CVE List - 2024 / August
Showing 701 - 800 of 2898 CVEs for August 2024 (Page 8 of 29)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-29082 | 2024-08-08 | Vonets WiFi Bridges Improper Access Control |
| CVE-2024-41936 | 2024-08-08 | Vonets WiFi Bridges Path Traversal |
| CVE-2024-37023 | 2024-08-08 | Vonets WiFi Bridges Command Injection |
| CVE-2024-39815 | 2024-08-08 | Vonets WiFi Bridges Improper Check or Handling of Exceptional Conditions |
| CVE-2024-39791 | 2024-08-08 | Vonets WiFi Bridges Stack-based Buffer Overflow |
| CVE-2024-42001 | 2024-08-08 | Vonets WiFi Bridges Forced Browsing |
| CVE-2024-7272 | 2024-08-08 | FFmpeg swresample.c fill_audiodata heap-based overflow |
| CVE-2024-43167 | 2024-08-08 | Unbound: null pointer dereference in unbound |
| CVE-2024-43168 | 2024-08-08 | Unbound: heap-buffer-overflow in unbound |
| CVE-2024-38218 | 2024-08-08 | Microsoft Edge (HTML-based) Memory Corruption Vulnerability |
| CVE-2024-38219 | 2024-08-08 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2024-38200 | 2024-08-08 | Microsoft Office Spoofing Vulnerability |
| CVE-2024-7006 | 2024-08-08 | Libtiff: null pointer dereference in tif_dirinfo.c |
| CVE-2024-7557 | 2024-08-08 | Odh-dashboard: odh-model-controller: cross-model authentication bypass in openshift ai |
| CVE-2024-7613 | 2024-08-08 | Tenda FH1206 GstDhcpSetSer fromGstDhcpSetSer buffer overflow |
| CVE-2024-5445 | 2024-08-08 | Ecosystem Agent Insufficient Transport Layer Security |
| CVE-2024-7614 | 2024-08-08 | Tenda FH1206 qossetting fromqossetting stack-based overflow |
| CVE-2024-7615 | 2024-08-08 | Tenda FH1206 fromSafeUrlFilter stack-based overflow |
| CVE-2024-7616 | 2024-08-08 | Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection |
| CVE-2024-37283 | 2024-08-08 | Elastic Agent Insertion of Sensitive Information into Log File |
| CVE-2023-50810 | 2024-08-09 | In certain Sonos products before Sonos S1 Release 11.12 and... |
| CVE-2024-37826 | 2024-08-09 | A NULL pointer dereference in vercot Serva v4.6.0 allows attackers... |
| CVE-2024-38989 | 2024-08-09 | izatop bunt v0.29.19 was discovered to contain a prototype pollution... |
| CVE-2024-39338 | 2024-08-09 | axios 1.7.2 allows SSRF via unexpected behavior where requests for... |
| CVE-2024-40472 | 2024-08-09 | Sourcecodester Daily Calories Monitoring Tool v1.0 is vulnerable to SQL... |
| CVE-2024-40479 | 2024-08-09 | A SQL injection vulnerability in "/admin/quizquestion.php" in Kashipara Online Exam... |
| CVE-2024-41332 | 2024-08-09 | Incorrect access control in the delete_category function of Sourcecodester Computer... |
| CVE-2024-41476 | 2024-08-09 | AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is... |
| CVE-2024-41570 | 2024-08-09 | An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling... |
| CVE-2024-41577 | 2024-08-09 | An arbitrary file upload vulnerability in the Ueditor component of... |
| CVE-2023-50809 | 2024-08-09 | In certain Sonos products before S1 Release 11.12 and S2... |
| CVE-2024-40478 | 2024-08-09 | A Stored Cross Site Scripting (XSS) vulnerability was found in... |
| CVE-2024-40480 | 2024-08-09 | A Broken Access Control vulnerability was found in /admin/update.php and... |
| CVE-2024-3279 | 2024-08-09 | Improper Access Control in mintplex-labs/anything-llm |
| CVE-2024-7512 | 2024-08-09 | Concrete CMS Stored XSS in Board instances |
