366 | 2024-07-01 | CoacoaPods trunk RCE in email verification system rfc-822 |
| CVE-2024-5322 | 2024-07-01 | N-central Authentication Bypass via Session Rebinding |
| CVE-2024-38367 | 2024-07-01 | CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking |
| CVE-2024-28200 | 2024-07-01 | N-central Authentication Bypass |
| CVE-2024-38368 | 2024-07-01 | Trunk's 'Claim your pod' could be used to obtain un-used pods |
| CVE-2024-39305 | 2024-07-01 | Envoy Proxy use after free when route hash policy is configured with cookie attributes |
| CVE-2024-39309 | 2024-07-01 | ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability |
| CVE-2024-39310 | 2024-07-01 | WordPress Basil Theme Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability |
| CVE-2024-39313 | 2024-07-01 | toy-blog Improper Input Validation vulnerability |
| CVE-2024-39314 | 2024-07-01 | toy-blog administrative token leaked through the command line parameter |
| CVE-2022-25477 | 2024-07-02 | Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 leaks driver logs that contain addresses of... |
| CVE-2022-25478 | 2024-07-02 | Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and write access to the... |
| CVE-2022-25479 | 2024-07-02 | Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory... |
| CVE-2023-51777 | 2024-07-02 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error. |
| CVE-2024-22103 | 2024-07-02 | Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). |
| CVE-2024-22104 | 2024-07-02 | Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). |
| CVE-2024-22106 | 2024-07-02 | Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges, execute arbitrary code, or cause a Denial of Service (DoS). |
| CVE-2024-25086 | 2024-07-02 | Improper privilege management in Jungo WinDriver before 12.2.0 allows local attackers to escalate privileges and execute arbitrary code. |
| CVE-2024-25088 | 2024-07-02 | Improper privilege management in Jungo WinDriver before 12.5.1 allows local attackers to escalate privileges and execute arbitrary code. |
| CVE-2024-39119 | 2024-07-02 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close. |
| CVE-2024-39143 | 2024-07-02 | A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload. |
| CVE-2024-39206 | 2024-07-02 | An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 allows attackers to obtain network share credentials used in a backup due to enginesettings.list being encrypted with a hard coded... |
| CVE-2022-25480 | 2024-07-02 | Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows writing to kernel memory beyond the... |
| CVE-2023-51776 | 2024-07-02 | Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code. |
| CVE-2023-51778 | 2024-07-02 | Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.1.0 allows local attackers to cause a Windows blue screen error and Denial of Service (DoS). |
| CVE-2024-22102 | 2024-07-02 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0 allows local attackers to cause a Windows blue screen error. |
| CVE-2024-22105 | 2024-07-02 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1 allows local attackers to cause a Windows blue screen error. |
| CVE-2024-25087 | 2024-07-02 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0 allows local attackers to cause a Windows blue screen error. |
| CVE-2024-26314 | 2024-07-02 | Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code. |
| CVE-2024-39891 | 2024-07-02 | In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild... |
| CVE-2024-39894 | 2024-07-02 | OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against... |
| CVE-2024-4679 | 2024-07-02 | Folder Permission Vulnerability in JP1/Extensible SNMP Agent |
| CVE-2024-2819 | 2024-07-02 | File Permission Vulnerability in Hitachi Ops Center Common Services |
| CVE-2024-5938 | 2024-07-02 | Boot Store <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode |
| CVE-2024-5419 | 2024-07-02 | Void Contact Form 7 Widget For Elementor Page Builder <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7_redirect_page Attribute |
| CVE-2024-5349 | 2024-07-02 | LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-1427 | 2024-07-02 | The Post Grid <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag |
| CVE-2024-3999 | 2024-07-02 | EazyDocs < 2.5.0 - Admin+ Stored XSS |
| CVE-2024-4627 | 2024-07-02 | Rank Math SEO < 1.0.219 - Authenticated Stored XSS |
| CVE-2024-5606 | 2024-07-02 | Quiz And Survey Master < 9.0.2 - Contributor+ SQLi |
| CVE-2024-5767 | 2024-07-02 | Sitetweet <= 0.2 - Stored XSS via CSRF |
| CVE-2024-0158 | 2024-07-02 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability to modify a UEFI variable, leading to denial of... |
| CVE-2024-6172 | 2024-07-02 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe |
| CVE-2024-5219 | 2024-07-02 | Easy Google Maps <= 1.11.15 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2024-32852 | 2024-07-02 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of a broken or risky cryptographic algorithm vulnerability. An unprivileged network malicious attacker could potentially exploit this vulnerability, leading to data... |
| CVE-2024-32853 | 2024-07-02 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges. |
| CVE-2024-32854 | 2024-07-02 | Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privilege attacker could potentially exploit this vulnerability, leading to privilege escalation. |
| CVE-2024-37132 | 2024-07-02 | Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect privilege assignment vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service... |
| CVE-2024-37133 | 2024-07-02 | Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. |
| CVE-2024-37134 | 2024-07-02 | Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. |
| CVE-2024-37126 | 2024-07-02 | Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access. |
| CVE-2024-5504 | 2024-07-02 | Rife Elementor Extensions & Templates <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget |
| CVE-2024-3513 | 2024-07-02 | Ultimate Blocks – WordPress Blocks Plugin <= 3.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via title tag attribute |
| CVE-2024-5545 | 2024-07-02 | Motors – Car Dealer, Classifieds & Listing <= 1.4.9 - Missing Authorization |
| CVE-2024-5544 | 2024-07-02 | Media Library Assistant <= 3.17 - Reflected Cross-Site Scripting |
| CVE-2024-37479 | 2024-07-02 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Contributor+ Local File Inclusion vulnerability |
| CVE-2023-41917 | 2024-07-02 | Improper input validation in Kiloview P1/P2 devices allows for remote code execution |
| CVE-2023-41918 | 2024-07-02 | Missing Authentication for Critical Function in Kiloview P1/P2 devices |
| CVE-2023-41919 | 2024-07-02 | Use of Hard-coded Credentials in Kiloview P1/P2 devices |
| CVE-2023-41920 | 2024-07-02 | Authentication Bypass by Primary Weakness in Kiloview P1/P2 devices |
| CVE-2023-41921 | 2024-07-02 | Download of Code Without Integrity Check in Kiloview P1/P2 devices |
| CVE-2023-41922 | 2024-07-02 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Kiloview P1/P2 devices |
| CVE-2023-41923 | 2024-07-02 | Weak Password Requirements in Kiloview P1/P2 devices |
| CVE-2023-41926 | 2024-07-02 | Insufficiently protected credentials in Kiloview P1/P2 devices |
| CVE-2023-41927 | 2024-07-02 | Weak TLS Cipher Suites Supported in Kiloview P1/P2 devices |
| CVE-2023-41928 | 2024-07-02 | Remote server offers deprecated TLS protocol in Kiloview P1/P2 devices |
| CVE-2024-38857 | 2024-07-02 | Reflected links in visuals facilitate phishing attacks |
| CVE-2024-31071 | 2024-07-02 | Arkcompiler Ets Runtime has a type confusion vulnerability |
| CVE-2024-37030 | 2024-07-02 | Arkcompiler Ets Runtime has a use after free vulnerability |
| CVE-2024-36243 | 2024-07-02 | Arkcompiler Ets Runtime has an out-of-bounds read vulnerability |
| CVE-2024-36278 | 2024-07-02 | Arkcompiler Ets Runtime has a type confusion vulnerability |
| CVE-2024-36260 | 2024-07-02 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability |
| CVE-2024-37185 | 2024-07-02 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability |
| CVE-2024-37077 | 2024-07-02 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability |
| CVE-2024-5260 | 2024-07-02 | Sina Extension for Elementor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via read_more_text Parameter |
| CVE-2024-4836 | 2024-07-02 | LFI in sites managed by Edito CMS |
| CVE-2024-20888 | 2024-07-02 | Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability. |
| CVE-2024-20889 | 2024-07-02 | Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices. |
| CVE-2024-20890 | 2024-07-02 | Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior. |
| CVE-2024-20891 | 2024-07-02 | Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. |
| CVE-2024-20892 | 2024-07-02 | Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerability. |
| CVE-2024-20893 | 2024-07-02 | Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption. |
| CVE-2024-20894 | 2024-07-02 | Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this... |
| CVE-2024-20895 | 2024-07-02 | Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features. |
| CVE-2024-20896 | 2024-07-02 | Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. |
| CVE-2024-20897 | 2024-07-02 | Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. |
| CVE-2024-20898 | 2024-07-02 | Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. |
| CVE-2024-20899 | 2024-07-02 | Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. |
| CVE-2024-20900 | 2024-07-02 | Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication. |
| CVE-2024-20901 | 2024-07-02 | Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1 allows local attackers to write out-of-bounds memory. |