CVE List - 2024 / November
Showing 1701 - 1800 of 4054 CVEs for November 2024 (Page 18 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-8933 | 2024-11-13 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss... |
| CVE-2024-8935 | 2024-11-13 | CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of service and loss of confidentiality and integrity of controllers when conducting a Man-In-The-Middle attack between the controller... |
| CVE-2024-8937 | 2024-11-13 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The Middle attack followed by... |
| CVE-2024-8938 | 2024-11-13 | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending... |
| CVE-2024-8936 | 2024-11-13 | CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used... |
| CVE-2024-9409 | 2024-11-13 | CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause the device to become unresponsive resulting in communication loss when a large amount of IGMP packets is present in the... |
| CVE-2024-10800 | 2024-11-13 | WordPress User Extra Fields <= 16.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2024-11150 | 2024-11-13 | WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion |
| CVE-2024-10575 | 2024-11-13 | CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices. |
| CVE-2024-21541 | 2024-11-13 | Versions of the package dom-iterator before 1.0.1 are vulnerable to Arbitrary Code Execution due to use of the Function constructor without complete input sanitization. Function generates a new function body... |
| CVE-2024-52268 | 2024-11-13 | Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser... |
| CVE-2024-10877 | 2024-11-13 | AFI – The Easiest Integration Plugin <= 1.92.0 - Reflected Cross-Site Scripting |
| CVE-2024-9059 | 2024-11-13 | Royal Elementor Addons and Template <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget |
| CVE-2024-9668 | 2024-11-13 | Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget |
| CVE-2024-9682 | 2024-11-13 | Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Form Builder Widget |
| CVE-2024-11028 | 2024-11-13 | MultiManager WP – Manage All Your WordPress Sites Easily <= 1.0.5 - Authentication Bypass via User Impersonation |
| CVE-2024-8001 | 2024-11-13 | VIWIS LMS Print authorization |
| CVE-2024-4741 | 2024-11-13 | Use After Free with SSL_free_buffers |
| CVE-2024-47574 | 2024-11-13 | A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker... |
| CVE-2022-45157 | 2024-11-13 | Exposure of vSphere's CPI and CSI credentials in Rancher |
| CVE-2024-48989 | 2024-11-13 | A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending... |
| CVE-2024-11159 | 2024-11-13 | Using remote content in OpenPGP encrypted messages can lead to the disclosure of plaintext. This vulnerability affects Thunderbird < 128.4.3 and Thunderbird < 132.0.1. |
| CVE-2024-49506 | 2024-11-13 | Fixed temporary file path in aeon-checks allows fixing of disk encryption key |
| CVE-2024-11165 | 2024-11-13 | An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the... |
| CVE-2024-49505 | 2024-11-13 | XSS vulnerability found in OpenSuse MirrorCache |
| CVE-2024-48900 | 2024-11-13 | Moodle: idor when accessing list of badge recipients |
| CVE-2024-9477 | 2024-11-13 | XSS in AirTies' Air4443 Firmware |
| CVE-2024-49504 | 2024-11-13 | grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images |
| CVE-2024-52306 | 2024-11-13 | FileManager Deserialization of Untrusted Data |
| CVE-2024-10013 | 2024-11-13 | Progress UI for WinForms format provider unsafe deserialization vulnerability |
| CVE-2024-10012 | 2024-11-13 | Progress UI for WPF format provider unsafe deserialization vulnerability |
| CVE-2024-52305 | 2024-11-13 | UnoPim Stored XSS : Cookie hijacking through Create User function |
| CVE-2024-8049 | 2024-11-13 | Telerik Document Processing Improper Handling of Memory Resources |
| CVE-2024-7295 | 2024-11-13 | Hard-coded credentials used for temporary and cache data encryption |
| CVE-2024-52300 | 2024-11-13 | macro-pdfviewer has a XSS through the width parameter |
| CVE-2024-52299 | 2024-11-13 | The PDF viewer macro allows accessing any attachment without access right checks |
| CVE-2024-11175 | 2024-11-13 | Public CMS Voting Management save cross site scripting |
| CVE-2024-52298 | 2024-11-13 | macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author |
| CVE-2024-52295 | 2024-11-13 | DataEase has a forged JWT token vulnerability |
| CVE-2024-52293 | 2024-11-13 | Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI |
| CVE-2024-52292 | 2024-11-13 | Craft Allows Attackers to Read Arbitrary System Files |
| CVE-2024-9413 | 2024-11-13 | The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware. |
| CVE-2024-52291 | 2024-11-13 | Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution |
| CVE-2024-51996 | 2024-11-13 | Symphony has an Authentication Bypass via RememberMe |
| CVE-2024-45594 | 2024-11-13 | Decidim allows cross-site scripting (XSS) in the online or hybrid meeting embeds |
| CVE-2024-9476 | 2024-11-13 | Privilege escalation vulnerability for Organizations in Grafana |
| CVE-2023-35659 | 2024-11-13 | In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel... |
| CVE-2023-35686 | 2024-11-13 | In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional... |
| CVE-2024-23715 | 2024-11-13 | In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege in the... |
| CVE-2024-31337 | 2024-11-13 | In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional... |
