CVE List - 2024 / August
Showing 501 - 600 of 2898 CVEs for August 2024 (Page 6 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-41247 | 2024-08-07 | An Incorrect Access Control vulnerability was found in /smsa/add_class.php and /smsa/add_class_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new class entry. |
| CVE-2024-41248 | 2024-08-07 | An Incorrect Access Control vulnerability was found in /smsa/add_subject.php and /smsa/add_subject_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to add a new subject entry. |
| CVE-2024-41249 | 2024-08-07 | An Incorrect Access Control vulnerability was found in /smsa/view_subject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details. |
| CVE-2024-41252 | 2024-08-07 | An Incorrect Access Control vulnerability was found in /smsa/admin_student_register_approval.php and /smsa/admin_student_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve student registration. |
| CVE-2024-41308 | 2024-08-07 | An issue in the Ping feature of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. |
| CVE-2024-41309 | 2024-08-07 | An issue in the Hardware info module of IT Solutions Enjay CRM OS v1.0 allows attackers to escape the restricted terminal environment and gain root-level privileges on the underlying system. |
| CVE-2024-41432 | 2024-08-07 | An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by... |
| CVE-2024-43199 | 2024-08-07 | Nagios NDOUtils before 2.1.4 allows privilege escalation from nagios to root because certain executable files are owned by the nagios user. |
| CVE-2024-41243 | 2024-08-07 | An Incorrect Access Control vulnerability was found in /smsa/view_marks.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view MARKS details. |
| CVE-2024-41246 | 2024-08-07 | An Incorrect Access Control vulnerability was found in /smsa/admin_dashboard.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view administrator dashboard. |
| CVE-2024-41250 | 2024-08-07 | An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT details. |
| CVE-2024-41251 | 2024-08-07 | An Incorrect Access Control vulnerability was found in /smsa/admin_teacher_register_approval.php and /smsa/admin_teacher_register_approval_submit.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view and approve Teacher registration. |
| CVE-2024-41989 | 2024-08-07 | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a... |
| CVE-2024-41990 | 2024-08-07 | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs... |
| CVE-2024-41991 | 2024-08-07 | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack... |
| CVE-2024-42005 | 2024-08-07 | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases... |
| CVE-2024-34604 | 2024-08-07 | Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. |
| CVE-2024-34605 | 2024-08-07 | Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. |
| CVE-2024-34606 | 2024-08-07 | Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. |
| CVE-2024-34607 | 2024-08-07 | Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. |
| CVE-2024-34608 | 2024-08-07 | Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. |
| CVE-2024-34609 | 2024-08-07 | Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. |
| CVE-2024-34610 | 2024-08-07 | Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data. |
| CVE-2024-34611 | 2024-08-07 | Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information. |
| CVE-2024-34612 | 2024-08-07 | Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. |
| CVE-2024-34613 | 2024-08-07 | Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch. |
| CVE-2024-34614 | 2024-08-07 | Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. |
| CVE-2024-34615 | 2024-08-07 | Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption. |
| CVE-2024-34616 | 2024-08-07 | Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data. |
| CVE-2024-34617 | 2024-08-07 | Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application. |
| CVE-2024-34618 | 2024-08-07 | Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information. |
| CVE-2024-34619 | 2024-08-07 | Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. |
| CVE-2024-34620 | 2024-08-07 | Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service. |
| CVE-2024-34621 | 2024-08-07 | Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. |
| CVE-2024-34622 | 2024-08-07 | Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. |
| CVE-2024-34623 | 2024-08-07 | Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. |
| CVE-2024-34624 | 2024-08-07 | Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. |
| CVE-2024-34625 | 2024-08-07 | Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. |
| CVE-2024-34626 | 2024-08-07 | Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. |
| CVE-2024-34627 | 2024-08-07 | Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. |
| CVE-2024-34628 | 2024-08-07 | Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. |
| CVE-2024-34629 | 2024-08-07 | Out-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. |
| CVE-2024-34630 | 2024-08-07 | Out-of-bounds read in applying own binary with textbox in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. |
| CVE-2024-34631 | 2024-08-07 | Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. |
| CVE-2024-34632 | 2024-08-07 | Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. |
| CVE-2024-34633 | 2024-08-07 | Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. |
| CVE-2024-34634 | 2024-08-07 | Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. |
| CVE-2024-34635 | 2024-08-07 | Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. |
