CVE List - 2024 / September
Showing 201 - 300 of 2516 CVEs for September 2024 (Page 3 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-34651 | 2024-09-04 | Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files. |
| CVE-2024-34652 | 2024-09-04 | Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage. |
| CVE-2024-34653 | 2024-09-04 | Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege. |
| CVE-2024-34654 | 2024-09-04 | Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege. |
| CVE-2024-34655 | 2024-09-04 | Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager. |
| CVE-2024-34656 | 2024-09-04 | Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. |
| CVE-2024-34657 | 2024-09-04 | Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code. |
| CVE-2024-34658 | 2024-09-04 | Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR. |
| CVE-2024-34659 | 2024-09-04 | Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group. |
| CVE-2024-34660 | 2024-09-04 | Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. |
| CVE-2024-34661 | 2024-09-04 | Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability. |
| CVE-2024-6020 | 2024-09-04 | Sign-up Sheets < 2.2.13 - Reflected XSS |
| CVE-2024-6722 | 2024-09-04 | Chatbot Support AI <= 1.0.2 - Admin+ Stored XSS |
| CVE-2024-6888 | 2024-09-04 | Secure Copy Content Protection and Content Locking < 4.1.7 - Admin+ Stored XSS |
| CVE-2024-6889 | 2024-09-04 | Secure Copy Content Protection and Content Locking < 4.1.7 - Admin+ Stored XSS |
| CVE-2024-6926 | 2024-09-04 | Viral Signup <= 2.1 - Unauthenticated SQLi |
| CVE-2024-7786 | 2024-09-04 | Sensei LMS < 4.24.2 - Unauthenticated Email Template Leak |
| CVE-2024-8117 | 2024-09-04 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via selected_option |
| CVE-2024-8104 | 2024-09-04 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Download |
| CVE-2024-8119 | 2024-09-04 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Reflected Cross-Site Scripting via page |
| CVE-2024-8106 | 2024-09-04 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Sensitive Information Exposure |
| CVE-2024-8102 | 2024-09-04 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-8123 | 2024-09-04 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object Reference |
| CVE-2024-8121 | 2024-09-04 | The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Missing Authorization to Admin Username Change |
| CVE-2024-8318 | 2024-09-04 | Attributes for Blocks <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via attributesForBlocks Parameter |
| CVE-2024-45507 | 2024-09-04 | Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE |
| CVE-2024-45195 | 2024-09-04 | Apache OFBiz: Confused controller-view authorization logic (forced browsing) |
| CVE-2024-7870 | 2024-09-04 | PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 9.7.1 and PixelYourSite PRO <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion |
| CVE-2024-8289 | 2024-09-04 | MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.0 - Missing Authorization to Limited Vendor Privilege Escalation/Account Takeover |
| CVE-2024-8413 | 2024-09-04 | Cross Site Scripting (XSS) in Raspcontrol |
| CVE-2024-7834 | 2024-09-04 | Local privilege escalation in Overwolf |
| CVE-2024-7012 | 2024-09-04 | Puppet-foreman: an authentication bypass vulnerability exists in foreman |
| CVE-2024-7923 | 2024-09-04 | Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore |
| CVE-2024-8407 | 2024-09-04 | alwindoss akademy handlers.go cross site scripting |
| CVE-2024-8408 | 2024-09-04 | Linksys WRT54G POST Parameter apply.cgi validate_services_port stack-based overflow |
| CVE-2024-7076 | 2024-09-04 | SQLi in Semtek Informatics Software's Semtek Sempos |
| CVE-2024-8418 | 2024-09-04 | Containers/aardvark-dns: tcp query handling flaw in aardvark-dns leading to denial of service |
| CVE-2024-7077 | 2024-09-04 | Reflected XSS in Semtek Informatics Software's Semtek Sempos |
| CVE-2024-8409 | 2024-09-04 | ABCD ABCD2 show_image.php path traversal |
| CVE-2024-7078 | 2024-09-04 | Unauthenticate SQLi in Semtek Informatics Software's Semtek Sempos |
| CVE-2024-8410 | 2024-09-04 | ABCD ABCD2 otros_sitios.php path traversal |
| CVE-2024-8411 | 2024-09-04 | ABCD ABCD2 buscar_integrada.php cross site scripting |
| CVE-2024-8391 | 2024-09-04 | Eclipse Vert.x gRPC server does not limit the maximum message size |
| CVE-2024-43402 | 2024-09-04 | Rust OS Command Injection/Argument Injection vulnerability |
| CVE-2024-8412 | 2024-09-04 | LinuxOSsk Shakal-NG views.py redirect |
| CVE-2024-43405 | 2024-09-04 | Nuclei Template Signature Verification Bypass |
| CVE-2024-45050 | 2024-09-04 | Ringer Server Does Not Check Members When Loading Messages |
