CVE List - 2024 / August
Showing 2601 - 2700 of 2898 CVEs for August 2024 (Page 27 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-8220 | 2024-08-27 | itsourcecode Tailoring Management System staffedit.php sql injection |
| CVE-2024-8221 | 2024-08-27 | SourceCodester Music Gallery Site manage_category.php sql injection |
| CVE-2024-8222 | 2024-08-27 | SourceCodester Music Gallery Site sql injection |
| CVE-2024-8223 | 2024-08-27 | SourceCodester Music Gallery Site Master.php sql injection |
| CVE-2024-8224 | 2024-08-27 | Tenda G3 setDebugCfg formSetDebugCfg stack-based overflow |
| CVE-2024-8225 | 2024-08-27 | Tenda G3 SetSysTimeCfg formSetSysTime stack-based overflow |
| CVE-2024-8226 | 2024-08-27 | Tenda O1 setcfm formSetCfm stack-based overflow |
| CVE-2024-34195 | 2024-08-28 | TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the... |
| CVE-2024-34198 | 2024-08-28 | TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user... |
| CVE-2024-41236 | 2024-08-28 | A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page |
| CVE-2024-42793 | 2024-08-28 | A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page. |
| CVE-2024-42900 | 2024-08-28 | Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create. |
| CVE-2024-42905 | 2024-08-28 | Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function in the code/function/system/tool/ping.php... |
| CVE-2024-44760 | 2024-08-28 | Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server. |
| CVE-2024-44761 | 2024-08-28 | An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests. |
| CVE-2024-44913 | 2024-08-28 | An issue in the component EXR!ReadEXR+0x40ef1 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service... |
| CVE-2024-44914 | 2024-08-28 | An issue in the component EXR!ReadEXR+0x3df50 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service... |
| CVE-2024-44915 | 2024-08-28 | An issue in the component EXR!ReadEXR+0x4eef0 of Irfanview v4.67.1.0 allows attackers to cause an access violation via a crafted EXR file. This vulnerability can lead to a Denial of Service... |
| CVE-2024-45232 | 2024-08-28 | An issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, resulting in Insecure Direct Object Reference (IDOR). An unauthenticated... |
| CVE-2024-45233 | 2024-08-28 | An issue was discovered in powermail extension through 12.3.5 for TYPO3. Several actions in the OutputController can directly be called, due to missing or insufficiently implemented access checks, resulting in... |
| CVE-2023-45896 | 2024-08-28 | ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged... |
| CVE-2024-41564 | 2024-08-28 | EMI v.1.1.10 and before, fixed in v.1.1.11, contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index... |
| CVE-2024-41565 | 2024-08-28 | JustEnoughItems (JEI) 19.5.0.33 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index in JEI... |
| CVE-2024-42698 | 2024-08-28 | Roughly Enough Items (REI) v.16.0.729 and before contains an Improper Validation of Specified Index, Position, or Offset in Input vulnerability. The specific issue is a failure to validate slot index... |
| CVE-2024-8227 | 2024-08-28 | Tenda O1 DhcpSetSer fromDhcpSetSer stack-based overflow |
| CVE-2024-8228 | 2024-08-28 | Tenda O5 setMacFilterList fromSafeSetMacFilter stack-based overflow |
| CVE-2024-8229 | 2024-08-28 | Tenda O6 operateMacFilter frommacFilterModify stack-based overflow |
| CVE-2024-8230 | 2024-08-28 | Tenda O6 setMacFilterList fromSafeSetMacFilter stack-based overflow |
| CVE-2024-8231 | 2024-08-28 | Tenda O6 setPortForward fromVirtualSet stack-based overflow |
| CVE-2024-7573 | 2024-08-28 | Relevanssi Live Ajax Search <= 2.4 - Unauthenticated WP_Query Argument Injection |
| CVE-2024-8030 | 2024-08-28 | Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object Injection |
| CVE-2024-6448 | 2024-08-28 | Mollie Payments for WooCommerce <= 7.7.0 - Unauthenticated Full Path Disclosure |
| CVE-2023-43078 | 2024-08-28 | Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service. |
| CVE-2024-39584 | 2024-08-28 | Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and... |
| CVE-2024-39771 | 2024-08-28 | QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of... |
| CVE-2024-4556 | 2024-08-28 | Directory traversal vulnerability in NetIQ Access Manager |
| CVE-2024-4555 | 2024-08-28 | User impersonation with MFA when configure in specific way |
| CVE-2024-4554 | 2024-08-28 | Multiple xss vulnerability in NetIQ Access Manager |
| CVE-2021-38122 | 2024-08-28 | Cross-Site Scripting (XSS) in Advance Authentication |
| CVE-2021-38121 | 2024-08-28 | Weak communication protocol identified in Advance Authentication client application |
| CVE-2021-38120 | 2024-08-28 | Remote Code Execution using Bash command Injection in backup scheduling functionality in NetIQ Advance Authentication |
| CVE-2021-22530 | 2024-08-28 | Improper account management vulnerability in NetIQ Advance Authentication |
| CVE-2021-22529 | 2024-08-28 | Sensitive Data Exposure leaks potential information in NetIQ Advance Authentication |
| CVE-2021-22509 | 2024-08-28 | Handling of sensitive data in process memory in NetIQ Advance Authentication |
| CVE-2024-6312 | 2024-08-28 | Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Deletion |
| CVE-2024-6311 | 2024-08-28 | Funnelforms Free <= 3.7.3.2 - Authenticated (Administrator+) Arbitrary File Upload |
