CVE List - 2024 / September
Showing 1201 - 1300 of 2516 CVEs for September 2024 (Page 13 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-8281 | 2024-09-13 | An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection through specially crafted command line input in... |
| CVE-2024-45101 | 2024-09-13 | A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can... |
| CVE-2024-45103 | 2024-09-13 | A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges. |
| CVE-2024-45104 | 2024-09-13 | A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call. |
| CVE-2024-45105 | 2024-09-13 | An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary... |
| CVE-2024-8782 | 2024-09-13 | JFinalCMS edit delete path traversal |
| CVE-2024-8783 | 2024-09-13 | OpenTibiaBR MyAAC Post Reply new_post.php cross site scripting |
| CVE-2024-8784 | 2024-09-13 | QDocs Smart School Management System Chat mynewuser sql injection |
| CVE-2024-5754 | 2024-09-13 | BT: Encryption procedure host vulnerability |
| CVE-2024-6258 | 2024-09-13 | BT: Missing length checks of net_buf in rfcomm_handle_data |
| CVE-2024-5931 | 2024-09-13 | BT: Unchecked user input in bap_broadcast_assistant |
| CVE-2024-6135 | 2024-09-13 | BT:Classic: Multiple missing buf length checks |
| CVE-2024-6137 | 2024-09-13 | BT: Classic: SDP OOB access in get_att_search_list |
| CVE-2024-6259 | 2024-09-13 | BT: HCI: adv_ext_report Improper discarding in adv_ext_report |
| CVE-2024-29779 | 2024-09-13 | there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is... |
| CVE-2024-44092 | 2024-09-13 | There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2024-44093 | 2024-09-13 | In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-44094 | 2024-09-13 | In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2024-44095 | 2024-09-13 | In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution... |
| CVE-2024-44096 | 2024-09-13 | there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for... |
| CVE-2022-3459 | 2024-09-14 | WooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding |
| CVE-2024-8271 | 2024-09-14 | FOX – Currency Switcher Professional for WooCommerce <= 1.4.2.1 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-8775 | 2024-09-14 | Ansible-core: exposure of sensitive information in ansible vault files due to improper logging |
| CVE-2024-8246 | 2024-09-14 | Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) <= 2.8.11 - Authenticated (Contributor+) Privilege Escalation |
| CVE-2024-8479 | 2024-09-14 | Simple Spoiler 1.2 - 1.3 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-8724 | 2024-09-14 | Waitlist Woocommerce ( Back in stock notifier ) <= 2.7.5 - Reflected Cross-Site Scripting |
| CVE-2024-8039 | 2024-09-14 | Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks. |
| CVE-2024-8669 | 2024-09-14 | Backuply – Backup, Restore, Migrate and Clone <= 1.3.4 - Authenticated (Admin+) SQL Injection |
| CVE-2024-8797 | 2024-09-14 | WP Booking System – Booking Calendar <= 2.0.19.8 - Reflected Cross-Site Scripting |
| CVE-2023-3410 | 2024-09-14 | Bricks <= 1.10.1 - Authenticated (Bricks Page Builder Access+) Stored Cross-Site Scripting |
| CVE-2024-6482 | 2024-09-14 | Login with phone number <= 1.7.49 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation |
| CVE-2024-8862 | 2024-09-14 | h2oai h2o-3 JDBC Connection 1 getConnectionSafe deserialization |
| CVE-2024-8863 | 2024-09-14 | aimhubio aim Text Explorer textbox.tsx dangerouslySetInnerHTML cross site scripting |
| CVE-2024-46938 | 2024-09-15 | An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files. |
| CVE-2024-46918 | 2024-09-15 | app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org. |
| CVE-2024-46942 | 2024-09-15 | In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment. |
| CVE-2024-46943 | 2024-09-15 | An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller... |
| CVE-2024-8864 | 2024-09-15 | composiohq composio calculator.py Calculator code injection |
| CVE-2024-8865 | 2024-09-15 | composiohq composio api.py path path traversal |
| CVE-2024-8866 | 2024-09-15 | AutoCMS robot.php cross site scripting |
| CVE-2024-8867 | 2024-09-15 | Perfex CRM Parameter Clients.php cross site scripting |
| CVE-2024-8868 | 2024-09-15 | code-projects Crud Operation System savedata.php sql injection |
| CVE-2024-45460 | 2024-09-15 | WordPress Flipping Cards plugin <= 1.30 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-45459 | 2024-09-15 | WordPress Product Slider for WooCommerce by PickPlugins plugin <= 1.13.50 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-45458 | 2024-09-15 | WordPress Spiffy Calendar plugin <= 4.9.13 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-45457 | 2024-09-15 | WordPress Spiffy Calendar plugin <= 4.9.13 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-45456 | 2024-09-15 | WordPress WP Meta SEO plugin <= 4.5.13 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-45455 | 2024-09-15 | WordPress WP Meta SEO plugin <= 4.5.13 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44063 | 2024-09-15 | WordPress Happyforms plugin <= 1.26.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44062 | 2024-09-15 | WordPress Custom Field Template plugin <= 2.6.