CVE List - 2024 / November
Showing 1401 - 1500 of 4054 CVEs for November 2024 (Page 15 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-50324 | 2024-11-12 | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| CVE-2024-50326 | 2024-11-12 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| CVE-2024-50327 | 2024-11-12 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| CVE-2024-50328 | 2024-11-12 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. |
| CVE-2024-50329 | 2024-11-12 | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is... |
| CVE-2024-50330 | 2024-11-12 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. |
| CVE-2024-43415 | 2024-11-12 | Decidim-Awesome: SQL injection in AdminAccountability |
| CVE-2024-47535 | 2024-11-12 | Denial of Service attack on windows app using Netty |
| CVE-2024-10971 | 2024-11-12 | Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission. |
| CVE-2024-52297 | 2024-11-12 | Tolgee's configuration all configuration properties leaked in public configuration DTO |
| CVE-2024-47905 | 2024-11-12 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial... |
| CVE-2024-9420 | 2024-11-12 | A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution |
| CVE-2024-52296 | 2024-11-12 | libosdp has a null pointer deref in osdp_reply_name |
| CVE-2024-47906 | 2024-11-12 | Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker... |
| CVE-2024-47907 | 2024-11-12 | A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. |
| CVE-2024-47909 | 2024-11-12 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial... |
| CVE-2024-8495 | 2024-11-12 | A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service. |
| CVE-2024-11007 | 2024-11-12 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with... |
| CVE-2024-11006 | 2024-11-12 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with... |
| CVE-2024-52010 | 2024-11-12 | Zoraxy has an authenticated command injection in the Web SSH feature |
| CVE-2024-11005 | 2024-11-12 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with... |
| CVE-2024-11004 | 2024-11-12 | Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. |
| CVE-2024-8539 | 2024-11-12 | Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. |
| CVE-2024-9842 | 2024-11-12 | Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. |
| CVE-2024-9843 | 2024-11-12 | A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. |
| CVE-2024-7571 | 2024-11-12 | Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. |
| CVE-2024-49526 | 2024-11-12 | Animate | Use After Free (CWE-416) |
| CVE-2024-49528 | 2024-11-12 | Animate | Out-of-bounds Write (CWE-787) |
| CVE-2024-49527 | 2024-11-12 | Animate | Out-of-bounds Read (CWE-125) |
| CVE-2024-30133 | 2024-11-12 | HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability |
| CVE-2024-9999 | 2024-11-12 | Multi-Factor Authentication Bypass in Progress WS_FTP Server |
| CVE-2024-51749 | 2024-11-12 | Element's thumbnails can be abused to misrepresent the content of an attachment |
| CVE-2024-51750 | 2024-11-12 | Element allows a malicious homeserver can modify events leading to unrenderable events or rooms |
| CVE-2024-50336 | 2024-11-12 | matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal |
| CVE-2024-49521 | 2024-11-12 | Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918) |
| CVE-2024-49369 | 2024-11-12 | Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections |
| CVE-2024-10923 | 2024-11-12 | Improper Neutralization vulnerability has been discovered in OpenText™ ALM Octane Management. |
| CVE-2024-10943 | 2024-11-12 | FactoryTalk® Updater Authentication Bypass |
| CVE-2024-49514 | 2024-11-12 | Photoshop Desktop | Integer Underflow (Wrap or Wraparound) (CWE-191) |
| CVE-2024-10944 | 2024-11-12 | FactoryTalk® Updater Remote Code Execution |
| CVE-2024-10945 | 2024-11-12 | FactoryTalk® Updater Local Privilege Escalation |
| CVE-2024-21937 | 2024-11-12 | Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. |
| CVE-2024-21938 | 2024-11-12 | Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary... |
| CVE-2024-21939 | 2024-11-12 | Incorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. |
| CVE-2024-21945 | 2024-11-12 | Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. |
| CVE-2024-21946 | 2024-11-12 | Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. |
| CVE-2024-21949 | 2024-11-12 | Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash. |