| CVE-2024-4350 | 2024-08-09 | Concrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer |
| CVE-2024-0113 | 2024-08-09 | NVIDIA Mellanox OS, ONYX, Skyway, and MetroX-3 XCC contain a... |
| CVE-2024-0115 | 2024-08-09 | NVIDIA CV-CUDA for Ubuntu 20.04, Ubuntu 22.04, and Jetpack contains... |
| CVE-2024-4360 | 2024-08-09 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag |
| CVE-2024-4359 | 2024-08-09 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.7.2 - Authenticated (Contributor+) Arbitrary File Read |
| CVE-2024-7399 | 2024-08-09 | Improper limitation of a pathname to a restricted directory vulnerability... |
| CVE-2024-6133 | 2024-08-09 | WP eStore < 8.5.6 - Reflected XSS in Customer Search |
| CVE-2024-6136 | 2024-08-09 | WP eStore < 8.5.6 - Settings Reset via CSRF |
| CVE-2024-6158 | 2024-08-09 | Category Posts Widget (Free < 4.9.17, Pro < 4.9.13) - Admin+ Stored XSS |
| CVE-2024-22121 | 2024-08-09 | Zabbix Agent MSI Installer Allows Non-Admin User to Access Change Option via msiexec.exe |
| CVE-2024-22122 | 2024-08-09 | AT(GSM) Command Injection |
| CVE-2024-36460 | 2024-08-09 | Front-end audit log shows passwords in plaintext |
| CVE-2024-7382 | 2024-08-09 | Linkify Text <= 1.9.1 - Unauthenticated Full Path Disclosure |
| CVE-2024-7413 | 2024-08-09 | Obfuscate Email <= 3.8.1 - Unauthenticated Full Path Disclosure |
| CVE-2024-7414 | 2024-08-09 | PDF Builder for WPForms <= 1.2.116 - Unauthenticated Full Path Disclosure |
| CVE-2024-7416 | 2024-08-09 | Reveal Template <= 3.7 - Unauthenticated Full Path Disclosure |
| CVE-2024-7412 | 2024-08-09 | No Update Nag <= 1.4.12 - Unauthenticated Full Path Disclosure |
| CVE-2024-7410 | 2024-08-09 | My Custom CSS PHP & ADS <= 3.3 - Unauthenticated Full Path Disclosure |
| CVE-2024-6562 | 2024-08-09 | affiliate-toolkit <= 3.5.5 - Unauthenticated Full Path Dislcosure |
| CVE-2024-36461 | 2024-08-09 | Direct access to memory pointers within the JS engine for modification |
| CVE-2024-36462 | 2024-08-09 | Allocation of resources without limits or throttling (uncontrolled resource consumption) |
| CVE-2024-22114 | 2024-08-09 | System Information Widget in Global View Dashboard exposes information about Hosts to Users without Permission |
| CVE-2024-22116 | 2024-08-09 | Remote code execution within ping script |
| CVE-2024-7408 | 2024-08-09 | Information Disclosure Vulnerability in Airveda Air Quality Monitor |
| CVE-2024-22123 | 2024-08-09 | Zabbix Arbitrary File Read |
| CVE-2024-7635 | 2024-08-09 | code-projects Simple Ticket Booking Registration register_insert.php sql injection |
| CVE-2024-7636 | 2024-08-09 | code-projects Simple Ticket Booking Login authenticate.php sql injection |
| CVE-2024-7637 | 2024-08-09 | code-projects Online Polling Registration registeracc.php sql injection |
| CVE-2024-7638 | 2024-08-09 | SourceCodester Kortex Lite Advocate Office Management System delete_client.php sql injection |
| CVE-2024-7639 | 2024-08-09 | SourceCodester Kortex Lite Advocate Office Management System delete_act.php sql injection |
| CVE-2024-7640 | 2024-08-09 | SourceCodester Kortex Lite Advocate Office Management System delete_register.php sql injection |
| CVE-2024-29831 | 2024-08-09 | Apache DolphinScheduler: RCE by arbitrary js execution |
| CVE-2024-30188 | 2024-08-09 | Apache DolphinScheduler: Resource File Read And Write Vulnerability |