| CVE-2024-34636 | 2024-08-07 | Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information. |
| CVE-2024-34788 | 2024-08-07 | An improper authentication vulnerability in web component of EPMM prior to 12.1.0.1 allows a remote malicious user to access potentially sensitive information |
| CVE-2024-37403 | 2024-08-07 | Ivanti Docs@Work for Android, before 2.26.0 is affected by the 'Dirty Stream' vulnerability. The application fails to properly sanitize file names, resulting in a path traversal-affiliated vulnerability. This potentially enables... |
| CVE-2024-36132 | 2024-08-07 | Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attacker to bypass authentication and access sensitive resources. |
| CVE-2024-36131 | 2024-08-07 | An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the appliance. |
| CVE-2024-36130 | 2024-08-07 | An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an unauthorized attacker within the network to execute arbitrary commands on the underlying operating system of the... |
| CVE-2024-3973 | 2024-08-07 | House Manager <= 1.0.8.4 - Reflected XSS |
| CVE-2024-6494 | 2024-08-07 | WordPress File Upload < 4.24.8 - Unauthenticated Stored XSS |
| CVE-2024-42222 | 2024-08-07 | Apache CloudStack: Unauthorised Network List Access |
| CVE-2024-42062 | 2024-08-07 | Apache CloudStack: User Key Exposure to Domain Admins |
| CVE-2024-5290 | 2024-08-07 | An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs... |
| CVE-2024-7553 | 2024-08-07 | Accessing Untrusted Directory May Allow Local Privilege Escalation |
| CVE-2024-7265 | 2024-08-07 | Privilege Escalation in EZD RP |
| CVE-2024-7266 | 2024-08-07 | Users listing in EZD RP |
| CVE-2024-7267 | 2024-08-07 | Internal infrastructure data leak in EZD RP |
| CVE-2024-6522 | 2024-08-07 | Modern Events Calendar <= 7.12.1 - Authenticated (Subscriber+) Server Side Request Forgery |
| CVE-2024-7353 | 2024-08-07 | Accept Stripe Payments <= 2.0.86 - Authenticated (Contributor+) Stored Cross-Site Scripting via accept_stripe_payment_ng Shortcode |
| CVE-2024-7355 | 2024-08-07 | Organization chart <= 1.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title_input and node_description Parameters |
| CVE-2024-7578 | 2024-08-07 | Alien Technology ALR-F800 cmd.php improper authorization |
| CVE-2024-43044 | 2024-08-07 | Jenkins 2.470 and earlier, LTS 2.452.3 and earlier allows agent processes to read arbitrary files from the Jenkins controller file system by using the `ClassLoaderProxy#fetchJar` method in the Remoting library. |
| CVE-2024-43045 | 2024-08-07 | Jenkins 2.470 and earlier, LTS 2.452.3 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to access other users' "My Views". |
| CVE-2024-7579 | 2024-08-07 | Alien Technology ALR-F800 File Name upgrade.cgi popen os command injection |
| CVE-2024-7580 | 2024-08-07 | Alien Technology ALR-F800 system.html os command injection |
| CVE-2024-7581 | 2024-08-07 | Tenda A301 WifiBasicSet formWifiBasicSet stack-based overflow |
| CVE-2024-42232 | 2024-08-07 | libceph: fix race between delayed_work() and ceph_monc_stop() |
| CVE-2024-42233 | 2024-08-07 | filemap: replace pte_offset_map() with pte_offset_map_nolock() |
| CVE-2024-42234 | 2024-08-07 | mm: fix crashes from deferred split racing folio migration |
| CVE-2024-42235 | 2024-08-07 | s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() |
| CVE-2024-42236 | 2024-08-07 | usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() |
| CVE-2024-42237 | 2024-08-07 | firmware: cs_dsp: Validate payload length before processing block |
| CVE-2024-42238 | 2024-08-07 | firmware: cs_dsp: Return error if block header overflows file |
| CVE-2024-42239 | 2024-08-07 | bpf: Fail bpf_timer_cancel when callback is being cancelled |
| CVE-2024-42240 | 2024-08-07 | x86/bhi: Avoid warning in #DB handler due to BHI mitigation |
| CVE-2024-42241 | 2024-08-07 | mm/shmem: disable PMD-sized page cache if needed |
| CVE-2024-42242 | 2024-08-07 | mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZE |
| CVE-2024-42243 | 2024-08-07 | mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray |
| CVE-2024-42244 | 2024-08-07 | USB: serial: mos7840: fix crash on resume |
| CVE-2024-42245 | 2024-08-07 | Revert "sched/fair: Make sure to try to detach at least one movable task" |
| CVE-2024-42246 | 2024-08-07 | net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket |
| CVE-2024-42247 | 2024-08-07 | wireguard: allowedips: avoid unaligned 64-bit memory accesses |
| CVE-2024-42248 | 2024-08-07 | tty: serial: ma35d1: Add a NULL check for of_node |
| CVE-2024-42249 | 2024-08-07 | spi: don't unoptimize message in spi_async() |
| CVE-2024-42250 | 2024-08-07 | cachefiles: add missing lock protection when polling |
| CVE-2024-7582 | 2024-08-07 | Tenda i22 apPortalAccessCodeAuth formApPortalAccessCodeAuth buffer overflow |
| CVE-2024-7583 | 2024-08-07 | Tenda i22 apPortalOneKeyAuth formApPortalOneKeyAuth buffer overflow |
| CVE-2024-7584 | 2024-08-07 | Tenda i22 apPortalPhoneAuth formApPortalPhoneAuth buffer overflow |
| CVE-2024-7061 | 2024-08-07 | Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2... |
| CVE-2024-20443 | 2024-08-07 | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is... |
| CVE-2024-20479 | 2024-08-07 | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is... |
| CVE-2024-20450 | 2024-08-07 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to... |
| CVE-2024-20454 | 2024-08-07 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to... |
| CVE-2024-20451 | 2024-08-07 | Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to... |