CVE List - 2024 / September
Showing 101 - 200 of 2516 CVEs for September 2024 (Page 2 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-45678 | 2024-09-03 | Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment)... |
| CVE-2024-8380 | 2024-09-03 | SourceCodester Contact Manager with Export to VCF Delete Contact delete-account.php sql injection |
| CVE-2024-5412 | 2024-09-03 | A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a... |
| CVE-2024-6343 | 2024-09-03 | A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W)... |
| CVE-2024-7203 | 2024-09-03 | A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.60 through V5.38 and USG FLEX series firmware versions from V4.60 through V5.38 could allow an authenticated attacker... |
| CVE-2024-42057 | 2024-09-03 | A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX... |
| CVE-2024-42058 | 2024-09-03 | A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions... |
| CVE-2024-42059 | 2024-09-03 | A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.00 through V5.38, USG FLEX series firmware versions from V5.00 through V5.38, USG FLEX 50(W) series firmware versions... |
| CVE-2024-42060 | 2024-09-03 | A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions... |
| CVE-2024-42061 | 2024-09-03 | A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38,... |
| CVE-2024-7261 | 2024-09-03 | The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware version 6.70(ABVS.4) and earlier, WAX655E firmware... |
| CVE-2024-37136 | 2024-09-03 | Dell Path to PowerProtect, versions 1.1, 1.2, contains an Exposure of Private Personal Information to an Unauthorized Actor vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading... |
| CVE-2024-3655 | 2024-09-03 | Mali GPU Kernel Driver allows improper GPU memory processing operations |
| CVE-2024-38811 | 2024-09-03 | Code-execution vulnerability |
| CVE-2024-8374 | 2024-09-03 | Arbitrary Code Injection in Cura |
| CVE-2024-45586 | 2024-09-03 | Account Take Over Vulnerability |
| CVE-2024-45587 | 2024-09-03 | Unauthorized Modification Vulnerability |
| CVE-2024-45588 | 2024-09-03 | Information Disclosure Vulnerability |
| CVE-2024-6473 | 2024-09-03 | DLL Hijacking in Yandex Browser |
| CVE-2024-6232 | 2024-09-03 | Regular-expression DoS when parsing TarFile headers |
| CVE-2024-8381 | 2024-09-03 | A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox... |
| CVE-2024-8382 | 2024-09-03 | Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able... |
| CVE-2024-8383 | 2024-09-03 | Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing... |
| CVE-2024-8384 | 2024-09-03 | The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects... |
| CVE-2024-8385 | 2024-09-03 | A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR <... |
| CVE-2024-8386 | 2024-09-03 | If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This... |
| CVE-2024-8387 | 2024-09-03 | Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2024-8388 | 2024-09-03 | Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in... |
| CVE-2024-8389 | 2024-09-03 | Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2024-4259 | 2024-09-03 | Sensetive Data Exposure in SAMPAS's AKOS |
| CVE-2024-7654 | 2024-09-03 | Unauthenticated Content Injection in OpenEdge Management web interface via ActiveMQ discovery service |
| CVE-2024-7345 | 2024-09-03 | Direct local client connections to MS Agents can bypass authentication |
| CVE-2024-7346 | 2024-09-03 | Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation |
| CVE-2024-6119 | 2024-09-03 | Possible denial of service in X.509 name checks |
| CVE-2024-43412 | 2024-09-03 | Xibo CMS XSS vulnerability when previewing files uploaded to the library containing HTML/JS |
| CVE-2024-43413 | 2024-09-03 | Xibo CMS XSS vulnerability using DataSet HTML columns |
| CVE-2024-43803 | 2024-09-03 | BMO can expose particularly named secrets from other namespaces via BMH CRD |
| CVE-2024-45307 | 2024-09-03 | SudoBot missing authorization check in `-config` command |
| CVE-2024-45310 | 2024-09-03 | runc can be confused to create empty files/directories on the host |
| CVE-2024-45389 | 2024-09-03 | Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS) |
| CVE-2024-45390 | 2024-09-03 | @blakeembrey/template vulnerable to code injection when attacker controls template input |
| CVE-2024-4629 | 2024-09-03 | Keycloak: potential bypass of brute force protection |
| CVE-2024-45391 | 2024-09-03 | Tina search token leak via lock file in TinaCMS |
| CVE-2024-8399 | 2024-09-03 | Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS < 130. |
| CVE-2024-45394 | 2024-09-03 | Secret encryption vulnerable to brute-force attacks |
| CVE-2024-45615 | 2024-09-03 | Libopensc: pkcs15init: usage of uninitialized values in libopensc and pkcs15init |
| CVE-2024-45616 | 2024-09-03 | Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc |
| CVE-2024-45617 | 2024-09-03 | Libopensc: uninitialized values after incorrect or missing checking return values of functions in libopensc |
| CVE-2024-45618 | 2024-09-03 | Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init |
| CVE-2024-45619 | 2024-09-03 | Libopensc: incorrect handling length of buffers or files in libopensc |
| CVE-2024-45620 | 2024-09-03 | Libopensc: incorrect handling of the length of buffers or files in pkcs15init |
| CVE-2024-8362 | 2024-09-03 | Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-7970 | 2024-09-03 | Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-42642 | 2024-09-04 | Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. |
| CVE-2024-44383 | 2024-09-04 | WAYOS FBM-291W v19.09.11 is vulnerable to Command Execution via msp_info_htm. |
| CVE-2024-44400 | 2024-09-04 | A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to... |
