CVE List - 2024 / July
Showing 201 - 300 of 3117 CVEs for July 2024 (Page 3 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-20901 | 2024-07-02 | Improper input validation in copying data to buffer cache in... |
| CVE-2024-34583 | 2024-07-02 | Improper access control in system property prior to SMR Jul-2024... |
| CVE-2024-34585 | 2024-07-02 | Improper access control in launchApp of SystemUI prior to SMR... |
| CVE-2024-34586 | 2024-07-02 | Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release... |
| CVE-2024-34587 | 2024-07-02 | Improper input validation in parsing application information from RTCP packet... |
| CVE-2024-34588 | 2024-07-02 | Improper input validation혻in parsing RTCP SR packet in librtp.so prior... |
| CVE-2024-34589 | 2024-07-02 | Improper input validation in parsing RTCP RR packet in librtp.so... |
| CVE-2024-34590 | 2024-07-02 | Improper input validation혻in parsing an item type from RTCP SDES... |
| CVE-2024-34591 | 2024-07-02 | Improper input validation in parsing an item data from RTCP... |
| CVE-2024-34592 | 2024-07-02 | Improper input validation in parsing RTCP SDES packet in librtp.so... |
| CVE-2024-34593 | 2024-07-02 | Improper input validation in parsing and distributing RTCP packet in... |
| CVE-2024-34594 | 2024-07-02 | Exposure of sensitive information in proc file system prior to... |
| CVE-2024-34595 | 2024-07-02 | Improper access control in clickAdapterItem of SystemUI prior to SMR... |
| CVE-2024-34596 | 2024-07-02 | Improper authentication in SmartThings prior to version 1.8.17 allows remote... |
| CVE-2024-34597 | 2024-07-02 | Improper input validation in Samsung Health prior to version 6.27.0.113... |
| CVE-2024-34599 | 2024-07-02 | Improper input validation in Tips prior to version 6.2.9.4 in... |
| CVE-2024-34600 | 2024-07-02 | Improper verification of intent by broadcast receiver vulnerability in Samsung... |
| CVE-2024-34601 | 2024-07-02 | Improper verification of intent by broadcast receiver vulnerability in GalaxyStore... |
| CVE-2024-6011 | 2024-07-02 | Cost Calculator Builder <= 3.2.12 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-6012 | 2024-07-02 | Cost Calculator Builder <= 3.2.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Content Creation |
| CVE-2024-6438 | 2024-07-02 | Hitout Carsale OrderController.java sql injection |
| CVE-2024-6439 | 2024-07-02 | SourceCodester Home Owners Collection Management System unrestricted upload |
| CVE-2024-6440 | 2024-07-02 | SourceCodester Home Owners Collection Management System sql injection |
| CVE-2024-4268 | 2024-07-02 | Ultimate Blocks – WordPress Blocks Plugin <= 3.1.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Multiple Blocks |
| CVE-2024-6088 | 2024-07-02 | LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Registration Bypass |
| CVE-2024-6099 | 2024-07-02 | LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration |
| CVE-2024-6264 | 2024-07-02 | Post Meta Data Manager <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-6441 | 2024-07-02 | ORIPA LoaderXML.java deserialization |
| CVE-2024-32755 | 2024-07-02 | American Dynamics Illustra Essentials Gen 4 - Log Filter Input Validation |
| CVE-2024-36404 | 2024-07-02 | GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions |
| CVE-2024-34122 | 2024-07-02 | T5 Acrobat Vulnerability - Exploitable crash in DecodeTile |
| CVE-2024-38519 | 2024-07-02 | yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization |
| CVE-2024-32756 | 2024-07-02 | American Dynamics Illustra Essentials Gen 4 - Reversible User Credential - Linux |
| CVE-2024-32757 | 2024-07-02 | American Dynamics Illustra Essentials Gen 4 - Linux Credential Leak |
| CVE-2024-32932 | 2024-07-02 | American Dynamics Illustra Essentials Gen 4 - Reversible User Credential - stored web interface |
| CVE-2024-4897 | 2024-07-02 | Remote Code Execution in parisneo/lollms-webui |
| CVE-2024-3826 | 2024-07-02 | Broken SAML Validation |
| CVE-2024-5865 | 2024-07-02 | Arbitrary File Reading in Centrify PAS |
| CVE-2024-4467 | 2024-07-02 | Qemu-kvm: 'qemu-img info' leads to host file read/write |
| CVE-2024-39316 | 2024-07-02 | Rack ReDoS Vulnerability in HTTP Accept Headers Parsing |
| CVE-2024-5866 | 2024-07-02 | Arbitrary Directory Listing in Centrify PAS |
| CVE-2024-39323 | 2024-07-02 | aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account |
| CVE-2024-6381 | 2024-07-02 | MongoDB C Driver bson_strfreev may be susceptible to integer overflow |
| CVE-2024-6382 | 2024-07-02 | Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands. |
| CVE-2024-38537 | 2024-07-02 | Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js |
| CVE-2022-30636 | 2024-07-02 | Limited directory traversal vulnerability on Windows in golang.org/x/crypto |
| CVE-2023-24531 | 2024-07-02 | Output of "go env" does not sanitize values in cmd/go |
| CVE-2024-6452 | 2024-07-02 | linlinjava litemall AdminGoodscontroller.java sql injection |
| CVE-2024-39315 | 2024-07-02 | Pomerium exposed OAuth2 access and ID tokens in user info endpoint response |
