CVE List - 2024 / August
Showing 201 - 300 of 2898 CVEs for August 2024 (Page 3 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-6709 | 2024-08-03 | Sync Post With Other Site <= 1.6 - Missing Authorization to Authenticated (Subscriber+) Post Creation and Update |
| CVE-2024-6872 | 2024-08-03 | Build Your Dream Website Fast with 400+ Starter Templates and Landing Pages, No Coding Needed, One-Click Import for Elementor & Gutenberg Blocks! – TemplateSpare <= 2.4.2 - Missing Authorization to Authenticated (Subscriber+) Theme Update |
| CVE-2024-38321 | 2024-08-03 | IBM Business Automation Workflow information disclosure |
| CVE-2024-7436 | 2024-08-03 | D-Link DI-8100 msp_info.htm msp_info_htm command injection |
| CVE-2024-7437 | 2024-08-03 | SimpleMachines SMF Delete User index.php resource injection |
| CVE-2024-37286 | 2024-08-03 | APM Server Insertion of Sensitive Information into Log File |
| CVE-2024-7438 | 2024-08-03 | SimpleMachines SMF User Alert Read Status index.php resource injection |
| CVE-2024-7439 | 2024-08-03 | Vivotek CC8160 httpd read stack-based overflow |
| CVE-2024-7440 | 2024-08-03 | Vivotek CC8160 upload_file.cgi getenv command injection |
| CVE-2024-7441 | 2024-08-03 | Vivotek SD9364 httpd read stack-based overflow |
| CVE-2024-7442 | 2024-08-03 | Vivotek SD9364 upload_file.cgi getenv command injection |
| CVE-2024-7443 | 2024-08-03 | Vivotek IB8367A upload_file.cgi getenv command injection |
| CVE-2024-7444 | 2024-08-03 | itsourcecode Ticket Reservation System Login Page login.php sql injection |
| CVE-2024-7445 | 2024-08-03 | itsourcecode Ticket Reservation System checkout_ticket_save.php sql injection |
| CVE-2024-7446 | 2024-08-03 | itsourcecode Ticket Reservation System list_tickets.php sql injection |
| CVE-2024-6331 | 2024-08-04 | Injection by Prompt Injection in stitionai/devika |
| CVE-2024-7449 | 2024-08-04 | itsourcecode Placement Management System login.php sql injection |
| CVE-2024-7450 | 2024-08-04 | itsourcecode Placement Management System Image resume_upload.php unrestricted upload |
| CVE-2024-7451 | 2024-08-04 | itsourcecode Placement Management System apply_now.php sql injection |
| CVE-2024-7452 | 2024-08-04 | itsourcecode Placement Management System view_company.php sql injection |
| CVE-2024-7453 | 2024-08-04 | FastAdmin Attachment Management Section 4 cross site scripting |
| CVE-2024-7454 | 2024-08-04 | SourceCodester Clinics Patient Management System patients.php patient_name sql injection |
| CVE-2024-7455 | 2024-08-04 | itsourcecode Tailoring Management System partedit.php sql injection |
| CVE-2024-35143 | 2024-08-04 | IBM Planning Analytics Local missing authentication |
| CVE-2024-7458 | 2024-08-04 | elunez eladmin Database Management/Deployment Management upload path traversal |
| CVE-2024-7459 | 2024-08-04 | OSWAPP Warehouse Inventory System edit_account.php cross-site request forgery |
| CVE-2024-7460 | 2024-08-04 | OSWAPP Warehouse Inventory System change_password.php cross-site request forgery |
| CVE-2024-7461 | 2024-08-04 | ForIP Tecnologia Administração PABX monitcallcenter authMonitCallcenter sql injection |
| CVE-2024-40096 | 2024-08-05 | The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensitive information in the system log. |
| CVE-2024-40498 | 2024-08-05 | SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php |
| CVE-2024-41200 | 2024-08-05 | A segmentation fault in KMPlayer v4.2.2.65 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file. |
| CVE-2024-41376 | 2024-08-05 | dzzoffice 2.02.1 is vulnerable to Directory Traversal via user/space/about.php. |
| CVE-2024-41380 | 2024-08-05 | microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\tags\add_tagging_tagged.php. |
| CVE-2024-41381 | 2024-08-05 | microweber 2.0.16 was discovered to contain a Cross Site Scripting (XSS) vulnerability via userfiles\modules\settings\admin.php. |
| CVE-2024-42010 | 2024-08-05 | mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information. |
| CVE-2024-40530 | 2024-08-05 | A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header. |
| CVE-2024-40531 | 2024-08-05 | A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile... |
| CVE-2024-42008 | 2024-08-05 | A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail... |
| CVE-2024-42009 | 2024-08-05 | A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that... |
| CVE-2024-7462 | 2024-08-05 | TOTOLINK N350RT cstecgi.cgi setWizardCfg buffer overflow |
| CVE-2024-7463 | 2024-08-05 | TOTOLINK CP900 cstecgi.cgi UploadCustomModule buffer overflow |
| CVE-2024-7464 | 2024-08-05 | TOTOLINK CP900 Telnet Service setTelnetCfg command injection |
| CVE-2024-7465 | 2024-08-05 | TOTOLINK CP450 cstecgi.cgi loginauth buffer overflow |
| CVE-2024-7466 | 2024-08-05 | PMWeb Web Application Firewall cross site scripting |
| CVE-2024-7467 | 2024-08-05 | Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_ip_network.php sslvpn_config_mod os command injection |
