CVE List - 2024 / September
Showing 1701 - 1800 of 2516 CVEs for September 2024 (Page 18 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-31165 | 2024-09-18 | NULL Pointer Dereference in libfluid_msg library |
| CVE-2024-31166 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31167 | 2024-09-18 | NULL Pointer Dereference in libfluid_msg library |
| CVE-2024-31168 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31169 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31170 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31171 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31172 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31173 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31174 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31175 | 2024-09-18 | NULL Pointer Dereference in libfluid_msg library |
| CVE-2024-31176 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31177 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31178 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31179 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31180 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31181 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31182 | 2024-09-18 | NULL Pointer Dereference in libfluid_msg library |
| CVE-2024-31183 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31184 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31185 | 2024-09-18 | NULL Pointer Dereference in libfluid_msg library |
| CVE-2024-31186 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31187 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31188 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31189 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31190 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31191 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31192 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31193 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31194 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31195 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-31196 | 2024-09-18 | NULL Pointer Dereference in libfluid_msg library |
| CVE-2024-31197 | 2024-09-18 | Improper Null Termination in libfluid_msg library |
| CVE-2024-31198 | 2024-09-18 | Out-of-bounds Read in libfluid_msg library |
| CVE-2024-39589 | 2024-09-18 | Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can... |
| CVE-2024-39590 | 2024-09-18 | Multiple invalid pointer dereference vulnerabilities exist in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC_v3 16bf8bac1a36d95b73e7b8722d0edb8b9c5bb56a. A specially crafted EtherNet/IP request can lead to denial of service. An attacker can... |
| CVE-2024-34026 | 2024-09-18 | A stack-based buffer overflow vulnerability exists in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted EtherNet/IP request can lead to remote code execution. An attacker... |
| CVE-2024-36980 | 2024-09-18 | An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can... |
| CVE-2024-36981 | 2024-09-18 | An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functionality of OpenPLC_v3 b4702061dc14d1024856f71b4543298d77007b88. A specially crafted network request can lead to denial of service. An attacker can... |
| CVE-2024-5958 | 2024-09-18 | SQLi in Eliz Software's Panel |
| CVE-2024-5959 | 2024-09-18 | Stored XSS in Eliz Software's Panel |
| CVE-2022-25769 | 2024-09-18 | Improper regex in htaccess file |
| CVE-2024-5960 | 2024-09-18 | Plaintext Storage of a Password in Eliz Software's Panel |
| CVE-2024-6877 | 2024-09-18 | Reflected XSS in Eliz Software's Panel |
| CVE-2022-25774 | 2024-09-18 | XSS in Notifications via saving Dashboards |
| CVE-2024-6878 | 2024-09-18 | Directory Browsing in Eliz Software's Panel |
| CVE-2022-25775 | 2024-09-18 | SQL Injection in dynamic Reports |
| CVE-2024-45858 | 2024-09-18 | An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user... |
| CVE-2022-25776 | 2024-09-18 | Sensitive Data Exposure due to inadequate user permission settings |
| CVE-2022-25777 | 2024-09-18 | Server-Side Request Forgery in Asset section |
| CVE-2024-45813 | 2024-09-18 | ReDoS vulnerability in multiparametric routes in find-my-way |
| CVE-2024-46990 | 2024-09-18 | SSRF Loopback IP filter bypass in directus |
| CVE-2024-45298 | 2024-09-18 | Disabled user can bypass lockout by requesting password reset in wiki.js |