| CVE-2024-21957 | 2024-11-12 | Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. |
| CVE-2024-21958 | 2024-11-12 | Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. |
| CVE-2024-21974 | 2024-11-12 | Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. |
| CVE-2024-21975 | 2024-11-12 | Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. |
| CVE-2024-21976 | 2024-11-12 | Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. |
| CVE-2024-8068 | 2024-11-12 | Privilege escalation to NetworkService Account access |
| CVE-2024-43530 | 2024-11-12 | Windows Update Stack Elevation of Privilege Vulnerability |
| CVE-2024-43499 | 2024-11-12 | .NET and Visual Studio Denial of Service Vulnerability |
| CVE-2024-43602 | 2024-11-12 | Azure CycleCloud Remote Code Execution Vulnerability |
| CVE-2024-43623 | 2024-11-12 | Windows NT OS Kernel Elevation of Privilege Vulnerability |
| CVE-2024-43625 | 2024-11-12 | Microsoft Windows VMSwitch Elevation of Privilege Vulnerability |
| CVE-2024-43626 | 2024-11-12 | Windows Telephony Service Elevation of Privilege Vulnerability |
| CVE-2024-43627 | 2024-11-12 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2024-43628 | 2024-11-12 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2024-43630 | 2024-11-12 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2024-43631 | 2024-11-12 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| CVE-2024-43634 | 2024-11-12 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2024-43637 | 2024-11-12 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2024-43638 | 2024-11-12 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2024-43643 | 2024-11-12 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2024-43644 | 2024-11-12 | Windows Client-Side Caching Elevation of Privilege Vulnerability |
| CVE-2024-43645 | 2024-11-12 | Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability |
| CVE-2024-43646 | 2024-11-12 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| CVE-2024-43447 | 2024-11-12 | Windows SMBv3 Server Remote Code Execution Vulnerability |
| CVE-2024-43449 | 2024-11-12 | Windows USB Video Class System Driver Elevation of Privilege Vulnerability |
| CVE-2024-43450 | 2024-11-12 | Windows DNS Spoofing Vulnerability |
| CVE-2024-43451 | 2024-11-12 | NTLM Hash Disclosure Spoofing Vulnerability |
| CVE-2024-43452 | 2024-11-12 | Windows Registry Elevation of Privilege Vulnerability |
| CVE-2024-38255 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-38264 | 2024-11-12 | Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability |
| CVE-2024-43459 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-43462 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-48994 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-48995 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-48996 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-49040 | 2024-11-12 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2024-49043 | 2024-11-12 | Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability |
| CVE-2024-49044 | 2024-11-12 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2024-49046 | 2024-11-12 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability |
| CVE-2024-49049 | 2024-11-12 | Visual Studio Code Remote Extension Elevation of Privilege Vulnerability |
| CVE-2024-49056 | 2024-11-12 | Airlift.microsoft.com Elevation of Privilege Vulnerability |
| CVE-2024-43598 | 2024-11-12 | LightGBM Remote Code Execution Vulnerability |
| CVE-2024-43498 | 2024-11-12 | .NET and Visual Studio Remote Code Execution Vulnerability |
| CVE-2024-43620 | 2024-11-12 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2024-43621 | 2024-11-12 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2024-43622 | 2024-11-12 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2024-43624 | 2024-11-12 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability |
| CVE-2024-43629 | 2024-11-12 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2024-43633 | 2024-11-12 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2024-43635 | 2024-11-12 | Windows Telephony Service Remote Code Execution Vulnerability |
| CVE-2024-43636 | 2024-11-12 | Win32k Elevation of Privilege Vulnerability |
| CVE-2024-43639 | 2024-11-12 | Windows KDC Proxy Remote Code Execution Vulnerability |
| CVE-2024-43640 | 2024-11-12 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |