CVE List - 2024 / August
Showing 401 - 500 of 2898 CVEs for August 2024 (Page 5 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-33966 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-33967 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-33968 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-33969 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-33970 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-33971 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-33972 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-33973 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-33974 | 2024-08-06 | SQL injection in Janobe products |
| CVE-2024-7551 | 2024-08-06 | juzaweb CMS Theme Editor default path traversal |
| CVE-2024-7518 | 2024-08-06 | Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR <... |
| CVE-2024-7519 | 2024-08-06 | Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox <... |
| CVE-2024-7520 | 2024-08-06 | A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird <... |
| CVE-2024-7521 | 2024-08-06 | Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird <... |
| CVE-2024-7522 | 2024-08-06 | Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1,... |
| CVE-2024-7524 | 2024-08-06 | Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to... |
| CVE-2024-7525 | 2024-08-06 | It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site.... |
| CVE-2024-7526 | 2024-08-06 | ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ESR... |
| CVE-2024-7527 | 2024-08-06 | Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird <... |
| CVE-2024-7528 | 2024-08-06 | Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. |
| CVE-2024-7529 | 2024-08-06 | The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox... |
| CVE-2024-7531 | 2024-08-06 | Calling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the... |
| CVE-2024-7523 | 2024-08-06 | A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only affects Android versions of... |
| CVE-2024-7530 | 2024-08-06 | Incorrect garbage collection interaction could have led to a use-after-free. This vulnerability affects Firefox < 129. |
| CVE-2024-43114 | 2024-08-06 | In JetBrains TeamCity before 2024.07.1 possible privilege escalation due to incorrect directory permissions |
| CVE-2024-33982 | 2024-08-06 | Cross-Site Scripting (XSS) vulnerability in Janobe products |
| CVE-2024-33983 | 2024-08-06 | Cross-Site Scripting (XSS) vulnerability in Janobe products |
| CVE-2024-33984 | 2024-08-06 | Cross-Site Scripting (XSS) vulnerability in Janobe products |
| CVE-2024-33985 | 2024-08-06 | Cross-Site Scripting (XSS) vulnerability in Janobe products |
| CVE-2024-33986 | 2024-08-06 | Cross-Site Scripting (XSS) vulnerability in Janobe products |
| CVE-2024-33987 | 2024-08-06 | Cross-Site Scripting (XSS) vulnerability in Janobe products |
| CVE-2024-33988 | 2024-08-06 | Cross-Site Scripting (XSS) vulnerability in Janobe products |
| CVE-2024-33989 | 2024-08-06 | Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System |
| CVE-2024-33990 | 2024-08-06 | Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System |
| CVE-2024-33991 | 2024-08-06 | Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System |
| CVE-2024-33992 | 2024-08-06 | Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System |
| CVE-2024-6358 | 2024-08-06 | Incorrect Authorization vulnerability |
| CVE-2024-6359 | 2024-08-06 | Privilege escalation vulnerability |
| CVE-2024-6357 | 2024-08-06 | Insecure Direct Object Reference vulnerability |
| CVE-2024-33993 | 2024-08-06 | Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System |
| CVE-2024-33994 | 2024-08-06 | Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System |
| CVE-2024-41913 | 2024-08-06 | Clariti Manager – Arbitrary File Upload |
| CVE-2024-41910 | 2024-08-06 | A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used. |
| CVE-2024-41911 | 2024-08-06 | A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation. |
| CVE-2024-7552 | 2024-08-06 | DataGear Data Schema Page ConversionSqlParamValueMapper.java evaluateVariableExpression expression language injection |
| CVE-2024-39751 | 2024-08-06 | IBM InfoSphere Information Server information disclosure |
| CVE-2024-23456 | 2024-08-06 | Signature validation issue leads to Anti-Tampering bypass |
| CVE-2024-23458 | 2024-08-06 | Local Privilege Escalation on Zscaler Client Connector on Windows |
| CVE-2024-23464 | 2024-08-06 | Zscaler bypass with administrative privileges on Windows |
| CVE-2024-6720 | 2024-08-06 | Light Poll <= 1.0.0 - Poll Answers Deletion via CSRF |
| CVE-2024-23460 | 2024-08-06 | Incorrect signature validation of package |
| CVE-2024-23483 | 2024-08-06 | Local Privilege Escalation via lack of input validation |
