CVE List - 2024 / August
Showing 1501 - 1600 of 2898 CVEs for August 2024 (Page 16 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-42995 | 2024-08-16 | VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. |
| CVE-2024-43005 | 2024-08-16 | A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted... |
| CVE-2024-43006 | 2024-08-16 | A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to... |
| CVE-2024-43009 | 2024-08-16 | A reflected cross-site scripting (XSS) vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTP_REFERER header into the HTML... |
| CVE-2024-43011 | 2024-08-16 | An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths,... |
| CVE-2024-42638 | 2024-08-16 | H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. |
| CVE-2024-42639 | 2024-08-16 | H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attackers to log in as root. |
| CVE-2024-43042 | 2024-08-16 | Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack. |
| CVE-2024-7851 | 2024-08-16 | SourceCodester Yoga Class Registration System Add User Users.php improper authorization |
| CVE-2024-7852 | 2024-08-16 | SourceCodester Yoga Class Registration System view_inquiry.php cross site scripting |
| CVE-2024-7853 | 2024-08-16 | SourceCodester Yoga Class Registration System sql injection |
| CVE-2024-7630 | 2024-08-16 | Relevanssi <= 4.22.2 - Unauthenticated Information Exposure |
| CVE-2023-7049 | 2024-08-16 | Custom Field For WP Job Manager <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode |
| CVE-2022-3399 | 2024-08-16 | Cookie Notice & Compliance for GDPR / CCPA <= 2.4.17.1 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2024-7422 | 2024-08-16 | Theme My Login <= 7.1.7 - Cross-Site Request Forgery to Settings Update |
| CVE-2024-7301 | 2024-08-16 | WordPress File Upload <= 4.24.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-6460 | 2024-08-16 | Grow by Tradedoubler <= 2.0.21 - Unauthenticated LFI |
| CVE-2024-7501 | 2024-08-16 | Download Plugins and Themes from Dashboard <= 1.8.7 - Cross-Site Request Forgery |
| CVE-2024-25008 | 2024-08-16 | Ericsson RAN Compute and Site Controller 6610 - Improper Input Validation Vulnerability |
| CVE-2024-7147 | 2024-08-16 | JetBlocks <= 1.3.12 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-7136 | 2024-08-16 | JetSearch <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-7146 | 2024-08-16 | JetTabs <= 2.2.3 - Authenticated (Contributor+) Arbitrary Local File Inclusion |
| CVE-2024-42462 | 2024-08-16 | Bypass multifactor authentication |
| CVE-2024-42463 | 2024-08-16 | Leak of organizations messages |
| CVE-2024-42464 | 2024-08-16 | Leak of user information |
| CVE-2024-42465 | 2024-08-16 | Lack of resources and rate limiting - two factor authentication |
| CVE-2024-42466 | 2024-08-16 | Lack of resources and rate limiting - login |
| CVE-2024-7145 | 2024-08-16 | JetElements <= 2.6.20 - Authenticated (Contributor+) Arbitrary Local File Inclusion |
| CVE-2024-7144 | 2024-08-16 | JetElements <= 2.6.20 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-2175 | 2024-08-16 | An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges. |
| CVE-2024-4763 | 2024-08-16 | An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges to kernel. |
| CVE-2024-4781 | 2024-08-16 | A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted. |
| CVE-2024-4782 | 2024-08-16 | A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer's functionality until a manual system reboot occurs. |
| CVE-2024-5209 | 2024-08-16 | A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted. |
| CVE-2024-5210 | 2024-08-16 | A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the system is... |
| CVE-2024-6004 | 2024-08-16 | A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted. |
| CVE-2024-42486 | 2024-08-16 | Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API |
| CVE-2024-43381 | 2024-08-16 | reNgine vulnerable to Stored Cross-Site Scripting (XSS) via DNS Record Poisoning |
| CVE-2024-43807 | 2024-08-16 | In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page |
| CVE-2024-43808 | 2024-08-16 | In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin |
| CVE-2024-43809 | 2024-08-16 | In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page |
| CVE-2024-43810 | 2024-08-16 | In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin |
| CVE-2024-6098 | 2024-08-16 | PTC Kepware ThingWorx Kepware Server Allocation of Resources Without Limits or Throttling |
| CVE-2024-7646 | 2024-08-16 | A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary... |
| CVE-2022-33162 | 2024-08-16 | IBM Directory Server buffer overflow |
| CVE-2024-43472 | 2024-08-16 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2023-47728 | 2024-08-16 | IBM QRadar Suite Software information disclosure |
| CVE-2024-43395 | 2024-08-16 | CraftOS-PC 2's improperly sanitizied paths cause filesystem escape (Windows) |
| CVE-2024-7886 | 2024-08-16 | Scooter Software Beyond Compare 7zxa.dll uncontrolled search path |
