CVE List - 2024 / July
Showing 201 - 300 of 3115 CVEs for July 2024 (Page 3 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-34583 | 2024-07-02 | Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier. |
| CVE-2024-34585 | 2024-07-02 | Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. |
| CVE-2024-34586 | 2024-07-02 | Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy. |
| CVE-2024-34587 | 2024-07-02 | Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction... |
| CVE-2024-34588 | 2024-07-02 | Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering... |
| CVE-2024-34589 | 2024-07-02 | Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for... |
| CVE-2024-34590 | 2024-07-02 | Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction... |
| CVE-2024-34591 | 2024-07-02 | Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User... |
| CVE-2024-34592 | 2024-07-02 | Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for... |
| CVE-2024-34593 | 2024-07-02 | Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is... |
| CVE-2024-34594 | 2024-07-02 | Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address. |
| CVE-2024-34595 | 2024-07-02 | Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. |
| CVE-2024-34596 | 2024-07-02 | Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner. |
| CVE-2024-34597 | 2024-07-02 | Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering... |
| CVE-2024-34599 | 2024-07-02 | Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege. |
| CVE-2024-34600 | 2024-07-02 | Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage. |
| CVE-2024-34601 | 2024-07-02 | Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore. |
| CVE-2024-6011 | 2024-07-02 | Cost Calculator Builder <= 3.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-6012 | 2024-07-02 | Cost Calculator Builder <= 3.2.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Creation |
| CVE-2024-6438 | 2024-07-02 | Hitout Carsale OrderController.java sql injection |
| CVE-2024-6439 | 2024-07-02 | SourceCodester Home Owners Collection Management System unrestricted upload |
| CVE-2024-6440 | 2024-07-02 | SourceCodester Home Owners Collection Management System sql injection |
| CVE-2024-4268 | 2024-07-02 | Ultimate Blocks – WordPress Blocks Plugin <= 3.1.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Multiple Blocks |
| CVE-2024-6088 | 2024-07-02 | LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Registration Bypass |
| CVE-2024-6099 | 2024-07-02 | LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration |
| CVE-2024-6264 | 2024-07-02 | Post Meta Data Manager <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-6441 | 2024-07-02 | ORIPA LoaderXML.java deserialization |
| CVE-2024-32755 | 2024-07-02 | American Dynamics Illustra Essentials Gen 4 - Log Filter Input Validation |
| CVE-2024-36404 | 2024-07-02 | GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions |
| CVE-2024-34122 | 2024-07-02 | T5 Acrobat Vulnerability - Exploitable crash in DecodeTile |
| CVE-2024-38519 | 2024-07-02 | yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization |
| CVE-2024-32756 | 2024-07-02 | American Dynamics Illustra Essentials Gen 4 - Reversible User Credential - Linux |
| CVE-2024-32757 | 2024-07-02 | American Dynamics Illustra Essentials Gen 4 - Linux Credential Leak |
| CVE-2024-32932 | 2024-07-02 | American Dynamics Illustra Essentials Gen 4 - Reversible User Credential - stored web interface |
| CVE-2024-4897 | 2024-07-02 | Remote Code Execution in parisneo/lollms-webui |
| CVE-2024-3826 | 2024-07-02 | Broken SAML Validation |
| CVE-2024-5865 | 2024-07-02 | Arbitrary File Reading in Centrify PAS |
| CVE-2024-4467 | 2024-07-02 | Qemu-kvm: 'qemu-img info' leads to host file read/write |
| CVE-2024-39316 | 2024-07-02 | Rack ReDoS Vulnerability in HTTP Accept Headers Parsing |
| CVE-2024-5866 | 2024-07-02 | Arbitrary Directory Listing in Centrify PAS |
| CVE-2024-39323 | 2024-07-02 | aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account |
| CVE-2024-6381 | 2024-07-02 | MongoDB C Driver bson_strfreev may be susceptible to integer overflow |
| CVE-2024-6382 | 2024-07-02 | Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands. |
| CVE-2024-38537 | 2024-07-02 | Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js |
| CVE-2022-30636 | 2024-07-02 | Limited directory traversal vulnerability on Windows in golang.org/x/crypto |
| CVE-2023-24531 | 2024-07-02 | Output of "go env" does not sanitize values in cmd/go |
| CVE-2024-6452 | 2024-07-02 | linlinjava litemall AdminGoodscontroller.java sql injection |
| CVE-2024-39315 | 2024-07-02 | Pomerium exposed OAuth2 access and ID tokens in user info endpoint response |
| CVE-2024-39324 | 2024-07-02 | aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services |
| CVE-2024-39322 | 2024-07-02 | aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records |
| CVE-2024-39325 | 2024-07-02 | aimeos/ai-controller-frontend doesn't reset payment status in basket |
| CVE-2024-39326 | 2024-07-02 | SkillTree CSRF Vulnerability allows an attacker to modify the Video and Captions of a Skill |
| CVE-2024-24791 | 2024-07-02 | Denial of service due to improper 100-continue handling in net/http |
