CVE List - 2024 / August
Showing 2401 - 2500 of 2898 CVEs for August 2024 (Page 25 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-8155 | 2024-08-25 | ContiNew Admin tree sql injection |
| CVE-2024-34087 | 2024-08-26 | An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST... |
| CVE-2024-41285 | 2024-08-26 | A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted file path. |
| CVE-2024-41444 | 2024-08-26 | SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so. |
| CVE-2024-41996 | 2024-08-26 | Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily... |
| CVE-2024-42787 | 2024-08-26 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "description"... |
| CVE-2024-42788 | 2024-08-26 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist"... |
| CVE-2024-42789 | 2024-08-26 | A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/controller.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter. |
| CVE-2024-42790 | 2024-08-26 | A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter. |
| CVE-2024-42791 | 2024-08-26 | A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_genre. |
| CVE-2024-42792 | 2024-08-26 | A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page. |
| CVE-2024-42816 | 2024-08-26 | A cross-site scripting (XSS) vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2024-42818 | 2024-08-26 | A cross-site scripting (XSS) vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product... |
| CVE-2024-42906 | 2024-08-26 | TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name. |
| CVE-2024-44549 | 2024-08-26 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. |
| CVE-2024-44550 | 2024-08-26 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv. |
| CVE-2024-44553 | 2024-08-26 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. |
| CVE-2024-44555 | 2024-08-26 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. |
| CVE-2024-44556 | 2024-08-26 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. |
| CVE-2024-44557 | 2024-08-26 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo. |
| CVE-2024-44558 | 2024-08-26 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. |
| CVE-2024-44563 | 2024-08-26 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. |
| CVE-2024-44565 | 2024-08-26 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the serverName parameter in the function form_fast_setting_internet_set. |
| CVE-2024-44793 | 2024-08-26 | A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the torrents... |
| CVE-2024-44794 | 2024-08-26 | A cross-site scripting (XSS) vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description... |
| CVE-2024-44795 | 2024-08-26 | A cross-site scripting (XSS) vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username... |
| CVE-2024-44796 | 2024-08-26 | A cross-site scripting (XSS) vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description... |
| CVE-2024-44797 | 2024-08-26 | A cross-site scripting (XSS) vulnerability in the component /managers/enable_requests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the view... |
| CVE-2024-45241 | 2024-08-26 | A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading... |
| CVE-2024-45256 | 2024-08-26 | An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request... |
| CVE-2024-45265 | 2024-08-26 | A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter. |
| CVE-2024-28077 | 2024-08-26 | A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of... |
| CVE-2024-39097 | 2024-08-26 | There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path. |
| CVE-2024-42913 | 2024-08-26 | RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1. |
| CVE-2024-44551 | 2024-08-26 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. |
| CVE-2024-44552 | 2024-08-26 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv. |
| CVE-2024-8073 | 2024-08-26 | Command Injection Vulnerability in Hillstone Networks Web Application Firewall |
| CVE-2024-6879 | 2024-08-26 | Quiz and Survey Master (QSM) < 9.1.1 - Contributor+ Stored XSS |
| CVE-2024-7313 | 2024-08-26 | Shield Security < 20.0.6 - Reflected XSS |
| CVE-2024-43884 | 2024-08-26 | Bluetooth: MGMT: Add error handling to pair_device() |
| CVE-2024-43442 | 2024-08-26 | Stored XSS in System Configuration |
| CVE-2024-43443 | 2024-08-26 | Stored XSS in process management |
| CVE-2024-43444 | 2024-08-26 | Passwords are written to Admin Log Module |
| CVE-2024-8161 | 2024-08-26 | SQL injection vulnerability in CIGESv2 system |
| CVE-2024-43886 | 2024-08-26 | drm/amd/display: Add null check in resource_log_pipe_topology_update |
| CVE-2024-43887 | 2024-08-26 | net/tcp: Disable TCP-AO static key after RCU grace period |
| CVE-2024-43888 | 2024-08-26 | mm: list_lru: fix UAF for memory cgroup |
| CVE-2024-43889 | 2024-08-26 | padata: Fix possible divide-by-0 panic in padata_mt_helper() |
