CVE List - 2024 / July
Showing 501 - 600 of 3115 CVEs for July 2024 (Page 6 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-6227 | 2024-07-08 | Infinite Loop in aimhubio/aim |
| CVE-2024-38372 | 2024-07-08 | Undici vulnerable to data leak when using response.arrayBuffer() |
| CVE-2024-5971 | 2024-07-08 | Undertow: response write hangs in case of java 17 tlsv1.3 newsessionticket |
| CVE-2024-3653 | 2024-07-08 | Undertow: learningpushhandler can lead to remote memory dos attacks |
| CVE-2024-28882 | 2024-07-08 | OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session |
| CVE-2023-48194 | 2024-07-09 | Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained. |
| CVE-2023-50805 | 2024-07-09 | A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200,... |
| CVE-2023-50806 | 2024-07-09 | A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850 Exynos 1080, Exynos 2100, Exynos 2200,... |
| CVE-2023-50807 | 2024-07-09 | A vulnerability was discovered in Samsung Wearable Processor and Modems with versions Exynos 9110, Exynos Modem 5123, Exynos Modem 5300 that allows an out-of-bounds write in the heap in 2G... |
| CVE-2024-27361 | 2024-07-09 | A vulnerability was discovered in Samsung Mobile Processor Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, and Exynos 2400 that involves a time-of-check to... |
| CVE-2024-27363 | 2024-07-09 | A vulnerability was discovered in Samsung Mobile Processor Exynos 850, Exynos 9610, Exynos 980, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, and Exynos W930 where it does not properly... |
| CVE-2024-27385 | 2024-07-09 | A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for rx coming from userspace,... |
| CVE-2024-27386 | 2024-07-09 | A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for tx coming from userspace,... |
| CVE-2024-28067 | 2024-07-09 | A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to... |
| CVE-2024-28068 | 2024-07-09 | A vulnerability was discovered in SS in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100,... |
| CVE-2024-29153 | 2024-07-09 | A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200,... |
| CVE-2024-36526 | 2024-07-09 | ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key. |
| CVE-2024-36676 | 2024-07-09 | Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms. |
| CVE-2024-37829 | 2024-07-09 | An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafted magic sign-in link. |
| CVE-2024-37830 | 2024-07-09 | An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie. |
| CVE-2024-37865 | 2024-07-09 | An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component. |
| CVE-2024-37870 | 2024-07-09 | SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2024-37871 | 2024-07-09 | SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter. |
| CVE-2024-37872 | 2024-07-09 | SQL injection vulnerability in process.php in Itsourcecode Billing System in PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| CVE-2024-37873 | 2024-07-09 | SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2024-38959 | 2024-07-09 | Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter. |
| CVE-2024-38963 | 2024-07-09 | Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the combined "AddProductReview.Title" and "AddProductReview.ReviewText" parameter(s) (Reviews) when creating a new review. |
| CVE-2024-38972 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/. |
| CVE-2024-39031 | 2024-07-09 | In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including... |
| CVE-2024-39063 | 2024-07-09 | Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only checked when passed in the body of POST requests, but the same check isn't... |
| CVE-2024-39069 | 2024-07-09 | An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers to execute arbitrary code via a DLL hijacking attack. |
| CVE-2024-39071 | 2024-07-09 | Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php. |
| CVE-2024-39072 | 2024-07-09 | AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnerable to SQL injection via manager/conference/calendar_remind.php. |
| CVE-2024-39171 | 2024-07-09 | Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file... |
| CVE-2024-39181 | 2024-07-09 | Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 was discovered to contain a buffer overflow via the ApCliSsid parameter in thegenerate_conf_router() function. This vulnerability allows attackers to cause a Denial of... |
| CVE-2024-40034 | 2024-07-09 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del |
| CVE-2024-40035 | 2024-07-09 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add. |
| CVE-2024-40036 | 2024-07-09 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close |
| CVE-2024-40037 | 2024-07-09 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del |
| CVE-2024-40038 | 2024-07-09 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev |
| CVE-2024-40726 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/. |
| CVE-2024-40727 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/. |
| CVE-2024-40728 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/. |
| CVE-2024-40729 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/. |
| CVE-2024-40730 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/{id}/edit/. |
| CVE-2024-40731 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/{id}/edit/. |
