CVE List - 2024 / August
Showing 2201 - 2300 of 2898 CVEs for August 2024 (Page 23 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-48924 | 2024-08-22 | thermal: int340x: fix memory leak in int3400_notify() |
| CVE-2022-48925 | 2024-08-22 | RDMA/cma: Do not change route.addr.src_addr outside state checks |
| CVE-2024-7384 | 2024-08-22 | AcyMailing <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function |
| CVE-2024-7836 | 2024-08-22 | Themify Builder <= 7.6.1 - Missing Authorization to Authenticated (Contributor+) Post Duplication |
| CVE-2024-5583 | 2024-08-22 | The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 5.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget Settings |
| CVE-2024-39576 | 2024-08-22 | Dell Power Manager (DPM), versions 3.15.0 and prior, contains an... |
| CVE-2022-48942 | 2024-08-22 | hwmon: Handle failure to register sensor with thermal zone correctly |
| CVE-2022-48943 | 2024-08-22 | KVM: x86/mmu: make apf token non-zero to fix bug |
| CVE-2022-48926 | 2024-08-22 | usb: gadget: rndis: add spinlock for rndis response list |
| CVE-2022-48927 | 2024-08-22 | iio: adc: tsc2046: fix memory corruption by preventing array overflow |
| CVE-2022-48928 | 2024-08-22 | iio: adc: men_z188_adc: Fix a resource leak in an error handling path |
| CVE-2022-48929 | 2024-08-22 | bpf: Fix crash due to out of bounds access into reg2btf_ids. |
| CVE-2022-48930 | 2024-08-22 | RDMA/ib_srp: Fix a deadlock |
| CVE-2022-48931 | 2024-08-22 | configfs: fix a race in configfs_{,un}register_subsystem() |
| CVE-2022-48932 | 2024-08-22 | net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte |
| CVE-2022-48933 | 2024-08-22 | netfilter: nf_tables: fix memory leak during stateful obj update |
| CVE-2022-48934 | 2024-08-22 | nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() |
| CVE-2022-48935 | 2024-08-22 | netfilter: nf_tables: unregister flowtable hooks on netns exit |
| CVE-2022-48937 | 2024-08-22 | io_uring: add a schedule point in io_add_buffers() |
| CVE-2022-48938 | 2024-08-22 | CDC-NCM: avoid overflow in sanity checking |
| CVE-2022-48939 | 2024-08-22 | bpf: Add schedule points in batch ops |
| CVE-2022-48940 | 2024-08-22 | bpf: Fix crash due to incorrect copy_map_value |
| CVE-2022-48941 | 2024-08-22 | ice: fix concurrent reset and removal of VFs |
| CVE-2024-39836 | 2024-08-22 | Munged email address used for password resets and notifications |
| CVE-2024-32939 | 2024-08-22 | Email addresses of remote users visible in props regardless of server settings |
| CVE-2024-39810 | 2024-08-22 | Server crash via Elasticsearch certificate file |
| CVE-2024-43813 | 2024-08-22 | IDOR when marking read a user's channel |
| CVE-2024-40886 | 2024-08-22 | One-click Client-Side Path Traversal Leading to CSRF in User Management admin page |
| CVE-2024-42411 | 2024-08-22 | User creation date manipulation in POST /api/v4/users |
| CVE-2024-8071 | 2024-08-22 | System Role with edit access to permissions can elevate themselves to system admin |
| CVE-2024-8072 | 2024-08-22 | Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users |
| CVE-2024-7778 | 2024-08-22 | Orbit Fox by ThemeIsle <= 2.10.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-6870 | 2024-08-22 | Responsive Lightbox & Gallery <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload |
| CVE-2024-35151 | 2024-08-22 | IBM OpenPages information disclosure |
| CVE-2024-39746 | 2024-08-22 | IBM Sterling Connect:Direct Web Services information disclosure |
| CVE-2024-39744 | 2024-08-22 | IBM Sterling Connect:Direct Web Services cross-site request forgery |
| CVE-2024-7848 | 2024-08-22 | User Private Files <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access |
| CVE-2024-39745 | 2024-08-22 | IBM Sterling Connect:Direct Web Services information disclosure |
| CVE-2024-43331 | 2024-08-22 | WordPress WP SMS plugin <= 6.9.3 - Broken Access Control vulnerability |
| CVE-2024-43398 | 2024-08-22 | REXML denial of service vulnerability |
| CVE-2024-43785 | 2024-08-22 | gitoxide-core does not neutralize special characters for terminals |
| CVE-2024-43787 | 2024-08-22 | Hono CSRF middleware can be bypassed using crafted Content-Type header |
| CVE-2024-40884 | 2024-08-22 | Unauthorized disabling of invite URL |
| CVE-2024-42497 | 2024-08-22 | Insufficient permissions checks on teams |
| CVE-2024-43780 | 2024-08-22 | Unauthorized channel file upload |
| CVE-2023-6452 | 2024-08-22 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... |
| CVE-2024-8041 | 2024-08-22 | Uncontrolled Resource Consumption in GitLab |
| CVE-2024-7110 | 2024-08-22 | Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab |
| CVE-2024-6502 | 2024-08-22 | Incorrect Provision of Specified Functionality in GitLab |
| CVE-2024-3127 | 2024-08-22 | Improper Access Control in GitLab |
| CVE-2024-42490 | 2024-08-22 | authentik has Insufficient Authorization for several API endpoints |