| CVE-2024-7468 | 2024-08-05 | Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_service_manage.php sslvpn_config_mod os command injection |
| CVE-2024-7469 | 2024-08-05 | Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_vpn_web_custom.php sslvpn_config_mod os command injection |
| CVE-2024-7470 | 2024-08-05 | Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface vpn_template_style.php sslvpn_config_mod os command injection |
| CVE-2024-6117 | 2024-08-05 | Hamastar MeetingHub Paperless Meetings - Unrestricted Upload of File with Dangerous Type |
| CVE-2024-6118 | 2024-08-05 | Hamastar MeetingHub Paperless Meetings - Plaintext Storage of a Password |
| CVE-2024-39713 | 2024-08-05 | A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. |
| CVE-2024-39838 | 2024-08-05 | ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15 uses hard-coded credentials, which may allow a network-adjacent attacker with an administrative privilege to alter the configuration of the device. |
| CVE-2024-41720 | 2024-08-05 | Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device. |
| CVE-2024-41889 | 2024-08-05 | Multiple Pimax products accept WebSocket connections from unintended endpoints. If this vulnerability is exploited, arbitrary code may be executed by a remote unauthenticated attacker. |
| CVE-2024-2232 | 2024-08-05 | Himer - Social Questions and Answers < 2.1.3 - CSRF While Sending the Invites |
| CVE-2024-3636 | 2024-08-05 | Pinpoint Booking System < 2.9.9.4.8 - Admin+ Stored XSS |
| CVE-2024-5081 | 2024-08-05 | WP eMember <= v10.7.0 - Stored XSS via CSRF |
| CVE-2024-6270 | 2024-08-05 | Community Events < 1.5.1 - Admin+ Stored XSS |
| CVE-2024-6498 | 2024-08-05 | CollectChat < 2.4.4 - Admin+ XSS |
| CVE-2024-6710 | 2024-08-05 | Ditty < 3.1.45 - Author+ Stored XSS |
| CVE-2024-42447 | 2024-08-05 | Apache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow |
| CVE-2024-38856 | 2024-08-05 | Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code |
| CVE-2024-36448 | 2024-08-05 | Apache IoTDB Workbench: SSRF Vulnerability (EOL) |
| CVE-2024-2937 | 2024-08-05 | Mali GPU Kernel Driver allows improper GPU memory processing operations |
| CVE-2024-4607 | 2024-08-05 | Mali GPU Kernel Driver allows improper GPU memory processing operations |
| CVE-2024-6472 | 2024-08-05 | Ability to trust not validated macro signatures removed in high security mode |
| CVE-2024-7395 | 2024-08-05 | Insufficient Authentication |
| CVE-2024-7383 | 2024-08-05 | Libnbd: nbd server improper certificate validation |
| CVE-2024-7409 | 2024-08-05 | Qemu: denial of service via improper synchronization in qemu nbd server during socket closure |
| CVE-2024-7396 | 2024-08-05 | Plaintext Communication |
| CVE-2024-7397 | 2024-08-05 | Unauthenticated Command Injection |
| CVE-2024-21459 | 2024-08-05 | Buffer Over-read in WLAN HOST |
| CVE-2024-21467 | 2024-08-05 | Buffer Over-read in WLAN Host Communication |
| CVE-2024-21479 | 2024-08-05 | Buffer Over-read in Audio |
| CVE-2024-21481 | 2024-08-05 | Improper Restriction of Operations within the Bounds of a Memory Buffer in Hypervisor |
| CVE-2024-23350 | 2024-08-05 | Reachable Assertion in Multi Mode Call Processor |
| CVE-2024-23352 | 2024-08-05 | Loop with Unreachable Exit Condition (`Infinite Loop`) in Multi Mode Call Processor |
| CVE-2024-23353 | 2024-08-05 | Buffer Over-read in Multi Mode Call Processor |
| CVE-2024-23355 | 2024-08-05 | Improper Restriction of Operations within the Bounds of a Memory Buffer in Automotive |
| CVE-2024-23356 | 2024-08-05 | Improper Restriction of Operations within the Bounds of a Memory Buffer in HLOS |
| CVE-2024-23357 | 2024-08-05 | NULL Pointer Dereference in HLOS |
| CVE-2024-23381 | 2024-08-05 | Use After Free in Graphics Linux |
| CVE-2024-23382 | 2024-08-05 | Use After Free in Graphics Linux |
| CVE-2024-23383 | 2024-08-05 | Use After Free in Graphics Linux |
| CVE-2024-23384 | 2024-08-05 | Use After Free in Graphics Linux |
| CVE-2024-33010 | 2024-08-05 | Use After Free in WLAN Host |
| CVE-2024-33011 | 2024-08-05 | Buffer Over-read in WLAN Host |
| CVE-2024-33012 | 2024-08-05 | Buffer Over-read in WLAN Host |
| CVE-2024-33013 | 2024-08-05 | Buffer Over-read in WLAN Host |
| CVE-2024-33014 | 2024-08-05 | Buffer Over-read in WLAN Host |
| CVE-2024-33015 | 2024-08-05 | Buffer Over-read in WLAN Host |
| CVE-2024-33018 | 2024-08-05 | Buffer Over-read in WLAN Host |
| CVE-2024-33019 | 2024-08-05 | Buffer Over-read in WLAN Host |
| CVE-2024-33020 | 2024-08-05 | Buffer Over-read in WLAN HOST |
| CVE-2024-33021 | 2024-08-05 | Use of Uninitialized Variable in Automotive GPU |
| CVE-2024-33022 | 2024-08-05 | Integer Overflow or Wraparound in Automotive GPU |
| CVE-2024-33023 | 2024-08-05 | Use After Free in Graphics Linux |
| CVE-2024-33024 | 2024-08-05 | Integer Overflow or Wraparound in WLAN Host |
| CVE-2024-33025 | 2024-08-05 | Buffer Over-read in WLAN Host |
| CVE-2024-33026 | 2024-08-05 | Buffer Over-read in WLAN Host |