| CVE-2024-39324 | 2024-07-02 | aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services |
| CVE-2024-39322 | 2024-07-02 | aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records |
| CVE-2024-39325 | 2024-07-02 | aimeos/ai-controller-frontend doesn't reset payment status in basket |
| CVE-2024-39326 | 2024-07-02 | SkillTree CSRF Vulnerability allows an attacker to modify the Video and Captions of a Skill |
| CVE-2024-24791 | 2024-07-02 | Denial of service due to improper 100-continue handling in net/http |
| CVE-2024-6453 | 2024-07-02 | itsourcecode Farm Management System sql injection |
| CVE-2024-4708 | 2024-07-02 | mySCADA myPRO Use of Hard-coded Password |
| CVE-2023-52168 | 2024-07-03 | The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz)... |
| CVE-2023-52169 | 2024-07-03 | The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz)... |
| CVE-2024-29506 | 2024-07-03 | Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in... |
| CVE-2024-29507 | 2024-07-03 | Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow... |
| CVE-2024-29510 | 2024-07-03 | Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox... |
| CVE-2024-29511 | 2024-07-03 | Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR,... |
| CVE-2024-33869 | 2024-07-03 | An issue was discovered in Artifex Ghostscript before 10.03.1. Path... |
| CVE-2024-33870 | 2024-07-03 | An issue was discovered in Artifex Ghostscript before 10.03.1. There... |
| CVE-2024-33871 | 2024-07-03 | An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c... |
| CVE-2024-37726 | 2024-07-03 | Insecure Permissions vulnerability in Micro-Star International Co., Ltd MSI Center... |
| CVE-2024-38453 | 2024-07-03 | The Avalara for Salesforce CPQ app before 7.0 for Salesforce... |
| CVE-2024-39220 | 2024-07-03 | BAS-IP AV-01D, AV-01MD, AV-01MFD, AV-01ED, AV-01KD, AV-01BD, AV-01KBD, AV-02D, AV-02IDE,... |
| CVE-2024-39223 | 2024-07-03 | An authentication bypass in the SSH service of gost v2.11.5... |
| CVE-2024-39844 | 2024-07-03 | In ZNC before 1.9.1, remote code execution can occur in... |
| CVE-2024-39920 | 2024-07-03 | The TCP protocol in RFC 9293 has a timing side... |
| CVE-2024-29508 | 2024-07-03 | Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable... |
| CVE-2024-29509 | 2024-07-03 | Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword... |
| CVE-2024-39248 | 2024-07-03 | A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows attackers... |
| CVE-2024-32673 | 2024-07-03 | Improper Validation of Array Index vulnerability in Samsung Open Source... |
| CVE-2024-4543 | 2024-07-03 | Snippet Shortcodes <= 4.1.4 - Cross-Site Request Forgery |
| CVE-2024-2040 | 2024-07-03 | Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF |
| CVE-2024-2231 | 2024-07-03 | Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR |
| CVE-2024-2233 | 2024-07-03 | Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section |
| CVE-2024-2234 | 2024-07-03 | Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS |
| CVE-2024-2235 | 2024-07-03 | Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF |
| CVE-2024-2375 | 2024-07-03 | WPQA < 6.1.1 - Contributor+ Stored XSS |
| CVE-2024-2376 | 2024-07-03 | WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF |
| CVE-2024-37082 | 2024-07-03 | When deploying Cloud Foundry together with the haproxy-boshrelease and using... |
| CVE-2024-4482 | 2024-07-03 | The Plus Addons for Elementor <= 5.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget |
| CVE-2024-6340 | 2024-07-03 | Premium Addons for Elementor <= 4.10.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget |
| CVE-2024-6263 | 2024-07-03 | WP Lightbox 2 <= 3.0.6.6 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-36257 | 2024-07-03 | Lack of permission check when updating the profile picture of a remote user (shared channels enabled) |
| CVE-2024-39807 | 2024-07-03 | Channel IDs of archived/restored channels leaked via webhook events |
| CVE-2024-39830 | 2024-07-03 | Timing attack during remote cluster token comparison when shared channels are enabled |
| CVE-2024-39361 | 2024-07-03 | Creating posts with user-defined IDs permitted in CreatePost API |
| CVE-2024-39353 | 2024-07-03 | RemoteClusterFrame payloads are audit logged in full |
| CVE-2024-6428 | 2024-07-03 | Limited DoS due to permitting creating users with user-defined IDs |
| CVE-2024-6469 | 2024-07-03 | playSMS Template injection |
| CVE-2024-6426 | 2024-07-03 | Information exposure vulnerability vulnerability in MESbook |
| CVE-2024-6427 | 2024-07-03 | Uncontrolled Resource Consumption vulnerability in MESbook |
| CVE-2024-5672 | 2024-07-03 | Red Lion Europe: mbNET.mini vulnerable to OS command injection |
| CVE-2024-6470 | 2024-07-03 | playSMS Template injection |
| CVE-2024-6471 | 2024-07-03 | SourceCodester Online Tours & Travels Management sms_setting.php sql injection |
| CVE-2024-32937 | 2024-07-03 | An os command injection vulnerability exists in the CWMP SelfDefinedTimeZone... |