| CVE-2024-45346 | 2024-08-28 | GetApps application has code execution vulnerability |
| CVE-2024-44943 | 2024-08-28 | mm: gup: stop abusing try_grab_folio |
| CVE-2023-26324 | 2024-08-28 | GetApps application has code execution vulnerability |
| CVE-2023-26321 | 2024-08-28 | The international version of Xiaomi File Manager has a path traversal vulnerability |
| CVE-2023-26323 | 2024-08-28 | Xiaomi App Market has a code execution vulnerability |
| CVE-2023-26322 | 2024-08-28 | GetApps application has code execution vulnerability |
| CVE-2024-5546 | 2024-08-28 | SQL Injection |
| CVE-2024-7269 | 2024-08-28 | Stored XSS in ConnX ESP HR Management |
| CVE-2024-7447 | 2024-08-28 | Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free <= 3.7.3.2 - Missing Authorization to Unauthenticated Arbitrary Media Upload |
| CVE-2024-6449 | 2024-08-28 | Arbitrary cross-domain file inclusion in HyperView Geoportal Toolkit |
| CVE-2024-6450 | 2024-08-28 | Reflected XSS in HyperView Geoportal Toolkit |
| CVE-2024-8195 | 2024-08-28 | Permalink Manager Lite <= 2.4.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure |
| CVE-2024-20279 | 2024-08-28 | Cisco Application Policy Infrastructure Controller Unauthorized Policy Actions Vulnerability |
| CVE-2024-20413 | 2024-08-28 | Cisco NX-OS Bash Privilege Escalation Vulnerability |
| CVE-2024-20411 | 2024-08-28 | Cisco NX-OS Bash Arbitrary Code Execution Vulnerability |
| CVE-2024-20478 | 2024-08-28 | Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability |
| CVE-2024-7744 | 2024-08-28 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Progress WS_FTP Server |
| CVE-2024-6053 | 2024-08-28 | Improper access control in the clipboard synchronization feature |
| CVE-2024-7745 | 2024-08-28 | Multi-Factor Authentication Bypass in Progress WS_FTP Server |
| CVE-2024-20289 | 2024-08-28 | Cisco NX-OS Software Command Injection Vulnerability |
| CVE-2024-20446 | 2024-08-28 | Cisco NX-OS Software DHCPv6 Relay Agent Denial of Service Vulnerability |
| CVE-2024-20286 | 2024-08-28 | Cisco NX-OS Software Python Parser Escape Vulnerability |
| CVE-2024-20285 | 2024-08-28 | Cisco NX-OS Software Python Parser Escape Vulnerability |
| CVE-2024-20284 | 2024-08-28 | Cisco NX-OS Software Python Parser Escape Vulnerability |
| CVE-2024-43805 | 2024-08-28 | HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering |
| CVE-2024-45054 | 2024-08-28 | Potential Permission Leakage of Cluster Level in hwameistor |
| CVE-2024-45043 | 2024-08-28 | OpenTelemetry Collector AWS Firehose Receiver Authentication Bypass Vulnerability |
| CVE-2024-45057 | 2024-08-28 | Reflected Cross-Site Scripting in i-Educar |
| CVE-2024-45058 | 2024-08-28 | Privilege escalation in i-Educar |
| CVE-2024-45059 | 2024-08-28 | Authenticated SQL Injection in i-Educar |
| CVE-2024-45048 | 2024-08-28 | XML External Entity Reference (XXE) in PHPSpreadsheet |
| CVE-2024-45046 | 2024-08-28 | PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information |
| CVE-2024-8193 | 2024-08-28 | Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2024-8194 | 2024-08-28 | Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-8198 | 2024-08-28 | Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2024-8250 | 2024-08-28 | Expired Pointer Dereference in Wireshark |
| CVE-2024-41345 | 2024-08-29 | openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/trip.php |
| CVE-2024-41346 | 2024-08-29 | openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/submit.php |
| CVE-2024-41347 | 2024-08-29 | openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/settings.php |
| CVE-2024-41348 | 2024-08-29 | openflights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via php/alsearch.php |
| CVE-2024-41350 | 2024-08-29 | bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/imageUp.php |
| CVE-2024-41351 | 2024-08-29 | bjyadmin commit a560fd5 is vulnerable to Cross Site Scripting (XSS) via Public/statics/umeditor1_2_3/php/getContent.php |
| CVE-2024-41361 | 2024-08-29 | RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\manageFilesFolders.php |
| CVE-2024-41364 | 2024-08-29 | RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\trackEdit.php |
| CVE-2024-41366 | 2024-08-29 | RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\userScripts.php |
| CVE-2024-41367 | 2024-08-29 | RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\api\playlist\appendFileToPlaylist.php |
| CVE-2024-41368 | 2024-08-29 | RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWlanIpMail.php |
| CVE-2024-41369 | 2024-08-29 | RPi-Jukebox-RFID v2.7.0 was discovered to contain a remote code execution (RCE) vulnerability via htdocs\inc.setWifi.php |
| CVE-2024-41370 | 2024-08-29 | Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/setlike.php. |
| CVE-2024-41371 | 2024-08-29 | Organizr v1.90 is vulnerable to Cross Site Scripting (XSS) via api.php. |
| CVE-2024-41372 | 2024-08-29 | Organizr v1.90 was discovered to contain a SQL injection vulnerability via chat/settyping.php. |
| CVE-2024-44777 | 2024-08-29 | A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's... |
| CVE-2024-44778 | 2024-08-29 | A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's... |
| CVE-2024-44779 | 2024-08-29 | A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's... |