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44060 | 2024-09-15 | WordPress filmix theme <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44059 | 2024-09-15 | WordPress Custom Query Blocks plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44058 | 2024-09-15 | WordPress Parabola theme <= 2.4.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44057 | 2024-09-15 | WordPress Nirvana theme <= 1.6.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44056 | 2024-09-15 | WordPress Mantra theme <= 3.3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44054 | 2024-09-15 | WordPress Fluida theme <= 1.8.8 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-44053 | 2024-09-15 | WordPress Opor Ayam theme <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-8869 | 2024-09-15 | TOTOLINK A720R exportOvpn os command injection |
| CVE-2024-8875 | 2024-09-15 | vedees wcms finder.php path traversal |
| CVE-2024-8876 | 2024-09-15 | xiaohe4966 TpMeCMS lang path traversal |
| CVE-2023-45854 | 2024-09-16 | A Business Logic vulnerability in Shopkit 1.0 allows an attacker to add products with negative quantities to the shopping cart via the qtd parameter in the add-to-cart function. |
| CVE-2024-42794 | 2024-09-16 | Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. |
| CVE-2024-42795 | 2024-09-16 | An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details. |
| CVE-2024-42796 | 2024-09-16 | An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries. |
| CVE-2024-42798 | 2024-09-16 | An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account. |
| CVE-2024-44623 | 2024-09-16 | An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. |
| CVE-2024-45413 | 2024-09-16 | The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsa_decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the... |
| CVE-2024-45414 | 2024-09-16 | The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied... |
| CVE-2024-45415 | 2024-09-16 | The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in check_data_integrity function. This function is responsible for validating the checksum of data in post request. The... |
| CVE-2024-45416 | 2024-09-16 | The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init function. The session -LUA- files are stored in the directory /var/lua_session, the function iterates on... |
| CVE-2024-46419 | 2024-09-16 | TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter. |
| CVE-2024-46424 | 2024-09-16 | TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomModule function, which allows attackers to cause a Denial of Service (DoS) via the File parameter. |
| CVE-2024-46451 | 2024-09-16 | TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. |
| CVE-2024-46937 | 2024-09-16 | An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without... |
| CVE-2024-46958 | 2024-09-16 | In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4. |
| CVE-2024-8880 | 2024-09-16 | playSMS Template index.php code injection |
| CVE-2024-8776 | 2024-09-16 | INTUMIT SmartRobot - Cross-site Scripting |
| CVE-2024-8777 | 2024-09-16 | The SYSCOM Group OMFLOW - Information Leakage |
| CVE-2024-8778 | 2024-09-16 | The SYSCOM Group OMFLOW - Arbitrary File Read |
| CVE-2024-8779 | 2024-09-16 | The SYSCOM Group OMFLOW - Broken Access Control |
| CVE-2024-8780 | 2024-09-16 | The SYSCOM Group OMFLOW - Improper Authorization for Data Query Function |
| CVE-2024-45694 | 2024-09-16 | D-Link WiFi router - Stack-based Buffer Overflow |
| CVE-2024-45695 | 2024-09-16 | D-Link WiFi router - Stack-based Buffer Overflow |
| CVE-2024-39613 | 2024-09-16 | RCE in desktop app in Windows by local attacker |
| CVE-2024-45833 | 2024-09-16 | Mobile password gets saved in dictionary under conditions |
| CVE-2024-45696 | 2024-09-16 | D-Link WiFi router - Hidden Functionality |
| CVE-2024-45697 | 2024-09-16 | D-Link WiFi router - Hidden Functionality |
| CVE-2024-45698 | 2024-09-16 | D-Link WiFi router - OS Command Injection |
| CVE-2024-1578 | 2024-09-16 | Multiple MiCard PLUS card reader dropped characters |
| CVE-2024-46970 | 2024-09-16 | In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible |
| CVE-2024-22399 | 2024-09-16 | Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server |
| CVE-2024-39772 | 2024-09-16 | Silent Desktop Screenshot Capture |
| CVE-2024-45835 | 2024-09-16 | Insufficient Electron Fuses Configuration |
| CVE-2024-7098 | 2024-09-16 | XML Injection in SFS Consulting's ww.Winsure |
| CVE-2024-7104 | 2024-09-16 | Remote Code Execution in SFS Consulting's ww.Winsure |
| CVE-2024-6401 | 2024-09-16 | SQLi in SFS Consulting's InsureE GL |
| CVE-2024-38315 | 2024-09-16 | IBM Aspera Shares session fixation |
| CVE-2024-8752 | 2024-09-16 | WebIQ 2.15.9 Runtime on Windows - Directory Traversal Vulnerability |
| CVE-2024-34543 | 2024-09-16 | Improper access control in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-34153 | 2024-09-16 | Uncontrolled search path element in Intel(R) RAID Web Console software for all versions may allow an authenticated user to potentially enable escalation of privilege via local access. |