| CVE-2024-6988 | 2024-08-06 | Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2024-6989 | 2024-08-06 | Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-6991 | 2024-08-06 | Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-6994 | 2024-08-06 | Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| CVE-2024-6995 | 2024-08-06 | Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents... |
| CVE-2024-6996 | 2024-08-06 | Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted... |
| CVE-2024-6997 | 2024-08-06 | Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption... |
| CVE-2024-6998 | 2024-08-06 | Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap... |
| CVE-2024-6999 | 2024-08-06 | Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a... |
| CVE-2024-7000 | 2024-08-06 | Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption... |
| CVE-2024-7001 | 2024-08-06 | Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a... |
| CVE-2024-7003 | 2024-08-06 | Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a... |
| CVE-2024-7004 | 2024-08-06 | Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass... |
| CVE-2024-7005 | 2024-08-06 | Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass... |
| CVE-2023-28806 | 2024-08-06 | Signature validation error in DLL allows disabling anti-tampering protection |
| CVE-2024-7564 | 2024-08-06 | Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability |
| CVE-2024-43112 | 2024-08-06 | Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129. |
| CVE-2024-43113 | 2024-08-06 | The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. |
| CVE-2024-43111 | 2024-08-06 | Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129. |
| CVE-2024-7502 | 2024-08-06 | Delta Electronics DIAScreen Stack-Based Buffer Overflow |
| CVE-2024-42358 | 2024-08-06 | Loop with Unreachable Exit Condition ('Infinite Loop') in pdfio |
| CVE-2024-42347 | 2024-08-06 | URL preview setting for a room is controllable by the homeserver in matrix-react-sdk |
| CVE-2024-41677 | 2024-08-06 | Cross-site Scripting (XSS) vulnerability due to improper HTML escaping in qwik |
| CVE-2024-42397 | 2024-08-06 | Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the AP Certificate Management Service Accessed by the PAPI Protocol |
| CVE-2024-42396 | 2024-08-06 | Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the AP Certificate Management Service Accessed by the PAPI Protocol |
| CVE-2024-42395 | 2024-08-06 | Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the AP Certificate Management Service Accessed by the PAPI Protocol |
| CVE-2024-42394 | 2024-08-06 | Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol |
| CVE-2024-42393 | 2024-08-06 | Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol |
| CVE-2024-42398 | 2024-08-06 | Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol |
| CVE-2024-42399 | 2024-08-06 | Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol |
| CVE-2024-42400 | 2024-08-06 | Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol |
| CVE-2024-7532 | 2024-08-06 | Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2024-7533 | 2024-08-06 | Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:... |
| CVE-2024-7534 | 2024-08-06 | Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-7535 | 2024-08-06 | Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-7536 | 2024-08-06 | Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-7550 | 2024-08-06 | Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-38166 | 2024-08-06 | Microsoft Dynamics 365 Cross-site Scripting Vulnerability |
| CVE-2024-38206 | 2024-08-06 | Microsoft Copilot Studio Information Disclosure Vulnerability |
| CVE-2024-34479 | 2024-08-07 | SourceCodester Computer Laboratory Management System 1.0 allows classes/Master.php id SQL Injection. |
| CVE-2024-34480 | 2024-08-07 | SourceCodester Computer Laboratory Management System 1.0 allows admin/category/view_category.php id SQL Injection. |
| CVE-2024-41237 | 2024-08-07 | A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter. |
| CVE-2024-41239 | 2024-08-07 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/smsa/add_class_submit.php" in Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "class_name" parameter field. |
| CVE-2024-41240 | 2024-08-07 | A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/teacher_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the "error"... |
| CVE-2024-41241 | 2024-08-07 | A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter. |
| CVE-2024-41242 | 2024-08-07 | A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter. |
| CVE-2024-41244 | 2024-08-07 | An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details. |
| CVE-2024-41245 | 2024-08-07 | An Incorrect Access Control vulnerability was found in /smsa/view_teachers.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view TEACHER details. |