CVE List - 2024 / August
Showing 1401 - 1500 of 2898 CVEs for August 2024 (Page 15 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-42953 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPW parameter in the fromWizardHandle function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-42954 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-42955 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-42966 | 2024-08-15 | Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. |
| CVE-2024-42968 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the Go parameter in the fromSafeUrlFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-42969 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeUrlFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-42973 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSetlpBind function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-42974 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromwebExcptypemanFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-42976 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-42977 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-42979 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ProtForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-42980 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-42981 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-42982 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-42983 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pptpPPW parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-42984 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-42985 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-42986 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-22217 | 2024-08-15 | A Server-Side Request Forgery (SSRF) vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs... |
| CVE-2024-42680 | 2024-08-15 | An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark. |
| CVE-2024-42947 | 2024-08-15 | An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers to execute arbitrary commands via a crafted HTTP request. |
| CVE-2024-42952 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-42967 | 2024-08-15 | Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apmib configuration file, which contains the username and the password, via a crafted request to /cgi-bin/ExportSettings.sh. |
| CVE-2024-42978 | 2024-08-15 | An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to execute arbitrary commands via a crafted HTTP request. |
| CVE-2024-42987 | 2024-08-15 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack-based buffer overflow vulnerability in the fromPptpUserAdd function. The vulnerability can be triggered via the modino, username, newpwd, or pptpdnetseg parameters, all... |
| CVE-2024-7808 | 2024-08-15 | code-projects Job Portal logindbc.php sql injection |
| CVE-2024-7809 | 2024-08-15 | SourceCodester Online Graduate Tracer System nbproject exposure of information through directory listing |
| CVE-2024-7810 | 2024-08-15 | SourceCodester Online Graduate Tracer System view_itprofile.php sql injection |
| CVE-2024-7420 | 2024-08-15 | Insert PHP Code Snippet <= 1.3.6 - Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion |
| CVE-2024-7624 | 2024-08-15 | Zephyr Project Manager <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation |
| CVE-2024-7628 | 2024-08-15 | MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.2 - Authentication Bypass to Account Takeover |
| CVE-2024-7811 | 2024-08-15 | SourceCodester Daily Expenses Monitoring App delete-expense.php sql injection |
| CVE-2024-25024 | 2024-08-15 | IBM QRadar Suite Software information disclosure |
| CVE-2024-7812 | 2024-08-15 | SourceCodester Best House Rental Management System POST Parameter ajax.php cross site scripting |
| CVE-2024-7813 | 2024-08-15 | SourceCodester Prison Management System Profile Image insufficiently protected credentials |
| CVE-2024-6533 | 2024-08-15 | Directus 10.13.0 - DOM-Based cross-site scripting (XSS) via layout_options |
| CVE-2024-6534 | 2024-08-15 | Directus 10.13.0 - Insecure object reference via PATH presets |
| CVE-2024-7814 | 2024-08-15 | CodeAstro Online Railway Reservation System Add Employee Page admin-add-employee.php cross site scripting |
| CVE-2024-7815 | 2024-08-15 | CodeAstro Online Railway Reservation System Update Employee Page admin-update-employee.php cross site scripting |
| CVE-2024-7064 | 2024-08-15 | ElementsKit Pro <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-7063 | 2024-08-15 | ElementsKit Pro <= 3.6.6 - Authenticated (Contributor+) Sensitive Information Exposure |
| CVE-2024-7411 | 2024-08-15 | Newsletters <= 4.9.9 - Unauthenticated Full Path Disclosure |
| CVE-2024-43275 | 2024-08-15 | WordPress Insert PHP Code Snippet plugin <= 1.3.6 - Cross Site Request Forgery (CSRF) vulnerability |
| CVE-2024-7828 | 2024-08-15 | D-Link DNS-1550-04 photocenter_mgr.cgi cgi_set_cover buffer overflow |
| CVE-2024-7829 | 2024-08-15 | D-Link DNS-1550-04 photocenter_mgr.cgi cgi_del_photo buffer overflow |
| CVE-2024-7830 | 2024-08-15 | D-Link DNS-1550-04 photocenter_mgr.cgi cgi_move_photo buffer overflow |
| CVE-2024-7831 | 2024-08-15 | D-Link DNS-1550-04 photocenter_mgr.cgi cgi_get_cooliris buffer overflow |
| CVE-2024-7832 | 2024-08-15 | D-Link DNS-1550-04 photocenter_mgr.cgi cgi_get_fullscreen_photos buffer overflow |
| CVE-2024-7833 | 2024-08-15 | D-Link DI-8100 upgrade_filter.asp upgrade_filter_asp command injection |