| CVE-2024-6500 | 2024-08-17 | InPost for WooCommerce <= 1.4.0 and InPost PL <= 1.4.4 - Missing Authorization to Unauthenticated Arbitrary File Read and Delete |
| CVE-2024-6459 | 2024-08-17 | News Element Elementor Blog Magazine < 1.0.6 - Unauthenticated LFI |
| CVE-2022-1751 | 2024-08-17 | Skitter Slideshow <= 2.5.2 - Unauthenticated Server-Side Request Forgery |
| CVE-2023-4027 | 2024-08-17 | Radio Player <= 2.0.73 - Missing Authorization to Settings Update |
| CVE-2023-4024 | 2024-08-17 | Radio Player <= 2.0.73 - Missing Authorization to Player Deletion |
| CVE-2022-4532 | 2024-08-17 | LOGIN AND REGISTRATION ATTEMPTS LIMIT<= 2.1 - IP Address Spoofing to Protection Mechanism Bypass |
| CVE-2023-4507 | 2024-08-17 | Admission AppManager <= 1.0.0 - Reflected Cross-Site Scripting |
| CVE-2023-4730 | 2024-08-17 | LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.3 - Missing Authorization via init_endpoint |
| CVE-2023-4025 | 2024-08-17 | Radio Player <= 2.0.73 - Missing Authorization to Player Update |
| CVE-2023-1604 | 2024-08-17 | Short URL <= 1.6.8 - Cross-Site Request Forgery via configuration_page |
| CVE-2023-4604 | 2024-08-17 | Slideshow, Image Slider by 2J <= 1.3.54 - Reflected Cross-Site Scripting via 'post' |
| CVE-2023-3409 | 2024-08-17 | Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings |
| CVE-2023-5505 | 2024-08-17 | BackWPup <= 4.0.1 - Authenticated (Administrator+) Directory Traversal |
| CVE-2023-3408 | 2024-08-17 | Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings |
| CVE-2024-42260 | 2024-08-17 | drm/v3d: Validate passed in drm syncobj handles in the performance extension |
| CVE-2024-42261 | 2024-08-17 | drm/v3d: Validate passed in drm syncobj handles in the timestamp extension |
| CVE-2024-42262 | 2024-08-17 | drm/v3d: Fix potential memory leak in the performance extension |
| CVE-2024-42263 | 2024-08-17 | drm/v3d: Fix potential memory leak in the timestamp extension |
| CVE-2024-42264 | 2024-08-17 | drm/v3d: Prevent out of bounds access in performance query extensions |
| CVE-2024-42265 | 2024-08-17 | protect the fetch of ->fd[fd] in do_dup2() from mispredictions |
| CVE-2024-42266 | 2024-08-17 | btrfs: make cow_file_range_inline() honor locked_page on error |
| CVE-2024-42267 | 2024-08-17 | riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() |
| CVE-2024-42268 | 2024-08-17 | net/mlx5: Fix missing lock on sync reset reload |
| CVE-2024-42269 | 2024-08-17 | netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). |
| CVE-2024-42270 | 2024-08-17 | netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). |
| CVE-2024-42271 | 2024-08-17 | net/iucv: fix use after free in iucv_sock_close() |
| CVE-2024-42272 | 2024-08-17 | sched: act_ct: take care of padding in struct zones_ht_key |
| CVE-2024-42273 | 2024-08-17 | f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid |
| CVE-2024-42274 | 2024-08-17 | Revert "ALSA: firewire-lib: operate for period elapse event in process context" |
| CVE-2024-42275 | 2024-08-17 | drm/client: Fix error code in drm_client_buffer_vmap_local() |
| CVE-2024-7887 | 2024-08-17 | LimeSurvey File Upload index.php denial of service |
| CVE-2023-52889 | 2024-08-17 | apparmor: Fix null pointer deref when receiving skb during sock creation |
| CVE-2024-42276 | 2024-08-17 | nvme-pci: add missing condition check for existence of mapped data |
| CVE-2024-42277 | 2024-08-17 | iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en |
| CVE-2024-42278 | 2024-08-17 | ASoC: TAS2781: Fix tasdev_load_calibrated_data() |
| CVE-2024-42279 | 2024-08-17 | spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer |
| CVE-2024-42280 | 2024-08-17 | mISDN: Fix a use after free in hfcmulti_tx() |
| CVE-2024-42281 | 2024-08-17 | bpf: Fix a segment issue when downgrading gso_size |
| CVE-2024-42282 | 2024-08-17 | net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling |
| CVE-2024-42283 | 2024-08-17 | net: nexthop: Initialize all fields in dumped nexthops |
| CVE-2024-42284 | 2024-08-17 | tipc: Return non-zero value from tipc_udp_addr2str() on error |
| CVE-2024-42285 | 2024-08-17 | RDMA/iwcm: Fix a use-after-free related to destroying CM IDs |
| CVE-2024-42286 | 2024-08-17 | scsi: qla2xxx: validate nvme_local_port correctly |
| CVE-2024-42287 | 2024-08-17 | scsi: qla2xxx: Complete command early within lock |
| CVE-2024-42288 | 2024-08-17 | scsi: qla2xxx: Fix for possible memory corruption |
| CVE-2024-42289 | 2024-08-17 | scsi: qla2xxx: During vport delete send async logout explicitly |
| CVE-2024-42290 | 2024-08-17 | irqchip/imx-irqsteer: Handle runtime power management correctly |
| CVE-2024-42291 | 2024-08-17 | ice: Add a per-VF limit on number of FDIR filters |
| CVE-2024-42292 | 2024-08-17 | kobject_uevent: Fix OOB access within zap_modalias_env() |
| CVE-2024-42293 | 2024-08-17 | arm64: mm: Fix lockless walks with static and dynamic page-table folding |
| CVE-2024-42294 | 2024-08-17 | block: fix deadlock between sd_remove & sd_release |