| CVE-2024-45052 | 2024-09-04 | Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability |
| CVE-2024-45076 | 2024-09-04 | IBM webMethods Integration code execution |
| CVE-2024-45075 | 2024-09-04 | IBM webMethods Integration privilege escalation |
| CVE-2024-45074 | 2024-09-04 | IBM webMethods Integration directory traversal |
| CVE-2024-45053 | 2024-09-04 | Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine |
| CVE-2024-45314 | 2024-09-04 | Flask-AppBuilder login form allows browser to cache sensitive fields |
| CVE-2024-20439 | 2024-09-04 | A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due... |
| CVE-2024-20440 | 2024-09-04 | A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information. This vulnerability is due to excessive verbosity in a debug log file. An... |
| CVE-2024-20469 | 2024-09-04 | Cisco Identity Services Engine Command Injection Vulnerability |
| CVE-2024-20503 | 2024-09-04 | Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability |
| CVE-2024-20497 | 2024-09-04 | Cisco Expressway Edge Improper Authorization Vulnerability |
| CVE-2024-8414 | 2024-09-04 | SourceCodester Insurance Management System cross-site request forgery |
| CVE-2024-8415 | 2024-09-04 | SourceCodester Food Ordering Management System add-ticket.php sql injection |
| CVE-2024-8416 | 2024-09-04 | SourceCodester Food Ordering Management System ticket-status.php sql injection |
| CVE-2024-8417 | 2024-09-04 | 云课网络科技有限公司 Yunke Online School System videobind.html sensitive information in source |
| CVE-2024-44948 | 2024-09-04 | x86/mtrr: Check if fixed MTRRs exist before saving them |
| CVE-2024-44949 | 2024-09-04 | parisc: fix a possible DMA corruption |
| CVE-2024-44950 | 2024-09-04 | serial: sc16is7xx: fix invalid FIFO access with special register set |
| CVE-2024-44951 | 2024-09-04 | serial: sc16is7xx: fix TX fifo corruption |
| CVE-2024-44953 | 2024-09-04 | scsi: ufs: core: Fix deadlock during RTC update |
| CVE-2024-44954 | 2024-09-04 | ALSA: line6: Fix racy access to midibuf |
| CVE-2024-44956 | 2024-09-04 | drm/xe/preempt_fence: enlarge the fence critical section |
| CVE-2024-44957 | 2024-09-04 | xen: privcmd: Switch from mutex to spinlock for irqfds |
| CVE-2024-44958 | 2024-09-04 | sched/smt: Fix unbalance sched_smt_present dec/inc |
| CVE-2024-44959 | 2024-09-04 | tracefs: Use generic inode RCU for synchronizing freeing |
| CVE-2024-44960 | 2024-09-04 | usb: gadget: core: Check for unset descriptor |
| CVE-2024-44961 | 2024-09-04 | drm/amdgpu: Forward soft recovery errors to userspace |
| CVE-2024-44962 | 2024-09-04 | Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading |
| CVE-2024-44963 | 2024-09-04 | btrfs: do not BUG_ON() when freeing tree block after error |
| CVE-2024-44964 | 2024-09-04 | idpf: fix memory leaks and crashes while performing a soft reset |
| CVE-2024-44965 | 2024-09-04 | x86/mm: Fix pti_clone_pgtable() alignment assumption |
| CVE-2024-44966 | 2024-09-04 | binfmt_flat: Fix corruption when not offsetting data start |
| CVE-2024-44967 | 2024-09-04 | drm/mgag200: Bind I2C lifetime to DRM device |
| CVE-2024-44968 | 2024-09-04 | tick/broadcast: Move per CPU pointer access into the atomic section |
| CVE-2024-44969 | 2024-09-04 | s390/sclp: Prevent release of buffer in I/O |
| CVE-2024-44970 | 2024-09-04 | net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink |
| CVE-2024-44971 | 2024-09-04 | net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() |
| CVE-2024-44972 | 2024-09-04 | btrfs: do not clear page dirty inside extent_write_locked_range() |
| CVE-2024-44973 | 2024-09-04 | mm, slub: do not call do_slab_free for kfence object |
| CVE-2024-44974 | 2024-09-04 | mptcp: pm: avoid possible UaF when selecting endp |
| CVE-2024-44975 | 2024-09-04 | cgroup/cpuset: fix panic caused by partcmd_update |
| CVE-2024-44976 | 2024-09-04 | ata: pata_macio: Fix DMA table overflow |
| CVE-2024-44977 | 2024-09-04 | drm/amdgpu: Validate TA binary size |
| CVE-2024-44978 | 2024-09-04 | drm/xe: Free job before xe_exec_queue_put |
| CVE-2024-44979 | 2024-09-04 | drm/xe: Fix missing workqueue destroy in xe_gt_pagefault |
| CVE-2024-44980 | 2024-09-04 | drm/xe: Fix opregion leak |
| CVE-2024-44981 | 2024-09-04 | workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask() |
| CVE-2024-44982 | 2024-09-04 | drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails |
| CVE-2024-44983 | 2024-09-04 | netfilter: flowtable: validate vlan header |
| CVE-2024-44984 | 2024-09-04 | bnxt_en: Fix double DMA unmapping for XDP_REDIRECT |
| CVE-2024-44985 | 2024-09-04 | ipv6: prevent possible UAF in ip6_xmit() |
| CVE-2024-44986 | 2024-09-04 | ipv6: fix possible UAF in ip6_finish_output2() |
| CVE-2024-44987 | 2024-09-04 | ipv6: prevent UAF in ip6_send_skb() |