| CVE-2024-44808 | 2024-09-04 | An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter. |
| CVE-2024-44817 | 2024-09-04 | SQL Injection vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the id parameter in the adv2.php component. |
| CVE-2024-44818 | 2024-09-04 | Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the HTTP_Referer header of the caina.php component. |
| CVE-2024-44820 | 2024-09-04 | A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo()... |
| CVE-2024-44821 | 2024-09-04 | ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. The checkyzm function does not properly refresh the captcha value after a failed validation attempt. As a... |
| CVE-2024-44859 | 2024-09-04 | Tenda FH1201 v1.2.0.14 has a stack buffer overflow vulnerability in `formWrlExtraGet`. |
| CVE-2024-45170 | 2024-09-04 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It... |
| CVE-2024-45172 | 2024-09-04 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to missing protection mechanisms, the C-MOR web interface is vulnerable to cross-site request forgery (CSRF) attacks. The... |
| CVE-2024-45174 | 2024-09-04 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper validation of user-supplied data, different functionalities of the C-MOR web interface are vulnerable to SQL... |
| CVE-2024-45177 | 2024-09-04 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401 and 6.00PL01. Due to improper input validation, the C-MOR web interface is vulnerable to persistent cross-site scripting (XSS) attacks. It... |
| CVE-2024-45692 | 2024-09-04 | Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000. |
| CVE-2024-44819 | 2024-09-04 | Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the admin/del.php component. |
| CVE-2024-45506 | 2024-09-04 | HAProxy 2.9.x before 2.9.10, 3.0.x before 3.0.4, and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions, as... |
| CVE-2024-41716 | 2024-09-04 | Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product's project file may obtain user credentials of the... |
| CVE-2024-41927 | 2024-09-04 | Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC's serial communication port, user credentials may be obtained. As a... |
| CVE-2024-45450 | 2024-09-04 | Permission control vulnerability in the software update module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-42039 | 2024-09-04 | Access control vulnerability in the SystemUI module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-45441 | 2024-09-04 | Input verification vulnerability in the system service module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-45442 | 2024-09-04 | Vulnerability of permission verification for APIs in the DownloadProviderMain module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-45443 | 2024-09-04 | Directory traversal vulnerability in the cust module Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. |
| CVE-2024-39921 | 2024-09-04 | Observable timing discrepancy issue exists in IPCOM EX2 Series V01L02NF0001 to V01L06NF0401, V01L20NF0001 to V01L20NF0401, V02L20NF0001 to V02L21NF0301, and IPCOM VE2 Series V01L04NF0001 to V01L06NF0112. If this vulnerability is exploited,... |
| CVE-2024-45444 | 2024-09-04 | Access permission verification vulnerability in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-45445 | 2024-09-04 | Vulnerability of resources not being closed or released in the keystore module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-45446 | 2024-09-04 | Access permission verification vulnerability in the camera driver module Impact: Successful exploitation of this vulnerability will affect availability. |
| CVE-2024-45447 | 2024-09-04 | Access control vulnerability in the camera framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-45448 | 2024-09-04 | Page table protection configuration vulnerability in the trusted firmware module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-45449 | 2024-09-04 | Access permission verification vulnerability in the ringtone setting module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-8298 | 2024-09-04 | Memory request vulnerability in the memory management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-7950 | 2024-09-04 | WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation |
| CVE-2024-8325 | 2024-09-04 | Gutenberg Page Builder Blocks & Ready-Made Patterns Library <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-34637 | 2024-09-04 | Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass... |
| CVE-2024-34638 | 2024-09-04 | Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications. |
| CVE-2024-34639 | 2024-09-04 | Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation. |
| CVE-2024-34640 | 2024-09-04 | Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration. |
| CVE-2024-34641 | 2024-09-04 | Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration. |
| CVE-2024-34642 | 2024-09-04 | Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information. |
| CVE-2024-34643 | 2024-09-04 | Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this... |
| CVE-2024-34644 | 2024-09-04 | Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability. |
| CVE-2024-34645 | 2024-09-04 | Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications. |
| CVE-2024-34646 | 2024-09-04 | Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service. |
| CVE-2024-34647 | 2024-09-04 | Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license. |
| CVE-2024-34648 | 2024-09-04 | Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data. |
| CVE-2024-34649 | 2024-09-04 | Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen. |
| CVE-2024-34650 | 2024-09-04 | Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel. |