CVE List - 2024 / September
Showing 801 - 900 of 2518 CVEs for September 2024 (Page 9 of 26)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-38263 | 2024-09-10 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-21416 | 2024-09-10 | Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2024-38045 | 2024-09-10 | Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2024-38119 | 2024-09-10 | Windows Network Address Translation (NAT) Remote Code Execution Vulnerability |
| CVE-2024-43454 | 2024-09-10 | Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability |
| CVE-2024-43455 | 2024-09-10 | Windows Remote Desktop Licensing Service Spoofing Vulnerability |
| CVE-2024-43457 | 2024-09-10 | Windows Setup and Deployment Elevation of Privilege Vulnerability |
| CVE-2024-43458 | 2024-09-10 | Windows Networking Information Disclosure Vulnerability |
| CVE-2024-43461 | 2024-09-10 | Windows MSHTML Platform Spoofing Vulnerability |
| CVE-2024-43466 | 2024-09-10 | Microsoft SharePoint Server Denial of Service Vulnerability |
| CVE-2024-43469 | 2024-09-10 | Azure CycleCloud Remote Code Execution Vulnerability |
| CVE-2024-43470 | 2024-09-10 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability |
| CVE-2024-43475 | 2024-09-10 | Microsoft Windows Admin Center Information Disclosure Vulnerability |
| CVE-2024-43476 | 2024-09-10 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| CVE-2024-43479 | 2024-09-10 | Microsoft Power Automate Desktop Remote Code Execution Vulnerability |
| CVE-2024-30073 | 2024-09-10 | Windows Security Zone Mapping Security Feature Bypass Vulnerability |
| CVE-2024-43487 | 2024-09-10 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2024-43491 | 2024-09-10 | Microsoft Windows Update Remote Code Execution Vulnerability |
| CVE-2024-43495 | 2024-09-10 | Windows libarchive Remote Code Execution Vulnerability |
| CVE-2024-38194 | 2024-09-10 | Azure Web Apps Elevation of Privilege Vulnerability |
| CVE-2024-37980 | 2024-09-10 | Microsoft SQL Server Elevation of Privilege Vulnerability |
| CVE-2024-45596 | 2024-09-10 | Directus's session is cached for OpenID and OAuth2 if `redirect` is not used |
| CVE-2024-45409 | 2024-09-10 | The Ruby SAML library vulnerable to a SAML authentication bypass via Incorrect XPath selector |
| CVE-2024-8503 | 2024-09-10 | VICIdial Unauthenticated SQL Injection |
| CVE-2024-8504 | 2024-09-10 | VICIdial Authenticated Remote Code Execution |
| CVE-2024-8655 | 2024-09-10 | Mercury MNVR816 web-static file access |
| CVE-2024-8232 | 2024-09-10 | iniNet Solutions SpiderControl SCADA Web Server Unrestricted Upload of File with Dangerous Type |
| CVE-2024-8190 | 2024-09-10 | An OS command injection vulnerability in Ivanti Cloud Services Appliance... |
| CVE-2024-8012 | 2024-09-10 | An authentication bypass weakness in the message broker service of... |
| CVE-2024-44103 | 2024-09-10 | DLL hijacking in the management console of Ivanti Workspace Control... |
| CVE-2024-44104 | 2024-09-10 | An incorrectly implemented authentication scheme that is subjected to a... |
| CVE-2024-44105 | 2024-09-10 | Cleartext transmission of sensitive information in the management console of... |
| CVE-2024-44106 | 2024-09-10 | Insufficient server-side controls in the management console of Ivanti Workspace... |
| CVE-2024-44107 | 2024-09-10 | DLL hijacking in the management console of Ivanti Workspace Control... |
| CVE-2024-8191 | 2024-09-10 | SQL injection in the management console of Ivanti EPM before... |
| CVE-2024-8320 | 2024-09-10 | Missing authentication in Network Isolation of Ivanti EPM before 2022... |
| CVE-2024-8321 | 2024-09-10 | Missing authentication in Network Isolation of Ivanti EPM before 2022... |
| CVE-2024-8322 | 2024-09-10 | Weak authentication in Patch Management of Ivanti EPM before 2022... |
| CVE-2024-8441 | 2024-09-10 | An uncontrolled search path in the agent of Ivanti EPM... |
| CVE-2024-45597 | 2024-09-10 | Pluto's http.request allows CR and LF in header values |
| CVE-2024-42760 | 2024-09-11 | SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker... |
| CVE-2024-44466 | 2024-09-11 | COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function... |
| CVE-2024-44541 | 2024-09-11 | evilnapsis Inventio Lite Versions v4 and before is vulnerable to... |
| CVE-2024-44570 | 2024-09-11 | RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code... |
| CVE-2024-44571 | 2024-09-11 | RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access... |
| CVE-2024-44572 | 2024-09-11 | RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command... |
| CVE-2024-44573 | 2024-09-11 | A stored cross-site scripting (XSS) vulnerability in the VLAN configuration... |
| CVE-2024-44574 | 2024-09-11 | RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command... |
| CVE-2024-44575 | 2024-09-11 | RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute... |
| CVE-2024-44577 | 2024-09-11 | RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command... |
| CVE-2024-44851 | 2024-09-11 | A stored cross-site scripting (XSS) vulnerability in the Discussion section... |
| CVE-2024-23716 | 2024-09-11 | In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due... |
| CVE-2024-31336 | 2024-09-11 | In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code... |
| CVE-2024-40650 | 2024-09-11 | In wifi_item_edit_content of styles.xml , there is a possible FRP... |
| CVE-2024-40652 | 2024-09-11 | In onCreate of SettingsHomepageActivity.java, there is a possible way to... |
| CVE-2024-40654 | 2024-09-11 | In multiple locations, there is a possible permission bypass due... |
| CVE-2024-40655 | 2024-09-11 | In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to... |
| CVE-2024-40656 | 2024-09-11 | In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to... |
| CVE-2024-40657 | 2024-09-11 | In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to... |
| CVE-2024-40658 | 2024-09-11 | In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of... |
| CVE-2024-40659 | 2024-09-11 | In getRegistration of RemoteProvisioningService.java, there is a possible way to... |
| CVE-2024-40662 | 2024-09-11 | In scheme of Uri.java, there is a possible way to... |
| CVE-2024-8253 | 2024-09-11 | Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation |
| CVE-2024-23906 | 2024-09-11 | Improper Neutralization of Input During Web Page Generation (CWE-79) in... |
| CVE-2024-24972 | 2024-09-11 | Buffer Copy without Checking Size of Input (CWE-120) in the... |
| CVE-2024-39808 | 2024-09-11 | Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000... |
| CVE-2024-43690 | 2024-09-11 | Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command... |
| CVE-2024-1656 | 2024-09-11 | Affected versions of Octopus Server had a weak content security... |
| CVE-2024-7721 | 2024-09-11 | HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.34 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update |
| CVE-2024-7727 | 2024-09-11 | HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.32 - Missing Authorization in multiple functions via h5vp_ajax_handler |
| CVE-2024-21529 | 2024-09-11 | Versions of the package dset before 3.1.4 are vulnerable to... |
| CVE-2024-3899 | 2024-09-11 | Envira Gallery < 1.8.15 - Author+ Stored XSS |
| CVE-2024-7716 | 2024-09-11 | GS Logo Slider Lite < 3.6.9 - Admin+ Stored XSS |
| CVE-2024-8440 | 2024-09-11 | Essential Addons for Elementor -- Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 6.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text Widget |
| CVE-2024-7626 | 2024-09-11 | WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) <= 1.6.9 - Improper Path Validation to Authenticated (Subscriber+) Arbitrary File Move and Read |
| CVE-2024-8045 | 2024-09-11 | Advanced WordPress Backgrounds <= 1.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via imageTag Parameter |
| CVE-2019-25212 | 2024-09-11 | video carousel slider with lightbox <= 1.0.6 - Authenticated (Admin+) SQL Injection |
| CVE-2024-8277 | 2024-09-11 | WooCommerce Photo Reviews Premium <= 1.3.13.2 - Authentication Bypass to Account Takeover and Privilege Escalation |
| CVE-2024-45327 | 2024-09-11 | An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through... |
| CVE-2024-8096 | 2024-09-11 | OCSP stapling bypass with GnuTLS |
| CVE-2024-5416 | 2024-09-11 | Elementor Website Builder – More than Just a Page Builder <= 3.23.4 - Authenticated (Contributor+) Stored Cross-Site Scripting in the URL Parameter in Multiple Widgets |
| CVE-2024-7609 | 2024-09-11 | Directory Traversal in Vidco Software's VOC TESTER |
| CVE-2024-45786 | 2024-09-11 | Improper Authorization Vulnerability |
| CVE-2024-45787 | 2024-09-11 | Information Disclosure Vulnerability |
| CVE-2024-45788 | 2024-09-11 | No Rate Limiting Vulnerability |
| CVE-2024-45789 | 2024-09-11 | Parameter Tampering Vulnerability |
| CVE-2024-45790 | 2024-09-11 | User Enumeration vulnerability |
| CVE-2024-6091 | 2024-09-11 | Shell Command Denylist Bypass in significant-gravitas/autogpt |
| CVE-2024-8646 | 2024-09-11 | Eclipse Glassfish: URL redirection vulnerability to untrusted sites |
| CVE-2024-8642 | 2024-09-11 | Eclipse EDC: Consumer pull transfer token validation checks not applied |
| CVE-2024-27113 | 2024-09-11 | Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02 |
| CVE-2024-27115 | 2024-09-11 | Remote Code Execution through File Upload in SOPlanning before 1.52.02 |
| CVE-2024-27114 | 2024-09-11 | Remote Code Execution through File Upload in SOPlanning before 1.52.02 |
| CVE-2024-27112 | 2024-09-11 | SQL Injection in SOPlanning before 1.52.02 |
| CVE-2024-8636 | 2024-09-11 | Heap buffer overflow in Skia in Google Chrome prior to... |
| CVE-2024-8637 | 2024-09-11 | Use after free in Media Router in Google Chrome on... |
| CVE-2024-8638 | 2024-09-11 | Type Confusion in V8 in Google Chrome prior to 128.0.6613.137... |
| CVE-2024-8639 | 2024-09-11 | Use after free in Autofill in Google Chrome on Android... |
| CVE-2024-43793 | 2024-09-11 | Halo's editor has a stored XSS vulnerability |
| CVE-2024-4465 | 2024-09-11 | Incorrect authorization for Reports configuration in Guardian/CMC before 24.2.0 |