CVE List - 2024 / July
Showing 2801 - 2900 of 3115 CVEs for July 2024 (Page 29 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-40785 | 2024-07-29 | This issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3,... |
| CVE-2024-40818 | 2024-07-29 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6,... |
| CVE-2024-40789 | 2024-07-29 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS... |
| CVE-2024-40822 | 2024-07-29 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and... |
| CVE-2024-40834 | 2024-07-29 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may be... |
| CVE-2024-40835 | 2024-07-29 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS... |
| CVE-2024-40823 | 2024-07-29 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to access user-sensitive data. |
| CVE-2024-40788 | 2024-07-29 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS... |
| CVE-2024-27877 | 2024-07-29 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Processing a maliciously crafted file may lead to... |
| CVE-2024-40784 | 2024-07-29 | An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS... |
| CVE-2024-40803 | 2024-07-29 | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An attacker may be able to cause... |
| CVE-2024-27882 | 2024-07-29 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected... |
| CVE-2024-40815 | 2024-07-29 | A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. A malicious... |
| CVE-2024-40799 | 2024-07-29 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS... |
| CVE-2024-40776 | 2024-07-29 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6,... |
| CVE-2024-40824 | 2024-07-29 | This issue was addressed through improved state management. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able... |
| CVE-2024-40832 | 2024-07-29 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. An app may be able to view a contact's phone number in system logs. |
| CVE-2024-40795 | 2024-07-29 | This issue was addressed with improved data protection. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able... |
| CVE-2024-40812 | 2024-07-29 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS... |
| CVE-2024-40804 | 2024-07-29 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6. A malicious application may be able to access private information. |
| CVE-2024-40783 | 2024-07-29 | The issue was addressed with improved restriction of data container access. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious application may be... |
| CVE-2024-40828 | 2024-07-29 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A malicious app may be able to gain root... |
| CVE-2024-40829 | 2024-07-29 | The issue was addressed with improved checks. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8. An attacker may... |
| CVE-2024-40782 | 2024-07-29 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, Safari 17.6, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6,... |
| CVE-2024-40805 | 2024-07-29 | A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, tvOS 17.6. An app may be able... |
| CVE-2024-40813 | 2024-07-29 | A lock screen issue was addressed with improved state management. This issue is fixed in watchOS 10.6, iOS 17.6 and iPadOS 17.6. An attacker with physical access may be able... |
| CVE-2024-27884 | 2024-07-29 | This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 10.5, visionOS 1.2, tvOS 17.5, iOS 17.5 and iPadOS 17.5. An app may... |
| CVE-2024-40794 | 2024-07-29 | This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6, Safari 17.6. Private Browsing tabs may be accessed without... |
| CVE-2024-40833 | 2024-07-29 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. A shortcut may... |
| CVE-2024-27826 | 2024-07-29 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, macOS Sonoma 14.5, macOS Monterey 12.7.6, watchOS 10.5, visionOS 1.3, tvOS 17.5, iOS 17.5... |
| CVE-2024-27871 | 2024-07-29 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. An app may be able to access protected... |
| CVE-2024-40809 | 2024-07-29 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 and iPadOS 17.6, watchOS... |
| CVE-2024-27888 | 2024-07-29 | A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Sonoma 14.4. An app may be able to modify protected parts... |
| CVE-2024-40798 | 2024-07-29 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.6, iOS 16.7.9 and iPadOS 16.7.9, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An... |
| CVE-2024-40777 | 2024-07-29 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing... |
| CVE-2024-36572 | 2024-07-30 | Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue. |
| CVE-2024-38983 | 2024-07-30 | Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the _assign() method at (/lib/index.js:91) |
| CVE-2024-38984 | 2024-07-30 | Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via the __proto__ property. |
| CVE-2024-38986 | 2024-07-30 | Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge... |
| CVE-2024-39010 | 2024-07-30 | chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attemptNestedProperty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-39011 | 2024-07-30 | Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects. |
| CVE-2024-39012 | 2024-07-30 | ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via... |
| CVE-2024-40094 | 2024-07-30 | GraphQL Java (aka graphql-java) before 21.5 does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service via introspection queries. 20.9 and 19.11 are also fixed versions. |
| CVE-2024-41304 | 2024-07-30 | An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file. |
| CVE-2024-41305 | 2024-07-30 | A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl... |
| CVE-2024-41438 | 2024-07-30 | A heap buffer overflow in the function cp_stored() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. |
| CVE-2024-41439 | 2024-07-30 | A heap buffer overflow in the function cp_block() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. |
| CVE-2024-41440 | 2024-07-30 | A heap buffer overflow in the function png_quantize() of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. |
| CVE-2024-41610 | 2024-07-30 | D-Link DIR-820LW REVB FIRMWARE PATCH 2.03.B01_TC contains hardcoded credentials in the Telnet service, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands. |
| CVE-2024-41611 | 2024-07-30 | In D-Link DIR-860L REVA FIRMWARE PATCH 1.10..B04, the Telnet service contains hardcoded credentials, enabling attackers to log in remotely to the Telnet service and perform arbitrary commands. |
| CVE-2024-23091 | 2024-07-30 | Weak password hashing using MD5 in funzioni.php in HotelDruid before 1.32 allows an attacker to obtain plaintext passwords from hash values. |
| CVE-2024-38909 | 2024-07-30 | Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc. |
| CVE-2024-41437 | 2024-07-30 | A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. |
| CVE-2024-41443 | 2024-07-30 | A stack overflow in the function cp_dynamic() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. |
| CVE-2024-7212 | 2024-07-30 | TOTOLINK A7000R cstecgi.cgi loginauth buffer overflow |
| CVE-2024-7213 | 2024-07-30 | TOTOLINK A7000R cstecgi.cgi setWizardCfg buffer overflow |
| CVE-2024-7214 | 2024-07-30 | TOTOLINK LR350 cstecgi.cgi setWanCfg command injection |
| CVE-2024-7215 | 2024-07-30 | TOTOLINK LR1200 cstecgi.cgi NTPSyncWithHost command injection |
| CVE-2024-7216 | 2024-07-30 | TOTOLINK LR1200 shadow.sample hard-coded password |
| CVE-2024-7217 | 2024-07-30 | TOTOLINK CA300-PoE cstecgi.cgi loginauth buffer overflow |
| CVE-2024-7218 | 2024-07-30 | SourceCodester/Campcodes School Log Management System ajax.php cross site scripting |
| CVE-2024-7219 | 2024-07-30 | SourceCodester/Campcodes School Log Management System ajax.php sql injection |
| CVE-2024-1286 | 2024-07-30 | Paid Memberships Pro - Membership Maps Add On < 0.7 - Contributor+ Sensitive Information Disclosure |
| CVE-2024-1287 | 2024-07-30 | Paid Memberships Pro - Member Directory Add On < 1.2.6 - Contributor+ Sensitive Information Disclosure via SQLi |
| CVE-2024-3113 | 2024-07-30 | FormFlow < 2.12.2 - Admin+ Stored XSS |
| CVE-2024-3669 | 2024-07-30 | Web Directory Free < 1.7.2 - Reflected XSS |
| CVE-2024-3986 | 2024-07-30 | SportsPress < 2.7.22 - Admin+ Stored XSS |
| CVE-2024-4096 | 2024-07-30 | Responsive Tabs <= 4.0.8 - Contributor+ Stored XSS |
| CVE-2024-5765 | 2024-07-30 | WpStickyBar <= 2.1.0 - Unauthenticated SQLi |
| CVE-2024-7220 | 2024-07-30 | SourceCodester/Campcodes School Log Management System print_barcode.php sql injection |
| CVE-2024-5807 | 2024-07-30 | Business Card <= 1.0.0 - Admin+ File Upload |
| CVE-2024-5808 | 2024-07-30 | WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF |
| CVE-2024-5809 | 2024-07-30 | WP Ajax Contact Form <= 2.2.2 - Reflected Cross-Site Scripting |
| CVE-2024-5975 | 2024-07-30 | CZ Loan Management <= 1.1 - Unauthenticated SQLi |
| CVE-2024-6021 | 2024-07-30 | Donation Block for PayPal <= 2.1.0 - Unauthenticated Stored XSS |
| CVE-2024-6223 | 2024-07-30 | Send email only on Reply to My Comment <= 1.0.6 - Reflected XSS |
| CVE-2024-6224 | 2024-07-30 | Send email only on Reply to My Comment <= 1.0.6 - Stored XSS via CSRF |
| CVE-2024-6226 | 2024-07-30 | WpStickyBar <= 2.1.0 - Reflected XSS |
| CVE-2024-6230 | 2024-07-30 | Pardakht Delkhah <= 2.9.8 - Form Fields Reset via CSRF |
| CVE-2024-6536 | 2024-07-30 | Zephyr Project Manager < 3.3.99 - Editor+ XSS |
| CVE-2024-7221 | 2024-07-30 | SourceCodester/Campcodes School Log Management System manage_user.php sql injection |
| CVE-2024-7100 | 2024-07-30 | Bold Page Builder <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_button Shortcode |
| CVE-2024-7222 | 2024-07-30 | SourceCodester Lot Reservation Management System home.php sql injection |
| CVE-2024-7223 | 2024-07-30 | SourceCodester Lot Reservation Management System view_model.php sql injection |
| CVE-2023-52888 | 2024-07-30 | media: mediatek: vcodec: Only free buffer VA that is not NULL |
| CVE-2024-42099 | 2024-07-30 | s390/dasd: Fix invalid dereferencing of indirect CCW data pointer |
| CVE-2024-42100 | 2024-07-30 | clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common |
| CVE-2024-42101 | 2024-07-30 | drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes |
| CVE-2024-42102 | 2024-07-30 | Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" |
| CVE-2024-42103 | 2024-07-30 | btrfs: fix adding block group to a reclaim list and the unused list during reclaim |
| CVE-2024-42104 | 2024-07-30 | nilfs2: add missing check for inode numbers on directory entries |
| CVE-2024-42105 | 2024-07-30 | nilfs2: fix inode number range checks |
| CVE-2024-42106 | 2024-07-30 | inet_diag: Initialize pad field in struct inet_diag_req_v2 |
| CVE-2024-42107 | 2024-07-30 | ice: Don't process extts if PTP is disabled |
| CVE-2024-42108 | 2024-07-30 | net: rswitch: Avoid use-after-free in rswitch_poll() |
| CVE-2024-42109 | 2024-07-30 | netfilter: nf_tables: unconditionally flush pending work before notifier |
| CVE-2024-42110 | 2024-07-30 | net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() |
| CVE-2024-42111 | 2024-07-30 | btrfs: always do the basic checks for btrfs_qgroup_inherit structure |
| CVE-2024-42112 | 2024-07-30 | net: txgbe: free isb resources at the right time |
| CVE-2024-42113 | 2024-07-30 | net: txgbe: initialize num_q_vectors for MSI/INTx interrupts |