CVE List - 2024 / September
Showing 701 - 800 of 2516 CVEs for September 2024 (Page 8 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-42344 | 2024-09-10 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all... |
| CVE-2024-42345 | 2024-09-10 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow... |
| CVE-2024-43647 | 2024-09-10 | A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions),... |
| CVE-2024-43781 | 2024-09-10 | A vulnerability has been identified in SINUMERIK 828D V4 (All versions < V4.95 SP3), SINUMERIK 840D sl V4 (All versions < V4.95 SP3 in connection with using Create MyConfig (CMC)... |
| CVE-2024-44087 | 2024-09-10 | A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions < V6.0 SP12 Upd3), Automation License Manager V6.2 (All versions < V6.2... |
| CVE-2024-45032 | 2024-09-10 | A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected components do not properly validate the device... |
| CVE-2024-8645 | 2024-09-10 | Access of Uninitialized Pointer in Wireshark |
| CVE-2024-40754 | 2024-09-10 | Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0. |
| CVE-2024-7770 | 2024-09-10 | Bit File Manager – 100% Free & Open Source File Manager and Code Editor for WordPress <= 6.5.5 - Authenticated (Subscriber+) Arbitrary File Upload |
| CVE-2024-6282 | 2024-09-10 | Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor <= 2.0.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-jltma-wrapper-link Element |
| CVE-2024-8369 | 2024-09-10 | EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure |
| CVE-2024-8443 | 2024-09-10 | Libopensc: heap buffer overflow in openpgp driver when generating key |
| CVE-2024-8654 | 2024-09-10 | MongoDB Server may access non-initialized region of memory leading to unexpected behaviour |
| CVE-2024-27257 | 2024-09-10 | IBM OpenPages information disclosure |
| CVE-2024-23184 | 2024-09-10 | Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production... |
| CVE-2024-43796 | 2024-09-10 | express vulnerable to XSS via response.redirect() |
| CVE-2024-45323 | 2024-09-10 | An improper access control vulnerability [CWE-284] in FortiEDR Manager API 6.2.0 through 6.2.2, 6.0 all versions may allow in a shared environment context an authenticated admin with REST API permissions... |
| CVE-2024-31490 | 2024-09-10 | An exposure of sensitive information to an unauthorized actor in Fortinet FortiSandbox version 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.5 and 3.2.2 through 3.2.4 and 3.1.5... |
| CVE-2023-44254 | 2024-09-10 | An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges... |
| CVE-2024-33508 | 2024-09-10 | An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in Fortinet FortiClientEMS 7.2.0 through 7.2.4, 7.0.0 through 7.0.12 may allow an unauthenticated attacker to execute... |
| CVE-2024-35282 | 2024-09-10 | A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient VPN iOS 7.2 all versions, 7.0 all versions, 6.4 all versions, 6.2 all versions, 6.0 all versions may... |
| CVE-2024-36511 | 2024-09-10 | An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions,... |
| CVE-2024-31489 | 2024-09-10 | AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a... |
| CVE-2024-21753 | 2024-09-10 | A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiClientEMS versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.13, 6.4.0 through 6.4.9, 6.2.0 through 6.2.9, 6.0.0 through... |
| CVE-2022-45856 | 2024-09-10 | An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all... |
| CVE-2024-23185 | 2024-09-10 | Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building... |
| CVE-2024-43799 | 2024-09-10 | send vulnerable to template injection that can lead to XSS |
| CVE-2024-43800 | 2024-09-10 | serve-static affected by template injection that can lead to XSS |
| CVE-2024-42423 | 2024-09-10 | Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially... |
| CVE-2024-45044 | 2024-09-10 | Bareos's negative command ACLs can be circumvented by abbreviating commands |
| CVE-2024-45393 | 2024-09-10 | Computer Vision Annotation Tool (CVAT) is missing authorization for endpoints related to webhook deliveries |
| CVE-2024-6876 | 2024-09-10 | Out-of-bounds read in OSCAT-Library |
| CVE-2024-45407 | 2024-09-10 | Sunshine has incorrect state management during pairing process may lead to incorrectly authorized client |
| CVE-2024-45412 | 2024-09-10 | Yeti affected by a Potential Denial of Service due to the One Milion Unicode characters attack |
| CVE-2024-45593 | 2024-09-10 | Nix affected by unsafe NAR unpacking |
| CVE-2024-45590 | 2024-09-10 | body-parser vulnerable to denial of service when url encoding is enabled |
| CVE-2024-45591 | 2024-09-10 | XWiki Platform document history including authors of any page exposed to unauthorized actors |
| CVE-2024-45592 | 2024-09-10 | auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped |
| CVE-2024-45595 | 2024-09-10 | D-Tale allows Remote Code Execution through the Query input on Chart Builder |
| CVE-2023-6841 | 2024-09-10 | Keycloak: amount of attributes per object is not limited and it may lead to dos |
| CVE-2024-37338 | 2024-09-10 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-37966 | 2024-09-10 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
| CVE-2024-37335 | 2024-09-10 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-37340 | 2024-09-10 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-37339 | 2024-09-10 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-37337 | 2024-09-10 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
| CVE-2024-37342 | 2024-09-10 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
| CVE-2024-26186 | 2024-09-10 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-26191 | 2024-09-10 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability |
| CVE-2024-38018 | 2024-09-10 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-38216 | 2024-09-10 | Azure Stack Hub Elevation of Privilege Vulnerability |
| CVE-2024-38220 | 2024-09-10 | Azure Stack Hub Elevation of Privilege Vulnerability |
| CVE-2024-38188 | 2024-09-10 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability |
| CVE-2024-38230 | 2024-09-10 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability |
| CVE-2024-38236 | 2024-09-10 | DHCP Server Service Denial of Service Vulnerability |
| CVE-2024-38240 | 2024-09-10 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| CVE-2024-38241 | 2024-09-10 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38242 | 2024-09-10 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38249 | 2024-09-10 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38250 | 2024-09-10 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38252 | 2024-09-10 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2024-38253 | 2024-09-10 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2024-38254 | 2024-09-10 | Windows Authentication Information Disclosure Vulnerability |
| CVE-2024-38256 | 2024-09-10 | Windows Kernel-Mode Driver Information Disclosure Vulnerability |
| CVE-2024-43463 | 2024-09-10 | Microsoft Office Visio Remote Code Execution Vulnerability |
| CVE-2024-43464 | 2024-09-10 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-43467 | 2024-09-10 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-43474 | 2024-09-10 | Microsoft SQL Server Information Disclosure Vulnerability |
| CVE-2024-43482 | 2024-09-10 | Microsoft Outlook for iOS Information Disclosure Vulnerability |
| CVE-2024-43492 | 2024-09-10 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
| CVE-2024-43465 | 2024-09-10 | Microsoft Excel Elevation of Privilege Vulnerability |
| CVE-2024-37965 | 2024-09-10 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2024-37341 | 2024-09-10 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2024-38014 | 2024-09-10 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2024-38046 | 2024-09-10 | PowerShell Elevation of Privilege Vulnerability |
| CVE-2024-38217 | 2024-09-10 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2024-38225 | 2024-09-10 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability |
| CVE-2024-38226 | 2024-09-10 | Microsoft Publisher Security Feature Bypass Vulnerability |
| CVE-2024-38227 | 2024-09-10 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-38228 | 2024-09-10 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2024-38231 | 2024-09-10 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| CVE-2024-38232 | 2024-09-10 | Windows Networking Denial of Service Vulnerability |
| CVE-2024-38233 | 2024-09-10 | Windows Networking Denial of Service Vulnerability |
| CVE-2024-38234 | 2024-09-10 | Windows Networking Denial of Service Vulnerability |
| CVE-2024-38235 | 2024-09-10 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-38237 | 2024-09-10 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38238 | 2024-09-10 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38239 | 2024-09-10 | Windows Kerberos Elevation of Privilege Vulnerability |
| CVE-2024-38243 | 2024-09-10 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38244 | 2024-09-10 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38245 | 2024-09-10 | Kernel Streaming Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38246 | 2024-09-10 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-38247 | 2024-09-10 | Windows Graphics Component Elevation of Privilege Vulnerability |
| CVE-2024-38248 | 2024-09-10 | Windows Storage Elevation of Privilege Vulnerability |
| CVE-2024-38257 | 2024-09-10 | Microsoft AllJoyn API Information Disclosure Vulnerability |
| CVE-2024-38258 | 2024-09-10 | Windows Remote Desktop Licensing Service Information Disclosure Vulnerability |
| CVE-2024-38259 | 2024-09-10 | Microsoft Management Console Remote Code Execution Vulnerability |
| CVE-2024-38260 | 2024-09-10 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-38263 | 2024-09-10 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-21416 | 2024-09-10 | Windows TCP/IP Remote Code Execution Vulnerability |