CVE List - 2024 / September
Showing 301 - 400 of 2518 CVEs for September 2024 (Page 4 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-44986 | 2024-09-04 | ipv6: fix possible UAF in ip6_finish_output2() |
| CVE-2024-44987 | 2024-09-04 | ipv6: prevent UAF in ip6_send_skb() |
| CVE-2024-44988 | 2024-09-04 | net: dsa: mv88e6xxx: Fix out-of-bound access |
| CVE-2024-44989 | 2024-09-04 | bonding: fix xfrm real_dev null pointer dereference |
| CVE-2024-44990 | 2024-09-04 | bonding: fix null pointer deref in bond_ipsec_offload_ok |
| CVE-2024-44991 | 2024-09-04 | tcp: prevent concurrent execution of tcp_sk_exit_batch |
| CVE-2024-44992 | 2024-09-04 | smb/client: avoid possible NULL dereference in cifs_free_subrequest() |
| CVE-2024-44993 | 2024-09-04 | drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()` |
| CVE-2024-44994 | 2024-09-04 | iommu: Restore lost return in iommu_report_device_fault() |
| CVE-2024-44995 | 2024-09-04 | net: hns3: fix a deadlock problem when config TC during resetting |
| CVE-2024-44996 | 2024-09-04 | vsock: fix recursive ->recvmsg calls |
| CVE-2024-44997 | 2024-09-04 | net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() |
| CVE-2024-44998 | 2024-09-04 | atm: idt77252: prevent use after free in dequeue_rx() |
| CVE-2024-44999 | 2024-09-04 | gtp: pull network headers in gtp_dev_xmit() |
| CVE-2024-45000 | 2024-09-04 | fs/netfs/fscache_cookie: add missing "n_accesses" check |
| CVE-2024-45001 | 2024-09-04 | net: mana: Fix RX buf alloc_size alignment and atomic op panic |
| CVE-2024-45002 | 2024-09-04 | rtla/osnoise: Prevent NULL dereference in error handling |
| CVE-2024-45003 | 2024-09-04 | vfs: Don't evict inode under the inode lru traversing context |
| CVE-2024-45004 | 2024-09-04 | KEYS: trusted: dcp: fix leak of blob encryption key |
| CVE-2024-45005 | 2024-09-04 | KVM: s390: fix validity interception issue when gisa is switched off |
| CVE-2024-45006 | 2024-09-04 | xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration |
| CVE-2024-45007 | 2024-09-04 | char: xillybus: Don't destroy workqueue from work item running on it |
| CVE-2024-45008 | 2024-09-04 | Input: MT - limit max slots |
| CVE-2024-45399 | 2024-09-04 | Indico has a Cross-Site-Scripting during account creation |
| CVE-2024-45395 | 2024-09-04 | Unbounded loop over untrusted input can lead to endless data attack |
| CVE-2024-20505 | 2024-09-04 | ClamAV Memory Handling DoS |
| CVE-2024-20506 | 2024-09-04 | ClamAV Privilege Handling Escalation Vulnerability |
| CVE-2024-2166 | 2024-09-04 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... |
| CVE-2024-45429 | 2024-09-04 | Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5... |
| CVE-2024-42885 | 2024-09-05 | SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows... |
| CVE-2024-44587 | 2024-09-05 | itsourcecode Alton Management System 1.0 is vulnerable to SQL Injection... |
| CVE-2024-44727 | 2024-09-05 | Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via... |
| CVE-2024-44728 | 2024-09-05 | Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via... |
| CVE-2024-45158 | 2024-09-05 | An issue was discovered in Mbed TLS 3.6 before 3.6.1.... |
| CVE-2024-45171 | 2024-09-05 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401.... |
| CVE-2024-45173 | 2024-09-05 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401.... |
| CVE-2024-45175 | 2024-09-05 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401.... |
| CVE-2024-45178 | 2024-09-05 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401.... |
| CVE-2024-45589 | 2024-09-05 | RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts... |
| CVE-2023-51712 | 2024-09-05 | An issue was discovered in Trusted Firmware-M through 2.0.0. The... |
| CVE-2024-45157 | 2024-09-05 | An issue was discovered in Mbed TLS before 2.28.9 and... |
| CVE-2024-45159 | 2024-09-05 | An issue was discovered in Mbed TLS 3.x before 3.6.1.... |
| CVE-2024-45176 | 2024-09-05 | An issue was discovered in za-internet C-MOR Video Surveillance 5.2401.... |
| CVE-2024-7627 | 2024-09-05 | Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition |
| CVE-2024-45287 | 2024-09-05 | Multiple vulnerabilities in libnv |
| CVE-2024-45288 | 2024-09-05 | Multiple vulnerabilities in libnv |
| CVE-2024-41928 | 2024-09-05 | bhyve(8) privileged guest escape via TPM device passthrough |
| CVE-2024-8178 | 2024-09-05 | Multiple issues in ctl(4) CAM Target Layer |
| CVE-2024-42416 | 2024-09-05 | Multiple issues in ctl(4) CAM Target Layer |
| CVE-2024-43110 | 2024-09-05 | Multiple issues in ctl(4) CAM Target Layer |
| CVE-2024-45063 | 2024-09-05 | Multiple issues in ctl(4) CAM Target Layer |
