CVE List - 2024 / September
Showing 1101 - 1200 of 2516 CVEs for September 2024 (Page 12 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-46690 | 2024-09-13 | nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease |
| CVE-2024-46691 | 2024-09-13 | usb: typec: ucsi: Move unregister out of atomic section |
| CVE-2024-46692 | 2024-09-13 | firmware: qcom: scm: Mark get_wq_ctx() as atomic call |
| CVE-2024-46693 | 2024-09-13 | soc: qcom: pmic_glink: Fix race during initialization |
| CVE-2024-46694 | 2024-09-13 | drm/amd/display: avoid using null object of framebuffer |
| CVE-2024-46695 | 2024-09-13 | selinux,smack: don't bypass permissions check in inode_setsecctx hook |
| CVE-2024-46696 | 2024-09-13 | nfsd: fix potential UAF in nfsd4_cb_getattr_release |
| CVE-2024-46697 | 2024-09-13 | nfsd: ensure that nfsd4_fattr_args.context is zeroed out |
| CVE-2024-46698 | 2024-09-13 | video/aperture: optionally match the device in sysfb_disable() |
| CVE-2024-46699 | 2024-09-13 | drm/v3d: Disable preemption while updating GPU stats |
| CVE-2024-5628 | 2024-09-13 | Avada | Website Builder For WordPress & eCommerce <= 3.11.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fusion_button Shortcode |
| CVE-2024-6493 | 2024-09-13 | NinjaTeam Header Footer Custom Code < 1.2 - Admin+ Stored XSS |
| CVE-2024-6617 | 2024-09-13 | NinjaTeam Header Footer Custom Code <= 1.2 - Admin+ Stored XSS via CSS Styles |
| CVE-2024-6723 | 2024-09-13 | AI Engine < 2.4.8 - Admin+ SQLi |
| CVE-2024-6850 | 2024-09-13 | Carousel Slider < 2.2.14 - Editor+ Stored XSS |
| CVE-2024-7129 | 2024-09-13 | Appointment Booking Calendar < 1.6.7.43 - Admin+ Template Injection to RCE |
| CVE-2024-7133 | 2024-09-13 | My Sticky Bar < 2.7.3 - Admin+ Stored XSS |
| CVE-2024-7863 | 2024-09-13 | Favicon Generator < 2.1 - Arbitrary File Upload via CSRF |
| CVE-2024-7864 | 2024-09-13 | Favicon Generator < 2.1 - Arbitrary File Deletion via CSRF |
| CVE-2024-38816 | 2024-09-13 | CVE-2024-38816: Path traversal vulnerability in functional web frameworks |
| CVE-2024-46701 | 2024-09-13 | libfs: fix infinite directory reads for offset dir |
| CVE-2024-46702 | 2024-09-13 | thunderbolt: Mark XDomain as unplugged when router is removed |
| CVE-2024-46703 | 2024-09-13 | Revert "serial: 8250_omap: Set the console genpd always on if no console suspend" |
| CVE-2024-46704 | 2024-09-13 | workqueue: Fix spruious data race in __flush_work() |
| CVE-2024-46705 | 2024-09-13 | drm/xe: reset mmio mappings with devm |
| CVE-2024-46706 | 2024-09-13 | tty: serial: fsl_lpuart: mark last busy before uart_add_one_port |
| CVE-2024-46707 | 2024-09-13 | KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 |
| CVE-2024-46708 | 2024-09-13 | pinctrl: qcom: x1e80100: Fix special pin offsets |
| CVE-2024-46709 | 2024-09-13 | drm/vmwgfx: Fix prime with external buffers |
| CVE-2024-46710 | 2024-09-13 | drm/vmwgfx: Prevent unmapping active read buffers |
| CVE-2024-46711 | 2024-09-13 | mptcp: pm: fix ID 0 endp usage after multiple re-creations |
| CVE-2024-46712 | 2024-09-13 | drm/vmwgfx: Disable coherent dumb buffers without 3d |
| CVE-2024-8665 | 2024-09-13 | YITH Custom Login <= 1.7.3 - Reflected Cross-Site Scripting |
| CVE-2024-7888 | 2024-09-13 | Classified Listing – Classified ads & Business Directory Plugin <= 3.1.7 - Missing Authorization |
