CVE List - 2024 / August
Showing 1001 - 1100 of 2898 CVEs for August 2024 (Page 11 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-38742 | 2024-08-13 | WordPress MBE eShip plugin <= 2.1.2 - Sensitive Data Exposure vulnerability |
| CVE-2024-2259 | 2024-08-13 | Reflected XXS Vulnerability in InstaRISPACS Software |
| CVE-2024-38747 | 2024-08-13 | WordPress HitPay Payment Gateway for WooCommerce plugin <= 4.1.3 - Sensitive Data Exposure via Log File vulnerability |
| CVE-2024-38749 | 2024-08-13 | WordPress Olive One Click Demo Import plugin <= 1.1.2 - Sensitive Data Exposure vulnerability |
| CVE-2024-38752 | 2024-08-13 | WordPress Zoho Campaigns plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-38756 | 2024-08-13 | WordPress Coming Soon Page – Responsive Coming Soon & Maintenance Mode plugin <= 1.6.3 - Sensitive Data Exposure vulnerability |
| CVE-2024-38760 | 2024-08-13 | WordPress Send Users Email plugin <= 1.5.1 - Sensitive Data Exposure vulnerability |
| CVE-2024-38787 | 2024-08-13 | WordPress Import and export users and customers plugin <= 1.26.8 - Sensitive Information via Imported File vulnerability |
| CVE-2024-39642 | 2024-08-13 | WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability |
| CVE-2024-39651 | 2024-08-13 | WordPress WooCommerce PDF Vouchers plugin < 4.9.5 - Unauthenticated Arbitrary File Deletion vulnerability |
| CVE-2024-43121 | 2024-08-13 | WordPress HUSKY plugin <= 1.3.6.1 - Privilege Escalation vulnerability |
| CVE-2024-43128 | 2024-08-13 | WordPress WooCommerce Product Table Lite plugin <= 3.5.1 - Arbitrary Code Execution vulnerability |
| CVE-2024-43129 | 2024-08-13 | WordPress BetterDocs plugin <= 3.5.8 - Local File Inclusion vulnerability |
| CVE-2024-43131 | 2024-08-13 | WordPress Docket (WooCommerce Collections / Wishlist / Watchlist) plugin < 1.7.0 - Unauthenticated Arbitrary Post/Page Deletion vulnerability |
| CVE-2024-43135 | 2024-08-13 | WordPress WPCafe plugin <= 2.2.28 - Local File Inclusion vulnerability |
| CVE-2024-40697 | 2024-08-13 | IBM Common Licensing information disclosure |
| CVE-2024-41774 | 2024-08-13 | IBM Common Licensing cross-site scripting |
| CVE-2024-35124 | 2024-08-13 | IBM OpenBMC authentication bypass |
| CVE-2024-37287 | 2024-08-13 | Kibana arbitrary code execution via prototype pollution |
| CVE-2024-43138 | 2024-08-13 | WordPress Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 4.2.1 - Local File Inclusion vulnerability |
| CVE-2024-43140 | 2024-08-13 | WordPress Ultimate Bootstrap Elements for Elementor plugin <= 1.4.4 - Local File Inclusion vulnerability |
| CVE-2024-43141 | 2024-08-13 | WordPress Participants Database plugin <= 2.5.9.2 - PHP Object Injection vulnerability |
| CVE-2024-43153 | 2024-08-13 | WordPress Woffice theme <= 5.4.10 - Unauthenticated Privilege Escalation vulnerability |
| CVE-2024-43160 | 2024-08-13 | WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability |
| CVE-2024-43165 | 2024-08-13 | WordPress WPSection plugin <= 1.3.8 - Contributor+ Limited Local File Inclusion vulnerability |
| CVE-2024-3913 | 2024-08-13 | Phoenix Contact: Start sequence allows attack during the boot process |
| CVE-2024-5849 | 2024-08-13 | Pepperl+Fuchs: Device Master ICDM-RX/* XSS vulnerability allows reflected XSS |
| CVE-2024-38501 | 2024-08-13 | Pepperl+Fuchs: Device Master ICDM-RX/* XSS vulnerability allows HTML injection |
| CVE-2024-38502 | 2024-08-13 | Pepperl+Fuchs: Device Master ICDM-RX/* XSS vulnerability allows stored XSS |
| CVE-2024-6788 | 2024-08-13 | Phoenix Contact: update feature from CHARX controller can be used to reset a low privilege user password |
| CVE-2024-6384 | 2024-08-13 | Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server |
| CVE-2024-7746 | 2024-08-13 | Use of default credentials at Traccar fleet management solution |
| CVE-2023-26211 | 2024-08-13 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via... |
| CVE-2024-36505 | 2024-08-13 | An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2.7, 7.0.12 through 7.0.14 and 6.4.x may allow an attacker who has already successfully obtained write access... |
| CVE-2022-45862 | 2024-08-13 | An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 all versions, 1.2... |
| CVE-2022-27486 | 2024-08-13 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0,... |
| CVE-2024-21757 | 2024-08-13 | A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 through 7.0.10, versions... |
| CVE-2024-7113 | 2024-08-13 | Allocation of Resources Without Limits or Throttling in AVEVA SuiteLink Server |
| CVE-2024-6618 | 2024-08-13 | Path Traversal in Ocean Data Systems Dream Report |
| CVE-2024-6619 | 2024-08-13 | Incorrect Permission Assignment for Critical Resource in Ocean Data Systems Dream Report |
| CVE-2021-26344 | 2024-08-13 | An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability... |
| CVE-2021-26367 | 2024-08-13 | A malicious attacker in x86 can misconfigure the Trusted Memory Regions (TMRs), which may allow the attacker to set an arbitrary address range for the TMR, potentially leading to a... |
| CVE-2021-26387 | 2024-08-13 | Insufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell to map DRAM regions in protected... |
| CVE-2021-46746 | 2024-08-13 | Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address,... |
| CVE-2021-46772 | 2024-08-13 | Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing... |
| CVE-2022-23815 | 2024-08-13 | Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution. |
