CVE List - 2024 / September
Showing 601 - 700 of 2516 CVEs for September 2024 (Page 7 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-8611 | 2024-09-09 | itsourcecode Tailoring Management System ssms.php sql injection |
| CVE-2023-36103 | 2024-09-10 | Command Injection vulnerability in goform/SetIPTVCfg interface of Tenda AC15 V15.03.05.20 allows remote attackers to run arbitrary commands via crafted POST request. |
| CVE-2023-37226 | 2024-09-10 | Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function. |
| CVE-2023-37227 | 2024-09-10 | Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data. |
| CVE-2023-37229 | 2024-09-10 | Loftware Spectrum before 5.1 allows SSRF. |
| CVE-2023-37230 | 2024-09-10 | Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF. |
| CVE-2023-37231 | 2024-09-10 | Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password. |
| CVE-2023-37232 | 2024-09-10 | Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor. |
| CVE-2023-37233 | 2024-09-10 | Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks. |
| CVE-2023-37234 | 2024-09-10 | Loftware Spectrum through 4.6 has unprotected JMX Registry. |
| CVE-2024-25073 | 2024-09-10 | An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos... |
| CVE-2024-25074 | 2024-09-10 | An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos... |
| CVE-2024-31960 | 2024-09-10 | An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference count bug. This can lead to a use after free. |
| CVE-2024-34831 | 2024-09-10 | cross-site scripting (XSS) vulnerability in Gibbon Core v26.0.00 allows an attacker to execute arbitrary code via the imageLink parameter in the library_manage_catalog_editProcess.php component. |
| CVE-2024-37728 | 2024-09-10 | Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" interface |
| CVE-2024-43040 | 2024-09-10 | Renwoxing Enterprise Intelligent Management System before v3.0 was discovered to contain a SQL injection vulnerability via the parid parameter at /fx/baseinfo/SearchInfo. |
| CVE-2024-44667 | 2024-09-10 | Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root... |
| CVE-2024-44815 | 2024-09-10 | Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV. |
| CVE-2024-44867 | 2024-09-10 | phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component /autoload/file.php. |
| CVE-2024-44871 | 2024-09-10 | An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file. |
| CVE-2024-44872 | 2024-09-10 | A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. |
| CVE-2024-44893 | 2024-09-10 | An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. |
| CVE-2024-44676 | 2024-09-10 | eladmin v2.7 and before is vulnerable to Cross Site Scripting (XSS) which allows an attacker to execute arbitrary code via LocalStoreController. java. |
| CVE-2024-44677 | 2024-09-10 | eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component. |
| CVE-2024-38270 | 2024-09-10 | An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. This... |
| CVE-2024-6342 | 2024-09-10 | **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and NAS542 firmware versions through V5.21(ABAG.15)C0 could allow an unauthenticated attacker to... |
| CVE-2024-8268 | 2024-09-10 | Frontend Dashboard <= 2.2.4 - Authenticated (Subscriber+) Arbitrary Function Call |
| CVE-2024-8478 | 2024-09-10 | Affiliate Super Assistent <= 1.5.3 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-41729 | 2024-09-10 | Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer) |
| CVE-2024-42371 | 2024-09-10 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-42378 | 2024-09-10 | Cross-Site Scripting (XSS) in eProcurement on S/4HANA |
| CVE-2024-42380 | 2024-09-10 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-44113 | 2024-09-10 | Information Disclosure vulnerability in the SAP Business Warehouse (BEx Analyzer) |
| CVE-2024-44114 | 2024-09-10 | Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-44115 | 2024-09-10 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-44116 | 2024-09-10 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-45286 | 2024-09-10 | Missing Authorization check in SAP Production and Revenue Accounting (Tobin interface) |
| CVE-2024-41728 | 2024-09-10 | Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-44112 | 2024-09-10 | Missing Authorization check in SAP for Oil & Gas (Transportation and Distribution) |
| CVE-2024-44117 | 2024-09-10 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-44120 | 2024-09-10 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal |
| CVE-2024-44121 | 2024-09-10 | Information Disclosure in SAP S/4 HANA (Statutory Reports) |
| CVE-2024-45279 | 2024-09-10 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP (CRM Blueprint Application Builder Panel) |
| CVE-2024-45280 | 2024-09-10 | Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver AS Java (Logon Application) |
| CVE-2024-45281 | 2024-09-10 | DLL hijacking vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2024-45504 | 2024-09-10 | Cross-site request forgery (CSRF) vulnerability in multiple Alps System Integration products and the OEM products allow a remote unauthenticated attacker to hijack the authentication of the user and to perform... |
| CVE-2024-45283 | 2024-09-10 | Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service) |
| CVE-2024-0067 | 2024-09-10 | Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local... |
| CVE-2024-45284 | 2024-09-10 | Missing authorization check in SAP Student Life Cycle Management (SLcM) |
| CVE-2024-6509 | 2024-09-10 | Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis... |