| CVE-2024-32668 | 2024-09-05 | bhyve(8) privileged guest escape via USB controller |
| CVE-2024-43102 | 2024-09-05 | umtx Kernel panic or Use-After-Free |
| CVE-2024-6846 | 2024-09-05 | SmartSearchWP <= 2.4.4 - Unauthenticated Log Purge |
| CVE-2024-6835 | 2024-09-05 | Ivory Search – WordPress Search Plugin <= 5.5.6 - Information Exposure via AJAX Search Form |
| CVE-2024-5309 | 2024-09-05 | Form Vibes – Database Manager for Forms <= 1.4.12 - Missing Authorization in Multiple Functions |
| CVE-2024-8363 | 2024-09-05 | Share This Image <= 2.02 - Authenticated (Contributor+) Stored Cross-Site Scripting via STI Buttons Shortcode |
| CVE-2024-45107 | 2024-09-05 | ZDI-CAN-24186: Adobe Acrobat Reader DC Doc Object Use-After-Free Information Disclosure Vulnerability |
| CVE-2024-6332 | 2024-09-05 | Booking for Appointments and Events Calendar – Amelia Premium <= 7.7 and Lite <= 1.2.3 - Missing Authorization to Sensitive Information Exposure |
| CVE-2024-6929 | 2024-09-05 | Dynamic Featured Image <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via dfiFeatured Parameter |
| CVE-2024-6894 | 2024-09-05 | RD Station <= 5.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-5956 | 2024-09-05 | This vulnerability allows unauthenticated remote attackers to bypass authentication and... |
| CVE-2024-5957 | 2024-09-05 | This vulnerability allows unauthenticated remote attackers to bypass authentication and... |
| CVE-2024-7605 | 2024-09-05 | HelloAsso <= 1.1.10 - Missing Authorization to Authenticated (Contributor+) Limited Options Update |
| CVE-2022-3556 | 2024-09-05 | Cab fare calculator <= 1.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting |
| CVE-2024-7380 | 2024-09-05 | Geo Controller <= 8.6.9 - Missing Authorization to Authenticated (Subscriber+) Menu Creation/Deletion |
| CVE-2024-7381 | 2024-09-05 | Geo Controller <= 8.6.9 - Missing Authorization to Unauthenticated Shortcode Execution |
| CVE-2022-4529 | 2024-09-05 | Security, Antivirus, Firewall – S.A.F <= 2.3.5 - IP Address Spoofing to Protection Mechanism Bypass |
| CVE-2024-8460 | 2024-09-05 | D-Link DNS-320 Web Management Interface widget_api.cgi information disclosure |
| CVE-2024-8461 | 2024-09-05 | D-Link DNS-320 Web Management Interface discovery.cgi information disclosure |
| CVE-2024-8463 | 2024-09-05 | File upload restriction bypass vulnerability in Job Portal |
| CVE-2024-8464 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8465 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8466 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8467 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8468 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8469 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8470 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8462 | 2024-09-05 | Windmill HTTP Request users.rs excessive authentication |
| CVE-2024-7884 | 2024-09-05 | Memory leak when calling a canister method via `ic_cdk::call` |
| CVE-2024-8471 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8472 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8473 | 2024-09-05 | SQL injection vulnerability in Job Portal |
| CVE-2024-8445 | 2024-09-05 | 389-ds-base: server crash while modifying `userpassword` using malformed input (incomplete fix for cve-2024-2199) |
| CVE-2024-45098 | 2024-09-05 | IBM Aspera Faspex bypass security |
| CVE-2024-45096 | 2024-09-05 | IBM Aspera Faspex information disclosure |
| CVE-2024-45097 | 2024-09-05 | IBM Aspera Faspex bypass security |
| CVE-2024-24759 | 2024-09-05 | MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding |
| CVE-2024-45392 | 2024-09-05 | SuiteCRM has wrong deletion permission checks on API delete call |
| CVE-2024-45401 | 2024-09-05 | stripe-cli Path Traversal vulnerability |
| CVE-2024-7591 | 2024-09-05 | Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection |
| CVE-2024-42491 | 2024-09-05 | A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used |
| CVE-2024-8395 | 2024-09-05 | FlyCASS Cockpit Access Security System (CASS) SQL Injection |
| CVE-2024-39278 | 2024-09-05 | Hughes Network Systems Insufficiently Protected Credentials |
| CVE-2024-42495 | 2024-09-05 | Hughes Network Systems WL3000 Missing Encryption of Sensitive Data |
| CVE-2024-45400 | 2024-09-05 | CKEditor Open Link plugin vulnerable to Cross-site Scripting |
| CVE-2024-44082 | 2024-09-06 | In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there... |
| CVE-2024-44401 | 2024-09-06 | D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C... |
| CVE-2024-44402 | 2024-09-06 | D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm. |
| CVE-2024-44408 | 2024-09-06 | D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device... |