| CVE-2024-34719 | 2024-11-13 | In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2024-34729 | 2024-11-13 | In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with... |
| CVE-2024-34747 | 2024-11-13 | In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no... |
| CVE-2024-49379 | 2024-11-13 | Remote Code Execution (RCE) via Cross-Site Scripting (XSS) in Umbrel |
| CVE-2024-40660 | 2024-11-13 | In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege... |
| CVE-2024-40661 | 2024-11-13 | In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional... |
| CVE-2024-40671 | 2024-11-13 | In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. This could lead to local escalation of privilege with no... |
| CVE-2024-43080 | 2024-11-13 | In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2024-43081 | 2024-11-13 | In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional... |
| CVE-2024-43082 | 2024-11-13 | In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2024-43083 | 2024-11-13 | In validate of WifiConfigurationUtil.java , there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges... |
| CVE-2024-43084 | 2024-11-13 | In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2024-43085 | 2024-11-13 | In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead... |
| CVE-2024-43086 | 2024-11-13 | In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure... |
| CVE-2024-43087 | 2024-11-13 | In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could... |
| CVE-2024-43088 | 2024-11-13 | In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could... |
| CVE-2024-43089 | 2024-11-13 | In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no... |
| CVE-2024-43090 | 2024-11-13 | In multiple locations, there is a possible cross-user image read due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction... |
| CVE-2024-43091 | 2024-11-13 | In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed.... |
| CVE-2024-43093 | 2024-11-13 | In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to... |
| CVE-2024-29076 | 2024-11-13 | Uncaught exception for some Intel(R) CST software before version 8.7.10803 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-21850 | 2024-11-13 | Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of privilege via... |
| CVE-2024-23918 | 2024-11-13 | Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-21820 | 2024-11-13 | Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-25565 | 2024-11-13 | Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access. |
| CVE-2024-23198 | 2024-11-13 | Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi products before version 23.40 may allow an unauthenticated user to enable denial of service via adjacent... |
| CVE-2024-24984 | 2024-11-13 | Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| CVE-2024-28049 | 2024-11-13 | Improper input validation in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi wireless products before version 23.40 may allow an unauthenticated user to enable denial of service via... |
| CVE-2024-52549 | 2024-11-13 | Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and 1362.1364.v4cf2dc5d8776, does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check... |
| CVE-2024-52550 | 2024-11-13 | Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild... |
| CVE-2024-52551 | 2024-11-13 | Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build... |
| CVE-2024-52552 | 2024-11-13 | Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by... |
| CVE-2024-52553 | 2024-11-13 | Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login. |
| CVE-2024-52554 | 2024-11-13 | Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission... |
| CVE-2024-21853 | 2024-11-13 | Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via... |
| CVE-2024-25563 | 2024-11-13 | Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and Intel(R) Killer(TM) Wi-Fi before version 23.40 may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2024-22185 | 2024-11-13 | Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-24985 | 2024-11-13 | Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2024-21783 | 2024-11-13 | Integer overflow for some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-21808 | 2024-11-13 | Improper buffer restrictions in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-28051 | 2024-11-13 | Out-of-bounds read in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable information disclosure via local access. |
| CVE-2024-11193 | 2024-11-13 | An information disclosure vulnerability exists in Yugabyte Anywhere, where the LDAP bind password is logged in plaintext within application logs. This flaw results in the unintentional exposure of sensitive information... |
| CVE-2024-28030 | 2024-11-13 | NULL pointer dereference in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-38665 | 2024-11-13 | Out-of-bounds write in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-23919 | 2024-11-13 | Improper buffer restrictions in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-34023 | 2024-11-13 | Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-34170 | 2024-11-13 | Improper buffer restrictions in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2024-25647 | 2024-11-13 | Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-23312 | 2024-11-13 | Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2024-28952 | 2024-11-13 | Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |