The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2024-38353 | CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image\'s URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an attacker can determine the filenames for previously uploaded images and the likelihood of this issue being exploited is increased. This vulnerability is fixed in 2.5.4. | -- | Jul 11, 2024 |
| CVE-2024-38352 | Rejected reason: CVE was assigned in error. | -- | Jun 19, 2024 |
| CVE-2024-38351 | Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register with the targeted user\'s email (it is unverified), 2. at some later point in time the targeted user stumble on your app and decides to sign-up with OAuth2 (_this step could be also initiated by the attacker by sending an invite email to the targeted user_), 3. on successful OAuth2 auth we search for an existing PocketBase user matching with the OAuth2 user\'s email and associate them, 4. because we haven\'t changed the password of the existing PocketBase user during the linking, the malicious actor has access to the targeted user account and will be able to login with the initially created email/password. To prevent this for happening we now reset the password for this specific case if the previously created user wasn\'t verified (an exception to this is if the linking is explicit/manual, aka. when you send `Authorization:TOKEN` with the OAuth2 auth call). Additionally to warn existing users we now send an email alert in case the user has logged in with password but has at least one OAuth2 account linked. The flow will be further improved with ongoing refactoring and we will start sending emails for unrecognized device logins (OTP and MFA is already implemented and will be available with the next v0.23.0 release in the near future). For the time being users are advised to update to version 0.22.14. There are no known workarounds for this vulnerability. | -- | Jun 18, 2024 |
| CVE-2024-38348 | CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter. | -- | Jun 18, 2024 |
| CVE-2024-38347 | CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Room Information module via the id parameter. | -- | Jun 18, 2024 |
| CVE-2024-38346 | The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code execution via agents on the hosts that may run as a privileged user. An attacker that can reach the cluster service on the unauthenticated port (default 9090), can exploit this to perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure. Users are recommended to restrict the network access to the cluster service port (default 9090) on a CloudStack management server host to only its peer CloudStack management server hosts. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue. | -- | Jul 8, 2024 |
| CVE-2024-38345 | A cross-site request forgery vulnerability exists in Sola Testimonials versions prior to 3.0.0. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site. | -- | Jul 4, 2024 |
| CVE-2024-38344 | A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this vulnerability is exploited, an attacker allows a user who logs in to the WordPress site where the affected plugin is enabled to access a malicious page. As a result, the user may perform unintended operations on the WordPress site. | -- | Jul 4, 2024 |
| CVE-2024-38330 | IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227. | -- | Jul 8, 2024 |
| CVE-2024-38329 | IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994. | -- | Jun 20, 2024 |
| CVE-2024-38322 | IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869. | -- | Jul 1, 2024 |
| CVE-2024-38319 | IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script. IBM X-Force ID: 294830. | -- | Jun 24, 2024 |
| CVE-2024-38313 | In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address This vulnerability affects Firefox for iOS < 127. | -- | Jun 13, 2024 |
| CVE-2024-38312 | When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127. | -- | Jun 13, 2024 |