| CVE-2024-46986 | 2024-09-18 | Arbitrary file write leading to RCE in Camaleon CMS |
| CVE-2024-46987 | 2024-09-18 | Arbitrary path traversal in Camaleon CMS |
| CVE-2024-46979 | 2024-09-18 | Data leak of notification filters of users in XWiki Platform |
| CVE-2024-46978 | 2024-09-18 | Missing checks for notification filter preferences editions in XWiki Platform |
| CVE-2024-46989 | 2024-09-18 | Multiple caveats on resources of the same type can result in no permission when permission is expected |
| CVE-2024-45601 | 2024-09-18 | Local file Inclusion via static file serving functionality in Mesop |
| CVE-2024-8287 | 2024-09-18 | Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the... |
| CVE-2022-25768 | 2024-09-18 | Improper Access Control in UI upgrade process |
| CVE-2024-47058 | 2024-09-18 | Cross-site Scripting (XSS) - stored (edit form HTML field) |
| CVE-2024-47050 | 2024-09-18 | XSS in contact/company tracking (no authentication) |
| CVE-2021-27917 | 2024-09-18 | XSS in contact tracking and page hits report |
| CVE-2024-47059 | 2024-09-18 | Users enumeration - weak password login |
| CVE-2022-25770 | 2024-09-18 | Insufficient authentication in upgrade flow |
| CVE-2024-37406 | 2024-09-18 | In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion. |
| CVE-2024-31570 | 2024-09-19 | libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. |
| CVE-2024-33109 | 2024-09-19 | Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. |
| CVE-2024-40125 | 2024-09-19 | An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the... |
| CVE-2024-45752 | 2024-09-19 | logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege... |
| CVE-2024-46382 | 2024-09-19 | A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminGoodscontroller.java. |
| CVE-2024-46394 | 2024-09-19 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add |
| CVE-2024-46946 | 2024-09-19 | langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMSymbolicMathChain was introduced in fcccde406dd9e9b05fc9babcbeb9ff527b0ec0c6 (2023-10-05). |
| CVE-2024-25673 | 2024-09-19 | Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection. |
| CVE-2024-7254 | 2024-09-19 | Stack overflow in Protocol Buffers Java Lite |
| CVE-2024-8850 | 2024-09-19 | MC4WP: Mailchimp for WordPress 4.9.9 - 4.9.16 - Reflected Cross-Site Scripting |
| CVE-2022-4533 | 2024-09-19 | Limit Login Attempts Plus <= 1.1.0 - IP Address Spoofing to Protection Mechanism Bypass |
| CVE-2024-8364 | 2024-09-19 | WP Custom Fields Search <= 1.2.35 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcfs-preset Shortcode |
| CVE-2024-47085 | 2024-09-19 | Parameter Manipulation Vulnerability |
| CVE-2024-47086 | 2024-09-19 | OTP Bypass Vulnerability |
| CVE-2024-47087 | 2024-09-19 | Information Disclosure Vulnerability |
| CVE-2024-47088 | 2024-09-19 | User Enumeration vulnerability |
| CVE-2024-47089 | 2024-09-19 | Unauthorized Transaction Manipulation Vulnerability |
| CVE-2024-45769 | 2024-09-19 | Pcp: pmcd heap corruption through metric pmstore operations |
| CVE-2024-45770 | 2024-09-19 | Pcp: pmpost symlink attack allows escalating pcp to root user |
| CVE-2024-8354 | 2024-09-19 | Qemu-kvm: usb: assertion failure in usb_ep_get() |
| CVE-2024-8986 | 2024-09-19 | Information Leakage in grafana-plugin-sdk-go |
| CVE-2024-7785 | 2024-09-19 | Reflected XSS in Ece Software's Electronic Ticket System |
| CVE-2024-7736 | 2024-09-19 | Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2024-7737 | 2024-09-19 | Stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x |
| CVE-2024-8698 | 2024-09-19 | Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak |
| CVE-2024-8883 | 2024-09-19 | Keycloak: vulnerable redirect uri validation results in open redirec |
| CVE-2024-8375 | 2024-09-19 | Object deserialization in Reverb leading to RCE |
| CVE-2024-45861 | 2024-09-19 | Use of Hard-coded Credentials in Kastle Systems Access Control System |
| CVE-2024-45862 | 2024-09-19 | Cleartext Storage of Sensitive Information in Kastle Systems Access Control System |
| CVE-2024-8651 | 2024-09-19 | Netcat CMS: user enumeration |
| CVE-2024-8652 | 2024-09-19 | Netcat CMS: reflected cross-site scripting in openstat module |
| CVE-2024-8653 | 2024-09-19 | Netcat CMS: multiple reflected cross-site scripting vulnerabilities in netshop module |
| CVE-2024-38016 | 2024-09-19 | Microsoft Office Visio Remote Code Execution Vulnerability |