CVE List - 2024 / August
Showing 1301 - 1400 of 2898 CVEs for August 2024 (Page 14 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-39387 | 2024-08-14 | ZDI-CAN-24047: Adobe Bridge AVI FIle Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-39388 | 2024-08-14 | ZDI-CAN-24055: Adobe Substance 3D Stager SKP File Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-25157 | 2024-08-14 | Authentication bypass in GoAnywhere MFT prior to 7.6.0 |
| CVE-2024-39394 | 2024-08-14 | Adobe Indesign 2024 PDF File Parsing Out Of Bound Write Remote Code Execution Vulnerability |
| CVE-2024-39395 | 2024-08-14 | Adobe Indesign 2024 DOC File Parsing Null Pointer Dereference |
| CVE-2024-39389 | 2024-08-14 | Adobe Indesign PDF File Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability |
| CVE-2024-39393 | 2024-08-14 | Adobe Indesign 2024 PCT File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2024-41851 | 2024-08-14 | Adobe InDesign (Beta) has an integer overflow vulnerability when parsing SVG file |
| CVE-2024-41853 | 2024-08-14 | Indesign 2024 EPS File Parsing Heap Memory Corruption Remote Code Execution Vulnerability |
| CVE-2024-41852 | 2024-08-14 | Adobe Indesign 2024 AVI File Parsing Stack Based Buffer Overflow |
| CVE-2024-41866 | 2024-08-14 | Adobe Indesign 2024 DOC File Parsing Null Pointer Dereference |
| CVE-2024-39390 | 2024-08-14 | Adobe Indesign 2024 DOC File Parsing Memory Corruption |
| CVE-2024-39391 | 2024-08-14 | Adobe Indesign XLS File Parsing Out Of Bound Write Remote Code execution vulnerability |
| CVE-2024-41854 | 2024-08-14 | Adobe Indesign 2024 PDF File parsing memory corruption |
| CVE-2024-41850 | 2024-08-14 | Adobe Indesign 2024 TIF File Parsing Heap Memory Corruption |
| CVE-2024-34127 | 2024-08-14 | Adobe Indesign TIF File Parsing Out Of Bound Read |
| CVE-2024-41833 | 2024-08-14 | ZDI-CAN-24310: Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-39425 | 2024-08-14 | Security vulnerability in AdobeARMHelper |
| CVE-2024-39383 | 2024-08-14 | PoC sample of unknown vulnerability detected by EXPMON system |
| CVE-2024-41830 | 2024-08-14 | Talos Security Advisory for Adobe (TALOS-2024-2009) |
| CVE-2024-39424 | 2024-08-14 | ZDI-CAN-24309: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-41835 | 2024-08-14 | TALOS-2024-2003 | Adobe Acrobat Reader Font Packed Point Numbers Out-Of-Bounds Read Vulnerability |
| CVE-2024-41834 | 2024-08-14 | ZDI-CAN-24311: Adobe Acrobat Reader DC Annotation Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2024-39420 | 2024-08-14 | Acrobat Reader | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) |
| CVE-2024-39423 | 2024-08-14 | ZDI-CAN-24182: New Vulnerability Report - Adobe Acrobat Reader DC AcroForm Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2024-41831 | 2024-08-14 | ZDI-CAN-24569: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2024-39422 | 2024-08-14 | ZDI-CAN-24090: New Vulnerability Report - Use-after-free remote code execution vulnerability in Adobe Acrobat Reader DC |
| CVE-2024-39426 | 2024-08-14 | ZDI-CAN-24312: Adobe Acrobat Reader DC Annotation Memory Corruption Remote Code Execution Vulnerability |
| CVE-2024-41832 | 2024-08-14 | TALOS-2024-2002 | Adobe Acrobat Reader Font gvar TupleVariation Data Out-Of-Bounds Read Vulnerability |
| CVE-2024-28799 | 2024-08-14 | IBM QRadar Suite Software information disclosure |
| CVE-2024-27267 | 2024-08-14 | IBM SDK, Java Technology Edition denial of service |
| CVE-2024-39825 | 2024-08-14 | Zoom Workplace Apps and Rooms Clients - Buffer Overflow |
| CVE-2024-39818 | 2024-08-14 | Zoom Workplace Apps and SDKs - Protection Mechanism Failure |
| CVE-2024-39822 | 2024-08-14 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure |
| CVE-2024-39823 | 2024-08-14 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization |
| CVE-2024-39824 | 2024-08-14 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization |
| CVE-2024-42434 | 2024-08-14 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization |
| CVE-2024-42435 | 2024-08-14 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure |
| CVE-2024-5914 | 2024-08-14 | Cortex XSOAR: Command Injection in CommonScripts Pack |
| CVE-2024-5915 | 2024-08-14 | GlobalProtect App: Local Privilege Escalation (PE) Vulnerability |
| CVE-2024-42436 | 2024-08-14 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow |
| CVE-2024-42437 | 2024-08-14 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow |
| CVE-2024-5916 | 2024-08-14 | PAN-OS: Cleartext Exposure of External System Secrets |
| CVE-2024-42438 | 2024-08-14 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow |
| CVE-2024-42439 | 2024-08-14 | Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS - Untrusted Search Path |
| CVE-2024-42440 | 2024-08-14 | Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Improper Privilege Management |
| CVE-2024-42441 | 2024-08-14 | Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Incorrect Privilege Assignment |
| CVE-2023-50315 | 2024-08-14 | IBM WebSphere Application Server information disclosure |
| CVE-2023-50314 | 2024-08-14 | IBM WebSphere Application Server Libery information disclosure |
| CVE-2024-35136 | 2024-08-14 | IBM Db2 denial of service |
| CVE-2024-35152 | 2024-08-14 | IBM Db2 denial of service |