| CVE-2024-43890 | 2024-08-26 | tracing: Fix overflow in get_free_elt() |
| CVE-2024-43891 | 2024-08-26 | tracing: Have format file honor EVENT_FILE_FL_FREED |
| CVE-2024-43892 | 2024-08-26 | memcg: protect concurrent access to mem_cgroup_idr |
| CVE-2024-43893 | 2024-08-26 | serial: core: check uartclk for zero to avoid divide by zero |
| CVE-2024-43894 | 2024-08-26 | drm/client: fix null pointer dereference in drm_client_modeset_probe |
| CVE-2024-43895 | 2024-08-26 | drm/amd/display: Skip Recompute DSC Params if no Stream on Link |
| CVE-2024-43896 | 2024-08-26 | ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL |
| CVE-2024-43897 | 2024-08-26 | net: drop bad gso csum_start and offset in virtio_net_hdr |
| CVE-2024-43899 | 2024-08-26 | drm/amd/display: Fix null pointer deref in dcn20_resource.c |
| CVE-2024-43900 | 2024-08-26 | media: xc2028: avoid use-after-free in load_firmware_cb() |
| CVE-2024-43901 | 2024-08-26 | drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401 |
| CVE-2024-43902 | 2024-08-26 | drm/amd/display: Add null checker before passing variables |
| CVE-2024-43904 | 2024-08-26 | drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing |
| CVE-2024-43905 | 2024-08-26 | drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr |
| CVE-2024-43906 | 2024-08-26 | drm/admgpu: fix dereferencing null pointer context |
| CVE-2024-43907 | 2024-08-26 | drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules |
| CVE-2024-43908 | 2024-08-26 | drm/amdgpu: Fix the null pointer dereference to ras_manager |
| CVE-2024-43909 | 2024-08-26 | drm/amdgpu/pm: Fix the null pointer dereference for smu7 |
| CVE-2024-43910 | 2024-08-26 | bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses |
| CVE-2024-43911 | 2024-08-26 | wifi: mac80211: fix NULL dereference at band check in starting tx ba session |
| CVE-2024-43912 | 2024-08-26 | wifi: nl80211: disallow setting special AP channel widths |
| CVE-2024-43913 | 2024-08-26 | nvme: apple: fix device reference counting |
| CVE-2024-43914 | 2024-08-26 | md/raid5: avoid BUG_ON() while continue reshape after reassembling |
| CVE-2024-44931 | 2024-08-26 | gpio: prevent potential speculation leaks in gpio_device_get_desc() |
| CVE-2024-44932 | 2024-08-26 | idpf: fix UAFs when destroying the queues |
| CVE-2024-44933 | 2024-08-26 | bnxt_en : Fix memory out-of-bounds in bnxt_fill_hw_rss_tbl() |
| CVE-2024-44934 | 2024-08-26 | net: bridge: mcast: wait for previous gc cycles when removing port |
| CVE-2024-44935 | 2024-08-26 | sctp: Fix null-ptr-deref in reuseport_add_sock(). |
| CVE-2024-44936 | 2024-08-26 | power: supply: rt5033: Bring back i2c_set_clientdata |
| CVE-2024-44937 | 2024-08-26 | platform/x86: intel-vbtn: Protect ACPI notify handler against recursion |
| CVE-2024-44938 | 2024-08-26 | jfs: Fix shift-out-of-bounds in dbDiscardAG |
| CVE-2024-44939 | 2024-08-26 | jfs: fix null ptr deref in dtInsertEntry |
| CVE-2024-44940 | 2024-08-26 | fou: remove warn in gue_gro_receive on unsupported protocol |
| CVE-2024-44941 | 2024-08-26 | f2fs: fix to cover read extent cache access with lock |
| CVE-2024-44942 | 2024-08-26 | f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC |
| CVE-2023-26315 | 2024-08-26 | Xiaomi router has a command injection vulnerability after authorization |
| CVE-2024-41879 | 2024-08-26 | RE: New Edge T5 MSRC Case [DCMSFT-1294] |
| CVE-2024-8162 | 2024-08-26 | TOTOLINK T10 AC1200 Telnet Service product.ini hard-coded credentials |
| CVE-2024-8163 | 2024-08-26 | Chengdu Everbrite Network Technology BeikeShop files destroyFiles path traversal |
| CVE-2024-8164 | 2024-08-26 | Chengdu Everbrite Network Technology BeikeShop FileManagerController.php rename unrestricted upload |
| CVE-2024-8165 | 2024-08-26 | Chengdu Everbrite Network Technology BeikeShop export exportZip path traversal |
| CVE-2023-49582 | 2024-08-26 | Apache Portable Runtime (APR): Unexpected lax shared memory permissions |
| CVE-2024-38859 | 2024-08-26 | XSS in view page with SLA column |
| CVE-2024-8166 | 2024-08-26 | Ruijie EG2000K index.php unrestricted upload |
| CVE-2024-8167 | 2024-08-26 | code-projects Job Portal forget.php sql injection |
| CVE-2024-7987 | 2024-08-26 | Rockwell Automation ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities |
| CVE-2024-7988 | 2024-08-26 | ThinManager® ThinServer™ Information Disclosure and Remote Code Execution Vulnerabilities |
| CVE-2024-8168 | 2024-08-26 | code-projects Online Bus Reservation Site login.php sql injection |
| CVE-2024-8169 | 2024-08-26 | code-projects Online Quiz Site signupuser.php sql injection |
| CVE-2024-43966 | 2024-08-26 | WordPress WP Testimonial Widget plugin <= 3.1 - SQL Injection vulnerability |
| CVE-2024-43967 | 2024-08-26 | WordPress WP Testimonial Widget plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-8170 | 2024-08-26 | SourceCodester Zipped Folder Manager App add-folder.php unrestricted upload |