| CVE-2024-45285 | 2024-09-10 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-21528 | 2024-09-10 | All versions of the package node-gettext are vulnerable to Prototype Pollution via the addTranslations() function in gettext.js due to improper user input sanitization. |
| CVE-2024-6173 | 2024-09-10 | 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block... |
| CVE-2024-6979 | 2024-09-10 | Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed.... |
| CVE-2024-7784 | 2024-09-10 | During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to... |
| CVE-2024-7891 | 2024-09-10 | Floating Contact Button < 2.8 - Admin+ Stored XSS |
| CVE-2024-7955 | 2024-09-10 | Starbox < 3.5.2 - Admin+ Stored XSS |
| CVE-2024-44072 | 2024-09-10 | OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to... |
| CVE-2024-7655 | 2024-09-10 | Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-7618 | 2024-09-10 | Community by PeepSo – Social Network, Membership, Registration, User Profiles <= 6.4.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via content Parameter |
| CVE-2024-42427 | 2024-09-10 | Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access could potentially exploit this... |
| CVE-2024-6596 | 2024-09-10 | Endress+Hauser: Multiple products are vulnerable to code injection |
| CVE-2024-7734 | 2024-09-10 | Phoenix Contact: Multiple mGuard devices are vulnerable to a drain of open file descriptors. |
| CVE-2024-42424 | 2024-09-10 | Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to... |
| CVE-2024-42425 | 2024-09-10 | Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentially... |
| CVE-2024-8258 | 2024-09-10 | Insecure Electron Fuses in Logitech Options Plus Allowing Arbitrary Code Execution on macOS |
| CVE-2024-7698 | 2024-09-10 | Phoenix Contact: Access to CSRF tokens of higher privileged users in MGUARD products |
| CVE-2024-7699 | 2024-09-10 | Phoenix Contact: OS command execution in MGUARD products |
| CVE-2024-43385 | 2024-09-10 | Phoenix Contact: OS command execution through PROXY_HTTP_PORT in mGuard devices |
| CVE-2024-43386 | 2024-09-10 | Phoenix Contact: OS command execution through EMAIL_NOTIFICATION.TO in mGuard devices. |
| CVE-2024-43387 | 2024-09-10 | Phoenix Contact: Access files due to improper neutralization of special elements in MGUARD devices |
| CVE-2024-43388 | 2024-09-10 | Phoenix Contact: SNMP reconfiguration due to improper input validation in MGUARD devices |
| CVE-2024-43389 | 2024-09-10 | Phoenix Contact: OSPF reconfiguration due to improper input validation in MGUARD devices |
| CVE-2024-43390 | 2024-09-10 | Phoenix Contact: Firewall reconfiguration due to improper input validation in MGUARD devices |
| CVE-2024-43391 | 2024-09-10 | Phoenix Contact: Firewall reconfiguration through the FW_PORTFORWARDING.SRC_IP in MGUARD devices |
| CVE-2024-43392 | 2024-09-10 | Phoenix Contact: Firewall reconfiguration through the FW_environment variables in MGUARD devices |
| CVE-2024-43393 | 2024-09-10 | Phoenix Contact: Configuration changes of the firewall services can lead to DoS in MGUARD devices |
| CVE-2024-39583 | 2024-09-10 | Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading... |
| CVE-2024-39581 | 2024-09-10 | Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read,... |
| CVE-2024-39580 | 2024-09-10 | Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
| CVE-2024-39574 | 2024-09-10 | Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service. |
| CVE-2024-39582 | 2024-09-10 | Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. |
| CVE-2024-8543 | 2024-09-10 | Slider comparison image before and after <= 0.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-8241 | 2024-09-10 | Nova Blocks by Pixelgrade <= 2.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Attribute |
| CVE-2023-2919 | 2024-09-10 | Tutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable' |
| CVE-2023-28827 | 2024-09-10 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1... |
| CVE-2023-30755 | 2024-09-10 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1... |
| CVE-2023-30756 | 2024-09-10 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions < V3.5.20), SIMATIC CP 1243-1... |
| CVE-2023-49069 | 2024-09-10 | A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions <... |
| CVE-2024-32006 | 2024-09-10 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could... |
| CVE-2024-33698 | 2024-09-10 | A vulnerability has been identified in Opcenter Quality (All versions < V2406), Opcenter RDnL (All versions < V2410), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions... |
| CVE-2024-35783 | 2024-09-10 | A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions < V2020 SP2 Update 5), SIMATIC Information Server 2022 (All versions < V2022... |
| CVE-2024-37990 | 2024-09-10 | A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All... |
| CVE-2024-37991 | 2024-09-10 | A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All... |
| CVE-2024-37992 | 2024-09-10 | A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All... |
| CVE-2024-37993 | 2024-09-10 | A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All... |
| CVE-2024-37994 | 2024-09-10 | A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All... |
| CVE-2024-37995 | 2024-09-10 | A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All... |
| CVE-2024-41170 | 2024-09-10 | A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0015), Tecnomatix Plant Simulation V2404 (All versions < V2404.0004). The affected applications contain a stack based overflow... |
| CVE-2024-41171 | 2024-09-10 | A vulnerability has been identified in SINUMERIK 828D V4 (All versions), SINUMERIK 828D V5 (All versions < V5.24), SINUMERIK 840D sl V4 (All versions), SINUMERIK ONE (All versions < V6.24).... |