| CVE-2024-7641 | 2024-08-09 | SourceCodester Kortex Lite Advocate Office Management System deactivate_act.php sql injection |
| CVE-2024-41890 | 2024-08-09 | Apache Answer: The link to reset the user's password will remain valid after sending a new link |
| CVE-2024-41888 | 2024-08-09 | Apache Answer: The link for resetting user password is not Single-Use |
| CVE-2024-7642 | 2024-08-09 | SourceCodester Kortex Lite Advocate Office Management System activate_act.php sql injection |
| CVE-2024-7643 | 2024-08-09 | SourceCodester Leads Manager Tool Delete Leads delete-leads.php sql injection |
| CVE-2024-7644 | 2024-08-09 | SourceCodester Leads Manager Tool Add Leads add-leads.php cross site scripting |
| CVE-2024-7645 | 2024-08-09 | SourceCodester Clinics Patient Management System User Page users.php cross-site request forgery |
| CVE-2023-38018 | 2024-08-09 | IBM Aspera Shares session fixation |
| CVE-2023-31315 | 2024-08-09 | Improper validation in a model specific register (MSR) could allow... |
| CVE-2024-32765 | 2024-08-09 | QTS, QuTS hero |
| CVE-2024-42367 | 2024-08-09 | In aiohttp, compressed files as symlinks are not protected from path traversal |
| CVE-2024-42470 | 2024-08-09 | CometVisu Backend for openHAB has a sensitive information disclosure vulnerability |
| CVE-2024-42467 | 2024-08-09 | CometVisu Backend for openHAB affected by SSRF/XSS |
| CVE-2024-42468 | 2024-08-09 | Path traversal (CometVisu) |
| CVE-2024-42469 | 2024-08-09 | CometVisu Backend for openHAB affected by RCE through path traversal |
| CVE-2024-42370 | 2024-08-09 | Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow |
| CVE-2024-42473 | 2024-08-09 | OpenFGA Authorization Bypass |
| CVE-2024-6691 | 2024-08-10 | Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Currency Settings |
| CVE-2024-7621 | 2024-08-10 | Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update |
| CVE-2024-6692 | 2024-08-10 | Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Agreement Text |
| CVE-2024-7503 | 2024-08-10 | WooCommerce - Social Login <= 2.7.5 - Authentication Bypass to Account Takeover |
| CVE-2024-7648 | 2024-08-10 | Opal Membership <= 1.2.4 - Authenticated (Subscriber+) Information Disclosure |
| CVE-2024-7649 | 2024-08-10 | Opal Membership <= 1.2.4 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-5800 | 2024-08-10 | Diffie-Hellman groups with insufficient strength used in SSL/TLS stack of B&R Automation Runtime |
| CVE-2024-5801 | 2024-08-10 | IP Forwarding enabled in B&R Automation Runtime |
| CVE-2024-7574 | 2024-08-10 | Christmasify! <= 1.5.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-6134 | 2024-08-10 | WP eStore < 8.5.6 - Reflected XSS in Product Editing |
| CVE-2024-21881 | 2024-08-10 | Upload of encrypted packages allows authenticated command execution in Enphase IQ Gateway v4.x and v5.x |
| CVE-2024-21880 | 2024-08-10 | URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway version 4.x <= 7.x |
| CVE-2024-21878 | 2024-08-10 | Command Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.x to and including 8.x |
| CVE-2024-21877 | 2024-08-10 | Insecure File Generation Based on User Input in Enphase IQ Gateway version 4.x to 8.x and < 8.2.4225 |
| CVE-2024-21879 | 2024-08-10 | URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225 |