| CVE-2024-7634 | 2024-08-22 | NGINX Agent Vulnerability |
| CVE-2024-8088 | 2024-08-22 | Infinite loop when iterating over zip archive entry names from zipfile.Path |
| CVE-2024-39717 | 2024-08-22 | The Versa Director GUI provides an option to customize the... |
| CVE-2024-8075 | 2024-08-22 | TOTOLINK AC1200 T8 setDiagnosisCfg os command injection |
| CVE-2024-39776 | 2024-08-22 | Avtec Outpost Storage of File with Sensitive Data Under Web Root |
| CVE-2024-42418 | 2024-08-22 | Avtec Outpost Use of Hard-coded Cryptographic Key |
| CVE-2024-8076 | 2024-08-22 | TOTOLINK AC1200 T8 setDiagnosisCfg buffer overflow |
| CVE-2024-8077 | 2024-08-22 | TOTOLINK AC1200 T8 setTracerouteCfg os command injection |
| CVE-2024-8078 | 2024-08-22 | TOTOLINK AC1200 T8 setTracerouteCfg buffer overflow |
| CVE-2023-7260 | 2024-08-22 | A path traversal vulnerability has been discovered in OpenText™ CX-E Voice. |
| CVE-2024-8079 | 2024-08-22 | TOTOLINK AC1200 T8 exportOvpn buffer overflow |
| CVE-2024-8080 | 2024-08-22 | SourceCodester Online Health Care System search.php sql injection |
| CVE-2024-43790 | 2024-08-22 | heap-buffer-overflow in do_search() in Vim < 9.1.0689 |
| CVE-2024-8081 | 2024-08-22 | itsourcecode Payroll Management System login.php sql injection |
| CVE-2024-8083 | 2024-08-22 | SourceCodester Online Computer and Laptop Store Master.php sql injection |
| CVE-2024-8084 | 2024-08-22 | SourceCodester Online Computer and Laptop Store Setting SystemSettings.php cross site scripting |
| CVE-2024-8086 | 2024-08-22 | SourceCodester E-Commerce System Admin Login login.php sql injection |
| CVE-2024-8087 | 2024-08-22 | SourceCodester E-Commerce System popup_Item.php sql injection |
| CVE-2024-38209 | 2024-08-22 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2024-38208 | 2024-08-22 | Microsoft Edge for Android Spoofing Vulnerability |
| CVE-2024-38210 | 2024-08-22 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2024-8089 | 2024-08-22 | SourceCodester E-Commerce System controller.php unrestricted upload |
| CVE-2024-32501 | 2024-08-23 | A SQL Injection vulnerability exists in the updateServiceHost functionality in... |
| CVE-2024-33852 | 2024-08-23 | A SQL Injection vulnerability exists in the Downtime component in... |
| CVE-2024-33853 | 2024-08-23 | A SQL Injection vulnerability exists in the Timeperiod component in... |
| CVE-2024-33854 | 2024-08-23 | A SQL Injection vulnerability exists in the Graph Template component... |
| CVE-2024-39841 | 2024-08-23 | A SQL Injection vulnerability exists in the service configuration functionality... |
| CVE-2024-40111 | 2024-08-23 | A persistent (stored) cross-site scripting (XSS) vulnerability has been identified... |
| CVE-2024-42040 | 2024-08-23 | Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from... |
| CVE-2024-42523 | 2024-08-23 | publiccms V4.0.202302.e and before is vulnerable to Any File Upload... |
| CVE-2024-42531 | 2024-08-23 | Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host... |
| CVE-2024-42636 | 2024-08-23 | DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath. |
| CVE-2024-42756 | 2024-08-23 | An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker... |
| CVE-2024-42764 | 2024-08-23 | Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross... |
| CVE-2024-42765 | 2024-08-23 | A SQL injection vulnerability in "/login.php" of the Kashipara Bus... |
| CVE-2024-42766 | 2024-08-23 | Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to... |
| CVE-2024-42845 | 2024-08-23 | An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius... |
| CVE-2024-42852 | 2024-08-23 | Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a... |
| CVE-2024-42914 | 2024-08-23 | A host header injection vulnerability exists in the forgot password... |
| CVE-2024-42915 | 2024-08-23 | A host header injection vulnerability in Staff Appraisal System v1.0... |
| CVE-2024-43031 | 2024-08-23 | autMan v2.9.6 was discovered to contain an access control issue. |
| CVE-2024-43032 | 2024-08-23 | autMan v2.9.6 allows attackers to bypass authentication via a crafted... |
| CVE-2024-44381 | 2024-08-23 | D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in jhttpd... |
| CVE-2024-44382 | 2024-08-23 | D-Link DI_8004W 16.07.26A1 contains a command execution vulnerability in the... |
| CVE-2024-44386 | 2024-08-23 | Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the... |
| CVE-2024-44387 | 2024-08-23 | Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the... |
| CVE-2024-44390 | 2024-08-23 | Tenda FH1206 V1.2.0.8(8155)_EN contains a Buffer Overflow vulnerability via the... |
| CVE-2024-37392 | 2024-08-23 | A stored Cross-Site Scripting (XSS) vulnerability has been identified in... |
| CVE-2024-42918 | 2024-08-23 | itsourcecode Online Accreditation Management System contains a Cross Site Scripting... |