| CVE-2024-38306 | In the Linux kernel, the following vulnerability has been resolved: btrfs: protect folio::private when attaching extent buffer folios [BUG] Since v6.8 there are rare kernel crashes reported by various people, the common factor is bad page status error messages like this: BUG: Bad page state in process kswapd0 pfn:d6e840 page: refcount:0 mapcount:0 mapping:000000007512f4f2 index:0x2796c2c7c pfn:0xd6e840 aops:btree_aops ino:1 flags: 0x17ffffe0000008(uptodate|node=0|zone=2|lastcpupid=0x3fffff) page_type: 0xffffffff() raw: 0017ffffe0000008 dead000000000100 dead000000000122 ffff88826d0be4c0 raw: 00000002796c2c7c 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: non-NULL mapping [CAUSE] Commit 09e6cef19c9f (btrfs: refactor alloc_extent_buffer() to allocate-then-attach method) changes the sequence when allocating a new extent buffer. Previously we always called grab_extent_buffer() under mapping->i_private_lock, to ensure the safety on modification on folio::private (which is a pointer to extent buffer for regular sectorsize). This can lead to the following race: Thread A is trying to allocate an extent buffer at bytenr X, with 4 4K pages, meanwhile thread B is trying to release the page at X + 4K (the second page of the extent buffer at X). Thread A | Thread B -----------------------------------+------------------------------------- | btree_release_folio() | | This is for the page at X + 4K, | | Not page X. | | alloc_extent_buffer() | |- release_extent_buffer() |- filemap_add_folio() for the | | |- atomic_dec_and_test(eb->refs) | page at bytenr X (the first | | | | page). | | | | Which returned -EEXIST. | | | | | | | |- filemap_lock_folio() | | | | Returned the first page locked. | | | | | | | |- grab_extent_buffer() | | | | |- atomic_inc_not_zero() | | | | | Returned false | | | | |- folio_detach_private() | | |- folio_detach_private() for X | |- folio_test_private() | | |- folio_test_private() | Returned true | | | Returned true |- folio_put() | |- folio_put() Now there are two puts on the same folio at folio X, leading to refcount underflow of the folio X, and eventually causing the BUG_ON() on the page->mapping. The condition is not that easy to hit: - The release must be triggered for the middle page of an eb If the release is on the same first page of an eb, page lock would kick in and prevent the race. - folio_detach_private() has a very small race window It\'s only between folio_test_private() and folio_clear_private(). That\'s exactly when mapping->i_private_lock is used to prevent such race, and commit 09e6cef19c9f (btrfs: refactor alloc_extent_buffer() to allocate-then-attach method) screwed that up. At that time, I thought the page lock would kick in as filemap_release_folio() also requires the page to be locked, but forgot the filemap_release_folio() only locks one page, not all pages of an extent buffer. [FIX] Move all the code requiring i_private_lock into attach_eb_folio_to_filemap(), so that everything is done with proper lock protection. Furthermore to prevent future problems, add an extra lockdep_assert_locked() to ensure we\'re holding the proper lock. To reproducer that is able to hit the race (takes a few minutes with instrumented code inserting delays to alloc_extent_buffer()): #!/bin/sh drop_caches () { while(true); do echo 3 > /proc/sys/vm/drop_caches echo 1 > /proc/sys/vm/compact_memory done } run_tar () { while(true); do for x in `seq 1 80` ; do tar cf /dev/zero /mnt > /dev/null & done wait done } mkfs.btrfs -f -d single -m single ---truncated--- | -- | Jun 25, 2024 |
| CVE-2024-38302 | Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. | -- | Jul 18, 2024 |
| CVE-2024-38301 | Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulnerability. A low privileged attacker could potentially exploit this vulnerability, leading to denial of service on the local system and information disclosure. | -- | Jul 10, 2024 |
| CVE-2024-38295 | ALCASAR before 3.6.1 allows still_connected.php remote code execution. | -- | Jun 13, 2024 |
| CVE-2024-38294 | ALCASAR before 3.6.1 allows email_registration_back.php remote code execution. | -- | Jun 13, 2024 |
| CVE-2024-38293 | ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php. | -- | Jun 13, 2024 |
| CVE-2024-38289 | A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input. | -- | Jul 25, 2024 |
| CVE-2024-38288 | A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root. | -- | Jul 25, 2024 |
| CVE-2024-38287 | The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to force the application into resetting the administrator\'s password to a random insecure 8-digit value. | -- | Jul 25, 2024 |
| CVE-2024-38285 | Logs storing credentials are insufficiently protected and can be decoded through the use of open source tools. | -- | Jun 13, 2024 |