| CVE-2022-23817 | 2024-08-13 | Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space, potentially leading... |
| CVE-2023-20509 | 2024-08-13 | An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data... |
| CVE-2023-20510 | 2024-08-13 | An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service. |
| CVE-2023-20512 | 2024-08-13 | A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage. |
| CVE-2023-20513 | 2024-08-13 | An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial... |
| CVE-2023-20518 | 2024-08-13 | Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability,... |
| CVE-2023-20578 | 2024-08-13 | A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary... |
| CVE-2023-20584 | 2024-08-13 | IOMMU improperly handles certain special address ranges with invalid device table entries (DTEs), which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass... |
| CVE-2023-20591 | 2024-08-13 | Improper re-initialization of IOMMU during the DRTM event may permit an untrusted platform configuration to persist, allowing an attacker to read or modify hypervisor memory, potentially resulting in loss of... |
| CVE-2023-31305 | 2024-08-13 | Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in... |
| CVE-2023-31304 | 2024-08-13 | Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF) to modify the PCIe® lane count and speed, potentially leading to a loss... |
| CVE-2023-31307 | 2024-08-13 | Improper validation of array index in Power Management Firmware (PMFW) may allow a privileged attacker to cause an out-of-bounds memory read within PMFW, potentially leading to a denial of service. |
| CVE-2023-31310 | 2024-08-13 | Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the "set temperature input selection" command, potentially resulting in a... |
| CVE-2023-31356 | 2024-08-13 | Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity. |
| CVE-2024-21981 | 2024-08-13 | Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys,... |
| CVE-2023-31339 | 2024-08-13 | Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and... |
| CVE-2023-31341 | 2024-08-13 | Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting... |
| CVE-2023-31348 | 2024-08-13 | A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |
| CVE-2023-31349 | 2024-08-13 | Incorrect default permissions in the AMD μProf installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |
| CVE-2023-31366 | 2024-08-13 | Improper input validation in AMD μProf could allow an attacker to perform a write to an invalid address, potentially resulting in denial of service. |
| CVE-2024-38108 | 2024-08-13 | Azure Stack Hub Spoofing Vulnerability |
| CVE-2024-38123 | 2024-08-13 | Windows Bluetooth Driver Information Disclosure Vulnerability |
| CVE-2024-38159 | 2024-08-13 | Windows Network Virtualization Remote Code Execution Vulnerability |
| CVE-2024-38160 | 2024-08-13 | Windows Network Virtualization Remote Code Execution Vulnerability |
| CVE-2024-38161 | 2024-08-13 | Windows Mobile Broadband Driver Remote Code Execution Vulnerability |
| CVE-2024-38167 | 2024-08-13 | .NET and Visual Studio Information Disclosure Vulnerability |
| CVE-2024-38168 | 2024-08-13 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2024-38172 | 2024-08-13 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2024-38178 | 2024-08-13 | Scripting Engine Memory Corruption Vulnerability |
| CVE-2024-38184 | 2024-08-13 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2024-38191 | 2024-08-13 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38193 | 2024-08-13 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2024-38196 | 2024-08-13 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2024-38197 | 2024-08-13 | Microsoft Teams for iOS Spoofing Vulnerability |
| CVE-2024-38198 | 2024-08-13 | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2024-38199 | 2024-08-13 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability |
| CVE-2024-38201 | 2024-08-13 | Azure Stack Hub Elevation of Privilege Vulnerability |
| CVE-2024-38213 | 2024-08-13 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2024-38084 | 2024-08-13 | Microsoft OfficePlus Elevation of Privilege Vulnerability |
| CVE-2024-38063 | 2024-08-13 | Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2024-38098 | 2024-08-13 | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| CVE-2024-38106 | 2024-08-13 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-38107 | 2024-08-13 | Windows Power Dependency Coordinator Elevation of Privilege Vulnerability |
| CVE-2024-29995 | 2024-08-13 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2024-38114 | 2024-08-13 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
| CVE-2024-38115 | 2024-08-13 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
| CVE-2024-38116 | 2024-08-13 | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
| CVE-2024-38117 | 2024-08-13 | NTFS Elevation of Privilege Vulnerability |
| CVE-2024-38118 | 2024-08-13 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability |
| CVE-2024-38121 | 2024-08-13 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38122 | 2024-08-13 | Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability |
| CVE-2024-38125 | 2024-08-13 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38126 | 2024-08-13 | Windows Network Address Translation (NAT) Denial of Service Vulnerability |
| CVE-2024-38127 | 2024-08-13 | Windows Hyper-V Elevation of Privilege Vulnerability |