| CVE-2024-37529 | 2024-08-14 | IBM Db2 denial of service |
| CVE-2024-31882 | 2024-08-14 | IBM Db2 denial of service |
| CVE-2024-7792 | 2024-08-14 | SourceCodester Task Progress Tracker delete-task.php sql injection |
| CVE-2024-7507 | 2024-08-14 | Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Controller Denial-of-Service Vulnerability via Input Validation |
| CVE-2024-7515 | 2024-08-14 | Rockwell Automation ControlLogix/GuardLogix 5580 and CompactLogix/Compact GuardLogix® 5380 Controller Denial-of-Service Vulnerability via Input Validation |
| CVE-2024-6078 | 2024-08-14 | Rockwell Automation Authentication Bypass Vulnerability in DataMosaix™ |
| CVE-2024-7513 | 2024-08-14 | Rockwell Automation FactoryTalk® View Site Edition Code Execution Vulnerability via File Permissions |
| CVE-2024-42360 | 2024-08-14 | Command Injection in sequenceserver |
| CVE-2024-40619 | 2024-08-14 | Rockwell Automation GuardLogix/ControlLogix 5580 Controller denial-of-service Vulnerability via Malformed Packet Handling |
| CVE-2024-27120 | 2024-08-14 | Local File Inclusion in ComfortKey before version 24.1.2 |
| CVE-2024-40620 | 2024-08-14 | Rockwell Automation Pavilion8® Unencrypted Data Vulnerability via HTTP protocol |
| CVE-2024-42353 | 2024-08-14 | WebOb's location header normalization during redirect leads to open redirect |
| CVE-2024-7793 | 2024-08-14 | SourceCodester Task Progress Tracker add-task.php cross site scripting |
| CVE-2024-7794 | 2024-08-14 | itsourcecode Vehicle Management System mybill.php sql injection |
| CVE-2024-43368 | 2024-08-14 | Trix has a Cross-Site Scripting (XSS) vulnerability on copy & paste |
| CVE-2024-7797 | 2024-08-14 | SourceCodester Simple Online Bidding System ajax.php sql injection |
| CVE-2024-7798 | 2024-08-14 | SourceCodester Simple Online Bidding System ajax.php sql injection |
| CVE-2024-7625 | 2024-08-14 | Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking |
| CVE-2024-7799 | 2024-08-14 | SourceCodester Simple Online Bidding System users.php improper authorization |
| CVE-2024-7800 | 2024-08-14 | SourceCodester Simple Online Bidding System ajax.php sql injection |
| CVE-2024-22218 | 2024-08-15 | XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead... |
| CVE-2024-22219 | 2024-08-15 | XML External Entity (XXE) vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead... |
| CVE-2024-23168 | 2024-08-15 | Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution. |
| CVE-2024-27728 | 2024-08-15 | Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature. |
| CVE-2024-27729 | 2024-08-15 | Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature. |
| CVE-2024-27730 | 2024-08-15 | Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature. |
| CVE-2024-27731 | 2024-08-15 | Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter. |
| CVE-2024-31798 | 2024-08-15 | Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices |
| CVE-2024-31799 | 2024-08-15 | Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port. |
| CVE-2024-31800 | 2024-08-15 | Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port. |
| CVE-2024-32231 | 2024-08-15 | Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter. |
| CVE-2024-42676 | 2024-08-15 | File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component |
| CVE-2024-42677 | 2024-08-15 | An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to obtain sensitive information via the /nssys/common/filehandle. Aspx component |
| CVE-2024-42678 | 2024-08-15 | Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component. |
| CVE-2024-42679 | 2024-08-15 | SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the/ajax/Login.ashx component. |
| CVE-2024-42681 | 2024-08-15 | Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component. |
| CVE-2024-42757 | 2024-08-15 | Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. |
| CVE-2024-42843 | 2024-08-15 | Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. |
| CVE-2024-42940 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-42941 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-42942 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the frmL7ImForm function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-42943 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPPOEPassword parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-42944 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromNatlimit function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-42945 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromAddressNat function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-42946 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-42948 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in the fromPptpUserSetting function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-42949 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the qos parameter in the fromqossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-42950 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the fromSafeClientFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2024-42951 | 2024-08-15 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the mit_pptpusrpw parameter in the fromWizardHandle function. This vulnerability allows attackers to cause a Denial of Service (DoS)... |