| CVE-2024-6453 | 2024-07-02 | itsourcecode Farm Management System sql injection |
| CVE-2024-4708 | 2024-07-02 | mySCADA myPRO Use of Hard-coded Password |
| CVE-2024-29506 | 2024-07-03 | Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. |
| CVE-2024-29507 | 2024-07-03 | Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters. |
| CVE-2024-29510 | 2024-07-03 | Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. |
| CVE-2024-29511 | 2024-07-03 | Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage.... |
| CVE-2024-33869 | 2024-07-03 | An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions... |
| CVE-2024-33870 | 2024-07-03 | An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths.... |
| CVE-2024-33871 | 2024-07-03 | An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver... |
| CVE-2024-37726 | 2024-07-03 | Insecure Permissions vulnerability in Micro-Star International Co., Ltd MSI Center v.2.0.36.0 allows a local attacker to escalate privileges via the Export System Info function in MSI.CentralServer.exe |
| CVE-2024-38453 | 2024-07-03 | The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024. |
| CVE-2024-39220 | 2024-07-03 | BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE, AV-02IDR, AV-02IPD, AV-02FDE, AV-02FDR, AV-03D, AV-03BD, AV-04AFD, AV-04ASD, AV-04FD, AV-04SD, AV-05FD, AV-05SD, AA-07BD, AA-07BDI, BA-04BD, BA-04MD, BA-08BD, BA-08MD, BA-12BD, BA-12MD,... |
| CVE-2024-39223 | 2024-07-03 | An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey |
| CVE-2024-39844 | 2024-07-03 | In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. |
| CVE-2024-39920 | 2024-07-03 | The TCP protocol in RFC 9293 has a timing side channel that makes it easier for remote attackers to infer the content of one TCP connection from a client system... |
| CVE-2023-52168 | 2024-07-03 | The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer... |
| CVE-2023-52169 | 2024-07-03 | The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended... |
| CVE-2024-29508 | 2024-07-03 | Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. |
| CVE-2024-29509 | 2024-07-03 | Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle. |
| CVE-2024-39248 | 2024-07-03 | A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php. |
| CVE-2024-32673 | 2024-07-03 | Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue. This issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956. |
| CVE-2024-4543 | 2024-07-03 | Snippet Shortcodes <= 4.1.4 - Cross-Site Request Forgery |
| CVE-2024-2040 | 2024-07-03 | Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF |
| CVE-2024-2231 | 2024-07-03 | Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR |
| CVE-2024-2233 | 2024-07-03 | Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section |
| CVE-2024-2234 | 2024-07-03 | Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS |
| CVE-2024-2235 | 2024-07-03 | Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF |
| CVE-2024-2375 | 2024-07-03 | WPQA < 6.1.1 - Contributor+ Stored XSS |
| CVE-2024-2376 | 2024-07-03 | WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF |
| CVE-2024-37082 | 2024-07-03 | When deploying Cloud Foundry together with the haproxy-boshrelease and using a non default configuration, it might be possible to craft HTTP requests that bypass mTLS authentication to Cloud Foundry applications.... |
| CVE-2024-4482 | 2024-07-03 | The Plus Addons for Elementor <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget |
| CVE-2024-6340 | 2024-07-03 | Premium Addons for Elementor <= 4.10.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget |
| CVE-2024-6263 | 2024-07-03 | WP Lightbox 2 <= 3.0.6.6 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-36257 | 2024-07-03 | Lack of permission check when updating the profile picture of a remote user (shared channels enabled) |
| CVE-2024-39807 | 2024-07-03 | Channel IDs of archived/restored channels leaked via webhook events |
| CVE-2024-39830 | 2024-07-03 | Timing attack during remote cluster token comparison when shared channels are enabled |
| CVE-2024-39361 | 2024-07-03 | Creating posts with user-defined IDs permitted in CreatePost API |
| CVE-2024-39353 | 2024-07-03 | RemoteClusterFrame payloads are audit logged in full |
| CVE-2024-6428 | 2024-07-03 | Limited DoS due to permitting creating users with user-defined IDs |
| CVE-2024-6469 | 2024-07-03 | playSMS Template injection |
| CVE-2024-6426 | 2024-07-03 | Information exposure vulnerability vulnerability in MESbook |
| CVE-2024-6427 | 2024-07-03 | Uncontrolled Resource Consumption vulnerability in MESbook |
| CVE-2024-5672 | 2024-07-03 | Red Lion Europe: mbNET.mini vulnerable to OS command injection |
| CVE-2024-6470 | 2024-07-03 | playSMS Template injection |
| CVE-2024-6471 | 2024-07-03 | SourceCodester Online Tours & Travels Management sms_setting.php sql injection |
| CVE-2024-32937 | 2024-07-03 | An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone functionality of Grandstream GXP2135 1.0.9.129, 1.0.11.74 and 1.0.11.79. A specially crafted network packet can lead to arbitrary command execution. An... |
| CVE-2024-6052 | 2024-07-03 | XSS in SQL check parameters |