| CVE-2024-7262 | 2024-08-15 | Arbitrary Code Execution in WPS Office |
| CVE-2024-7263 | 2024-08-15 | Arbitrary Code Execution in WPS Office |
| CVE-2024-43373 | 2024-08-15 | webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle |
| CVE-2024-6347 | 2024-08-15 | Unauthorized access to ECU functionality |
| CVE-2024-40704 | 2024-08-15 | IBM InfoSphere Information Server information disclosure |
| CVE-2024-40705 | 2024-08-15 | IBM InfoSphere Information Server denial of service |
| CVE-2024-31905 | 2024-08-15 | IBM QRadar Network Packet Capture information disclosure |
| CVE-2024-25633 | 2024-08-15 | In eLabFTW, if administrators can create users, users can too |
| CVE-2024-42472 | 2024-08-15 | Flatpak may allow access to files outside sandbox for certain apps |
| CVE-2024-43357 | 2024-08-15 | JavaScript specification issue may lead to type confusion and pointer dereference in implementations |
| CVE-2024-42475 | 2024-08-15 | OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG |
| CVE-2024-42476 | 2024-08-15 | oauth CSRF vulnerability |
| CVE-2024-7866 | 2024-08-15 | Stack overflow in Xpdf 4.05 due to object loop in PDF pattern |
| CVE-2024-7838 | 2024-08-15 | itsourcecode Online Food Ordering System addcategory.php sql injection |
| CVE-2024-7867 | 2024-08-15 | Integer overflow and divide-by-zero in Xpdf 4.05 due to bogus page box coordinates |
| CVE-2024-6456 | 2024-08-15 | SQL Injection vulnerability in AVEVA Historian Server |
| CVE-2024-43366 | 2024-08-15 | zkvyper ignored loop range bounds |
| CVE-2024-7868 | 2024-08-15 | Uninitialized variable in Xpdf 4.05 due to invalid JPEG header |
| CVE-2024-42487 | 2024-08-15 | Cilium's Gateway API route matching order contradicts specification |
| CVE-2024-42488 | 2024-08-15 | Cilium agent's race condition may lead to policy bypass for Host Firewall policy |
| CVE-2024-43367 | 2024-08-15 | Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects |
| CVE-2024-7839 | 2024-08-15 | itsourcecode Billing System addbill.php sql injection |
| CVE-2024-7841 | 2024-08-15 | SourceCodester Clinics Patient Management System check_user_name.php sql injection |
| CVE-2024-7842 | 2024-08-15 | SourceCodester Online Graduate Tracer System export_it.php information disclosure |
| CVE-2024-31333 | 2024-08-15 | In _MMU_AllocLevel of mmu_common.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional... |
| CVE-2024-34727 | 2024-08-15 | In sdpu_compare_uuid_with_attr of sdp_utils.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2024-34731 | 2024-08-15 | In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2024-34734 | 2024-08-15 | In onForegroundServiceButtonClicked of FooterActionsViewModel.kt, there is a possible way to disable the active VPN app from the lockscreen due to an insecure default value. This could lead to local escalation... |
| CVE-2024-34736 | 2024-08-15 | In setupVideoEncoder of StagefrightRecorder.cpp, there is a possible asynchronous playback when B-frame support is enabled. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2024-34737 | 2024-08-15 | In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. This could lead to local escalation... |
| CVE-2024-34738 | 2024-08-15 | In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. This could... |
| CVE-2024-34739 | 2024-08-15 | In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional... |
| CVE-2024-34740 | 2024-08-15 | In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-34741 | 2024-08-15 | In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to... |
| CVE-2024-34742 | 2024-08-15 | In shouldWrite of OwnersData.java, there is a possible edge case that prevents MDM policies from being persisted due to a logic error in the code. This could lead to local... |
| CVE-2024-34743 | 2024-08-15 | In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no... |
| CVE-2024-7843 | 2024-08-15 | SourceCodester Online Graduate Tracer System exportcs.php information disclosure |
| CVE-2024-7844 | 2024-08-15 | SourceCodester Online Graduate Tracer System add_acc.php cross site scripting |
| CVE-2024-43369 | 2024-08-15 | Persistent Cross-site Scripting in Ibexa RichText Field Type |
| CVE-2024-7845 | 2024-08-15 | SourceCodester Online Graduate Tracer System fetch_it.php sql injection |
| CVE-2024-7849 | 2024-08-15 | D-Link DNS-1550-04 photocenter_mgr.cgi cgi_create_album buffer overflow |
| CVE-2024-43370 | 2024-08-15 | gettext.js vulnerable to cross-site scripting (XSS) |
| CVE-2024-43374 | 2024-08-15 | Vim heap-use-after-free in src/arglist.c:207 |
| CVE-2024-43378 | 2024-08-15 | calamares-nixos-extensions LUKS keyfile exposure regression on legacy BIOS systems |
| CVE-2024-25837 | 2024-08-16 | A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments... |
| CVE-2024-42634 | 2024-08-16 | A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.06.42. As a result, attacker can execute OS commands with root privileges. |
| CVE-2024-42637 | 2024-08-16 | H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. |
| CVE-2024-42758 | 2024-08-16 | A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin when is used and enabled in Dokuwiki (Open Source Wiki Engine). A malicious attacker can input XSS... |
| CVE-2024-42849 | 2024-08-16 | An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via the password change function. |
| CVE-2024-42850 | 2024-08-16 | An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements. |
| CVE-2024-42994 | 2024-08-16 | VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module. |