| CVE-2024-40732 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/. |
| CVE-2024-40733 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/{id}/edit/. |
| CVE-2024-40734 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/. |
| CVE-2024-40735 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/. |
| CVE-2024-40736 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add. |
| CVE-2024-40738 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/. |
| CVE-2024-40739 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add. |
| CVE-2024-40740 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/. |
| CVE-2024-40741 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/{id}/edit/. |
| CVE-2024-40742 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add. |
| CVE-2024-40750 | 2024-07-09 | Linksys Velop Pro 6E 1.0.8 MX6200_1.0.8.215731 and 7 1.0.10.215314 devices send cleartext Wi-Fi passwords over the public Internet during app-based installation. |
| CVE-2024-27360 | 2024-07-09 | A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly... |
| CVE-2024-27362 | 2024-07-09 | A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data,... |
| CVE-2024-31957 | 2024-07-09 | A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial... |
| CVE-2024-38970 | 2024-07-09 | vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management administrator function. |
| CVE-2024-38971 | 2024-07-09 | vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend. |
| CVE-2024-39118 | 2024-07-09 | Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up. |
| CVE-2024-40039 | 2024-07-09 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del |
| CVE-2024-40737 | 2024-07-09 | A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add. |
| CVE-2024-5549 | 2024-07-09 | Data leak through CORS misconfiguration in stitionai/devika |
| CVE-2024-5569 | 2024-07-09 | Denial of Service via crafted zip file in jaraco/zipp |
| CVE-2024-34786 | 2024-07-09 | UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change and/or... |
| CVE-2024-22020 | 2024-07-09 | A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on... |
| CVE-2024-5855 | 2024-07-09 | Media Hygiene <= 3.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion |
| CVE-2024-5793 | 2024-07-09 | Houzez Theme - Functionality <= 3.2.2 - Authenticated (Seller+) SQL Injection |
| CVE-2024-4944 | 2024-07-09 | Mobile VPN with SSL Local Privilege Escalation Vulnerability |
| CVE-2024-5974 | 2024-07-09 | Firebox Authenticated Buffer Overflow Vulnerability |
| CVE-2024-6365 | 2024-07-09 | Product Table by WBW <= 2.0.1 - Unauthenticated Remote Code Execution |
| CVE-2024-39592 | 2024-07-09 | [CVE-2024-39592] Missing Authorization check in SAP PDCE |
| CVE-2024-39597 | 2024-07-09 | [CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP Commerce |
| CVE-2024-39593 | 2024-07-09 | [CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape Management |
| CVE-2024-34685 | 2024-07-09 | [CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor |
| CVE-2024-37173 | 2024-07-09 | [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI) |
| CVE-2024-37174 | 2024-07-09 | [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI) |
| CVE-2024-39598 | 2024-07-09 | [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI) |
| CVE-2024-37175 | 2024-07-09 | [Multiple CVEs] Multiple vulnerabilities in SAP CRM (WebClient UI) |
| CVE-2024-39594 | 2024-07-09 | [CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation |
| CVE-2024-39595 | 2024-07-09 | [CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation |
| CVE-2024-37172 | 2024-07-09 | [CVE-2024-37172] Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management) |
| CVE-2024-34689 | 2024-07-09 | [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services) |
| CVE-2024-39600 | 2024-07-09 | [CVE-2024-39600] Information Disclosure vulnerability in SAP GUI for Windows |
| CVE-2024-37171 | 2024-07-09 | [CVE-2024-37171] Server-Side Request Forgery (SSRF) in SAP Transportation Management (Collaboration Portal) |
| CVE-2024-39599 | 2024-07-09 | [CVE-2024-39599] Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-39596 | 2024-07-09 | [CVE-2024-39596] Missing Authorization check vulnerability in SAP Enable Now |
| CVE-2024-6171 | 2024-07-09 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - IP Address Spoofing to Antispam Bypass |
| CVE-2024-6166 | 2024-07-09 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Time-Based SQL Injection |
| CVE-2024-4667 | 2024-07-09 | Blog, Posts and Category Filter for Elementor <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post and Category Filter Widget |
| CVE-2024-6170 | 2024-07-09 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'email' |
| CVE-2024-6169 | 2024-07-09 | Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.112 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'username' |
| CVE-2024-37180 | 2024-07-09 | [CVE-2024-37180] Information Disclosure vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-34692 | 2024-07-09 | [CVE-2024-34692] Unrestricted File upload vulnerability in SAP Enable Now |
| CVE-2024-5441 | 2024-07-09 | Modern Events Calendar <= 7.11.0 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-3410 | 2024-07-09 | DN Footer Contacts < 1.6.3 - Admin+ Stored XSS |
| CVE-2024-5488 | 2024-07-09 | SEOPress < 7.9 - Unauthenticated Object Injection |