| CVE-2024-5567 | 2024-09-13 | Betheme | Responsive Multipurpose WordPress & WooCommerce Theme <= 27.5.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File |
| CVE-2024-8664 | 2024-09-13 | WP Test Email <= 1.1.7 - Reflected Cross-Site Scripting |
| CVE-2024-8742 | 2024-09-13 | Essential Addons for Elementor <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Filterable Gallery Widget |
| CVE-2024-8663 | 2024-09-13 | WP Simple Booking Calendar <= 2.0.10 - Reflected Cross-Site Scripting |
| CVE-2024-41873 | 2024-09-13 | Media Encoder | Out-of-bounds Read (CWE-125) |
| CVE-2024-41871 | 2024-09-13 | Media Encoder | Out-of-bounds Read (CWE-125) |
| CVE-2024-41870 | 2024-09-13 | Media Encoder | Out-of-bounds Read (CWE-125) |
| CVE-2024-39377 | 2024-09-13 | Media Encoder | Out-of-bounds Write (CWE-787) |
| CVE-2024-41872 | 2024-09-13 | Media Encoder | Out-of-bounds Read (CWE-125) |
| CVE-2024-41859 | 2024-09-13 | After Effects | Out-of-bounds Write (CWE-787) |
| CVE-2024-39382 | 2024-09-13 | After Effects | Out-of-bounds Read (CWE-125) |
| CVE-2024-41867 | 2024-09-13 | After Effects | Out-of-bounds Read (CWE-125) |
| CVE-2024-39380 | 2024-09-13 | After Effects | Heap-based Buffer Overflow (CWE-122) |
| CVE-2024-39381 | 2024-09-13 | After Effects | Out-of-bounds Write (CWE-787) |
| CVE-2024-39385 | 2024-09-13 | Premiere Pro | Use After Free (CWE-416) |
| CVE-2024-39384 | 2024-09-13 | Premiere Pro | Out-of-bounds Write (CWE-787) |
| CVE-2024-45111 | 2024-09-13 | Illustrator | Out-of-bounds Read (CWE-125) |
| CVE-2024-43758 | 2024-09-13 | Illustrator | Use After Free (CWE-416) |
| CVE-2024-34121 | 2024-09-13 | Illustrator | Integer Overflow or Wraparound (CWE-190) |
| CVE-2024-43759 | 2024-09-13 | Illustrator | NULL Pointer Dereference (CWE-476) |
| CVE-2024-41857 | 2024-09-13 | Illustrator | Integer Underflow (Wrap or Wraparound) (CWE-191) |
| CVE-2024-6656 | 2024-09-13 | Hardcoded Credentals in TNB Mobile Solutions' Cockpit Software |
| CVE-2024-45112 | 2024-09-13 | Acrobat Reader | Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843) |
| CVE-2024-41869 | 2024-09-13 | Acrobat Reader | Use After Free (CWE-416) |
| CVE-2024-45113 | 2024-09-13 | ColdFusion | Improper Authentication (CWE-287) |
| CVE-2024-41874 | 2024-09-13 | ColdFusion | Deserialization of Untrusted Data (CWE-502) |
| CVE-2024-45108 | 2024-09-13 | Photoshop Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2024-43756 | 2024-09-13 | Photoshop Desktop | Heap-based Buffer Overflow (CWE-122) |
| CVE-2024-45109 | 2024-09-13 | Photoshop Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2024-43760 | 2024-09-13 | Photoshop Desktop | Out-of-bounds Write (CWE-787) |
| CVE-2024-46713 | 2024-09-13 | perf/aux: Fix AUX buffer serialization |
| CVE-2024-5789 | 2024-09-13 | Triton Lite <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode |
| CVE-2024-8732 | 2024-09-13 | Roles & Capabilities <= 1.1.9 - Reflected Cross-Site Scripting |
| CVE-2024-8714 | 2024-09-13 | WordPress Affiliates Plugin — SliceWP Affiliates <= 1.1.20 - Reflected Cross-Site Scripting |
| CVE-2024-8269 | 2024-09-13 | MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Unauthorized User Registration |
| CVE-2024-8731 | 2024-09-13 | Cron Jobs <= 1.2.9 - Reflected Cross-Site Scripting |
| CVE-2024-8747 | 2024-09-13 | Email Obfuscate Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-6544 | 2024-09-13 | Custom Post Limits <= 4.4.1 - Unauthenticated Full Path Disclosure |
| CVE-2024-7423 | 2024-09-13 | Stream <= 4.0.1 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-8737 | 2024-09-13 | PDF Thumbnail Generator <= 1.3 - Reflected Cross-Site Scripting |
| CVE-2024-5884 | 2024-09-13 | Beauty <= 1.1.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting via tpl_featured_cat_id Parameter |
| CVE-2024-8734 | 2024-09-13 | Lucas String Replace <= 2.0.5 - Reflected Cross-Site Scripting |
| CVE-2024-5867 | 2024-09-13 | Delicate <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode |
| CVE-2024-8730 | 2024-09-13 | Exit Notifier <= 1.9.1 - Reflected Cross-Site Scripting |
| CVE-2022-2446 | 2024-09-13 | WP Editor <= 1.2.9 - Authenticated (Admin+) PHAR Deserialization |
| CVE-2024-5869 | 2024-09-13 | Neighborly <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode |
| CVE-2024-5870 | 2024-09-13 | Tweaker5 <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode |
| CVE-2024-8242 | 2024-09-13 | MStore API – Create Native Android & iOS Apps On The Cloud <= 4.15.3 - Authenticated (Subscriber+) Limited Arbitrary File Upload |
| CVE-2024-42025 | 2024-09-13 | A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to... |
| CVE-2024-6587 | 2024-09-13 | SSRF in berriai/litellm |
| CVE-2024-6582 | 2024-09-13 | Broken Access Control in lunary-ai/lunary |
| CVE-2024-6087 | 2024-09-13 | Improper Access Control in lunary-ai/lunary |
| CVE-2024-6867 | 2024-09-13 | Information Disclosure in lunary-ai/lunary |
| CVE-2024-6862 | 2024-09-13 | Cross-Site Request Forgery (CSRF) in lunary-ai/lunary |
| CVE-2024-43099 | 2024-09-13 | AutomationDirect DirectLogic H2-DM1E Authentication Bypass by Capture-replay |
| CVE-2024-45368 | 2024-09-13 | AutomationDirect DirectLogic H2-DM1E Session Fixation |
| CVE-2024-31414 | 2024-09-13 | The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input... |
| CVE-2024-31415 | 2024-09-13 | The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to store... |
| CVE-2024-31416 | 2024-09-13 | The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking... |
| CVE-2024-3100 | 2024-09-13 | A potential buffer overflow vulnerability was reported in some Lenovo Notebook products that could allow a local attacker with elevated privileges to execute arbitrary code. |
| CVE-2024-4550 | 2024-09-13 | A potential buffer overflow vulnerability was reported in some Lenovo ThinkSystem and ThinkStation products that could allow a local attacker with elevated privileges to execute arbitrary code. |
| CVE-2024-7756 | 2024-09-13 | A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges by accessing an embedded UEFI shell. |
| CVE-2024-8059 | 2024-09-13 | IPMI credentials may be captured in XCC audit log entries when the account username length is 16 characters. |
| CVE-2024-8278 | 2024-09-13 | A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. |
| CVE-2024-8279 | 2024-09-13 | A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads. |
| CVE-2024-8280 | 2024-09-13 | An input validation weakness was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection or cause a recoverable denial of service... |