CVE List - 2024 / September
Showing 2301 - 2400 of 2518 CVEs for September 2024 (Page 24 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-47294 | 2024-09-27 | Access permission verification vulnerability in the input method framework module... |
| CVE-2024-9136 | 2024-09-27 | Access permission verification vulnerability in the App Multiplier module Impact:... |
| CVE-2024-9275 | 2024-09-27 | jeanmarc77 123solar admin_invt2.php file inclusion |
| CVE-2024-9276 | 2024-09-27 | TMsoft MyAuth Gateway index.php cross site scripting |
| CVE-2024-9277 | 2024-09-27 | Langflow HTTP POST Request utils.py redos |
| CVE-2024-9278 | 2024-09-27 | HuankeMao SCRM Administrator Backend WxkConfig.php upload_domain_verification_file unrestricted upload |
| CVE-2024-9279 | 2024-09-27 | funnyzpc Mee-Admin User Center index cross site scripting |
| CVE-2024-8644 | 2024-09-27 | Cleartext Storage of Sensitive Information in Oceanic Software's ValeApp |
| CVE-2024-8643 | 2024-09-27 | Session Hijacking in Oceanic Software's ValeApp |
| CVE-2024-8609 | 2024-09-27 | Improper Access Control in Oceanic Software's ValeApp |
| CVE-2024-9280 | 2024-09-27 | kalvinGit kvf-admin FileUploadKit.java fileUpload unrestricted upload |
| CVE-2024-8608 | 2024-09-27 | Stored XSS in Oceanic Software's ValeApp |
| CVE-2024-8607 | 2024-09-27 | SQLi in Oceanic Software's ValeApp |
| CVE-2024-9281 | 2024-09-27 | bg5sbk MiniCMS post-edit.php cross-site request forgery |
| CVE-2024-46802 | 2024-09-27 | drm/amd/display: added NULL check at start of dc_validate_stream |
| CVE-2024-46803 | 2024-09-27 | drm/amdkfd: Check debug trap enable before write dbg_ev_file |
| CVE-2024-46804 | 2024-09-27 | drm/amd/display: Add array index check for hdcp ddc access |
| CVE-2024-46805 | 2024-09-27 | drm/amdgpu: fix the waring dereferencing hive |
| CVE-2024-46806 | 2024-09-27 | drm/amdgpu: Fix the warning division or modulo by zero |
| CVE-2024-46807 | 2024-09-27 | drm/amd/amdgpu: Check tbo resource pointer |
| CVE-2024-46808 | 2024-09-27 | drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range |
| CVE-2024-46809 | 2024-09-27 | drm/amd/display: Check BIOS images before it is used |
| CVE-2024-46810 | 2024-09-27 | drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ |
| CVE-2024-46811 | 2024-09-27 | drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box |
| CVE-2024-46812 | 2024-09-27 | drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration |
| CVE-2024-46813 | 2024-09-27 | drm/amd/display: Check link_index before accessing dc->links[] |
| CVE-2024-46814 | 2024-09-27 | drm/amd/display: Check msg_id before processing transcation |
| CVE-2024-46815 | 2024-09-27 | drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] |
| CVE-2024-46816 | 2024-09-27 | drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links |
| CVE-2024-46817 | 2024-09-27 | drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 |
| CVE-2024-46818 | 2024-09-27 | drm/amd/display: Check gpio_id before used as array index |
| CVE-2024-46819 | 2024-09-27 | drm/amdgpu: the warning dereferencing obj for nbio_v7_4 |
| CVE-2024-46820 | 2024-09-27 | drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend |
| CVE-2024-46821 | 2024-09-27 | drm/amd/pm: Fix negative array index read |
| CVE-2024-46822 | 2024-09-27 | arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry |
| CVE-2024-46823 | 2024-09-27 | kunit/overflow: Fix UB in overflow_allocation_test |
| CVE-2024-46824 | 2024-09-27 | iommufd: Require drivers to supply the cache_invalidate_user ops |
| CVE-2024-46825 | 2024-09-27 | wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check |
| CVE-2024-46826 | 2024-09-27 | ELF: fix kernel.randomize_va_space double read |
| CVE-2024-46827 | 2024-09-27 | wifi: ath12k: fix firmware crash due to invalid peer nss |
| CVE-2024-46828 | 2024-09-27 | sched: sch_cake: fix bulk flow accounting logic for host fairness |
| CVE-2024-46829 | 2024-09-27 | rtmutex: Drop rt_mutex::wait_lock before scheduling |
| CVE-2024-46830 | 2024-09-27 | KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS |
| CVE-2024-46831 | 2024-09-27 | net: microchip: vcap: Fix use-after-free error in kunit test |
| CVE-2024-46832 | 2024-09-27 | MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed |
| CVE-2024-46833 | 2024-09-27 | net: hns3: void array out of bound when loop tnl_num |
| CVE-2024-46834 | 2024-09-27 | ethtool: fail closed if we can't get max channel used in indirection tables |
| CVE-2024-46835 | 2024-09-27 | drm/amdgpu: Fix smatch static checker warning |
| CVE-2024-46836 | 2024-09-27 | usb: gadget: aspeed_udc: validate endpoint index for ast udc |
| CVE-2024-46837 | 2024-09-27 | drm/panthor: Restrict high priorities on group_create |
| CVE-2024-46838 | 2024-09-27 | userfaultfd: don't BUG_ON() if khugepaged yanks our page table |
| CVE-2024-46840 | 2024-09-27 | btrfs: clean up our handling of refs == 0 in snapshot delete |
| CVE-2024-46841 | 2024-09-27 | btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() |
| CVE-2024-46842 | 2024-09-27 | scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info |
| CVE-2024-46843 | 2024-09-27 | scsi: ufs: core: Remove SCSI host only if added |
| CVE-2024-46844 | 2024-09-27 | um: line: always fill *error_out in setup_one_line() |
| CVE-2024-46845 | 2024-09-27 | tracing/timerlat: Only clear timer if a kthread exists |
| CVE-2024-46846 | 2024-09-27 | spi: rockchip: Resolve unbalanced runtime PM / system PM handling |
| CVE-2024-46847 | 2024-09-27 | mm: vmalloc: ensure vmap_block is initialised before adding to queue |
| CVE-2024-46848 | 2024-09-27 | perf/x86/intel: Limit the period on Haswell |
| CVE-2024-46849 | 2024-09-27 | ASoC: meson: axg-card: fix 'use-after-free' |
| CVE-2024-46850 | 2024-09-27 | drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct() |
| CVE-2024-46851 | 2024-09-27 | drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() |
| CVE-2024-46852 | 2024-09-27 | dma-buf: heaps: Fix off-by-one in CMA heap fault handler |
| CVE-2024-46853 | 2024-09-27 | spi: nxp-fspi: fix the KASAN report out-of-bounds bug |
| CVE-2024-46854 | 2024-09-27 | net: dpaa: Pad packets to ETH_ZLEN |
| CVE-2024-46855 | 2024-09-27 | netfilter: nft_socket: fix sk refcount leaks |
| CVE-2024-46856 | 2024-09-27 | net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices |
| CVE-2024-46857 | 2024-09-27 | net/mlx5: Fix bridge mode operations when there are no VFs |
| CVE-2024-46858 | 2024-09-27 | mptcp: pm: Fix uaf in __timer_delete_sync |
| CVE-2024-46859 | 2024-09-27 | platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses |
| CVE-2024-46860 | 2024-09-27 | wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change |
| CVE-2024-46861 | 2024-09-27 | usbnet: ipheth: do not stop RX on failing RX callback |
| CVE-2024-46862 | 2024-09-27 | ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item |
| CVE-2024-46863 | 2024-09-27 | ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item |
| CVE-2024-46864 | 2024-09-27 | x86/hyperv: fix kexec crash due to VP assist page corruption |
| CVE-2024-46865 | 2024-09-27 | fou: fix initialization of grc |
| CVE-2024-46866 | 2024-09-27 | drm/xe/client: add missing bo locking in show_meminfo() |
| CVE-2024-46867 | 2024-09-27 | drm/xe/client: fix deadlock in show_meminfo() |
| CVE-2024-46868 | 2024-09-27 | firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire() |
| CVE-2024-9282 | 2024-09-27 | bg5sbk MiniCMS page-edit.php cross-site request forgery |
| CVE-2024-45773 | 2024-09-27 | A use-after-free vulnerability involving upgradeToRocket requests can cause the application... |
| CVE-2024-45863 | 2024-09-27 | A null-dereference vulnerability involving parsing requests specifying invalid protocols can... |
| CVE-2024-7149 | 2024-09-27 | Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.8 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-47182 | 2024-09-27 | Dozzle uses unsafe hash for passwords |
| CVE-2024-9283 | 2024-09-27 | RelaxedJS ReLaXed Pug to PDF Converter cross site scripting |
| CVE-2024-47184 | 2024-09-27 | Ampache vulnerable to Stored XSS via Democratic Playlist Name |
| CVE-2024-3373 | 2024-09-27 | SQLi in RSM Design's Website Template |
| CVE-2024-47070 | 2024-09-27 | authentik vulnerable to password authentication bypass via X-Forwarded-For HTTP header |
| CVE-2024-47077 | 2024-09-27 | authentik cross-provider token validation problems |
| CVE-2024-6983 | 2024-09-27 | Remote Code Execution in mudler/localai |
| CVE-2024-45744 | 2024-09-27 | TopQuadrant TopBraid EDG password manager stores external credentials insecurely |
| CVE-2024-45745 | 2024-09-27 | TopQuadrant TopBraid EDG JavaScript console XXE |
| CVE-2024-6981 | 2024-09-27 | OMNTEC Proteus Tank Monitoring Missing Authentication for Critical Function |
| CVE-2024-8630 | 2024-09-27 | Alisonic Sibylla SQL Injection |
| CVE-2024-9284 | 2024-09-27 | TP-LINK TL-WR841ND popupSiteSurveyRpm.htm stack-based overflow |
| CVE-2024-8310 | 2024-09-27 | OPW Fuel Management Systems SiteSentinel Missing Authentication for Critical Function |
| CVE-2024-38809 | 2024-09-27 | Applications that parse ETags from "If-Match" or "If-None-Match" request headers... |
| CVE-2024-22170 | 2024-09-27 | Unchecked buffer in Dynamic DNS client |
| CVE-2024-37187 | 2024-09-27 | Advantech ADAM-5550 Weak Encoding for Password |