| CVE-2024-38284 | Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls. | -- | Jun 13, 2024 |
| CVE-2024-38283 | Sensitive customer information is stored in the device without encryption. | -- | Jun 13, 2024 |
| CVE-2024-38282 | Utilizing default credentials, an attacker is able to log into the camera\'s operating system which could allow changes to be made to the operations or shutdown the camera requiring a physical reboot of the system. | -- | Jun 13, 2024 |
| CVE-2024-38281 | An attacker can access the maintenance console using hard coded credentials for a hidden wireless network on the device. | -- | Jun 13, 2024 |
| CVE-2024-38280 | An unauthorized user is able to gain access to sensitive data, including credentials, by physically retrieving the hard disk of the product as the data is stored in clear text. | -- | Jun 13, 2024 |
| CVE-2024-38279 | The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes. | -- | Jun 13, 2024 |
| CVE-2024-38278 | A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.9.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG907R (All versions < V5.9.0), RUGGEDCOM RSG908C (All versions < V5.9.0), RUGGEDCOM RSG909R (All versions < V5.9.0), RUGGEDCOM RSG910C (All versions < V5.9.0), RUGGEDCOM RSG920P V5.X (All versions < V5.9.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSL910 (All versions < V5.9.0), RUGGEDCOM RSL910NC (All versions < V5.9.0), RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0), RUGGEDCOM RST916C (All versions < V5.9.0), RUGGEDCOM RST916P (All versions < V5.9.0). The affected products with IP forwarding enabled wrongly make available certain remote services in non-managed VLANs, even if these services are not intentionally activated. An attacker could leverage this vulnerability to create a remote shell to the affected system. | -- | Jul 9, 2024 |
| CVE-2024-38277 | A unique key should be generated for a user\'s QR login key and their auto-login key, so the same key cannot be used interchangeably between the two. | -- | Jun 18, 2024 |
| CVE-2024-38276 | Incorrect CSRF token checks resulted in multiple CSRF risks. | -- | Jun 18, 2024 |
| CVE-2024-38275 | The cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs. | -- | Jun 18, 2024 |
| CVE-2024-38274 | Insufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt. | -- | Jun 18, 2024 |
| CVE-2024-38273 | Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access. | -- | Jun 18, 2024 |
| CVE-2024-38272 | There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file dialog on QuickShare Windows. Normally in QuickShare Windows app we can\'t send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quickshare or above | -- | Jun 27, 2024 |
| CVE-2024-38271 | There exists a vulnerability in Quickshare/Nearby where an attacker can force the a victim to stay connected to a temporary hotspot created for the share. As part of the sequence of packets in a QuickShare connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi network and then sends an OfflineFrame that crashes Quick Share. This makes the Wifi connection to the attacker’s network last instead of returning to the old network when the Quick Share session is done allowing the attacker to be a MiTM. We recommend upgrading to version 1.0.1724.0 of Quickshare or above | -- | Jun 27, 2024 |
| CVE-2024-38176 | An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | -- | Jul 23, 2024 |
| CVE-2024-38164 | An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | -- | Jul 23, 2024 |
| CVE-2024-38156 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | -- | Jul 19, 2024 |
| CVE-2024-38112 | Windows MSHTML Platform Spoofing Vulnerability | -- | Jul 10, 2024 |
| CVE-2024-38105 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | -- | Jul 9, 2024 |
| CVE-2024-38104 | Windows Fax Service Remote Code Execution Vulnerability | -- | Jul 9, 2024 |
| CVE-2024-38103 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | -- | Jul 25, 2024 |
| CVE-2024-38102 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | -- | Jul 9, 2024 |
| CVE-2024-38101 | Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability | -- | Jul 9, 2024 |
| CVE-2024-38100 | Windows File Explorer Elevation of Privilege Vulnerability | -- | Jul 9, 2024 |
| CVE-2024-38099 | Windows Remote Desktop Licensing Service Denial of Service Vulnerability | -- | Jul 9, 2024 |
| CVE-2024-38095 | .NET and Visual Studio Denial of Service Vulnerability | -- | Jul 9, 2024 |
