CVE List - 2024 / November
Showing 1901 - 2000 of 4054 CVEs for November 2024 (Page 20 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-5919 | 2024-11-14 | PAN-OS: Authenticated XML External Entities (XXE) Injection Vulnerability |
| CVE-2024-5918 | 2024-11-14 | PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User |
| CVE-2024-2552 | 2024-11-14 | PAN-OS: Arbitrary File Delete Vulnerability in the Command Line Interface (CLI) |
| CVE-2024-5917 | 2024-11-14 | PAN-OS: Server-Side Request Forgery in WildFire |
| CVE-2024-5920 | 2024-11-14 | PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in PAN-OS Enables Impersonation of a Legitimate Administrator |
| CVE-2024-2550 | 2024-11-14 | PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway Using a Specially Crafted Packet |
| CVE-2024-45253 | 2024-11-14 | Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CVE-2024-45254 | 2024-11-14 | VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| CVE-2024-38479 | 2024-11-14 | Apache Traffic Server: Cache key plugin is vulnerable to cache poisoning attack |
| CVE-2024-50305 | 2024-11-14 | Apache Traffic Server: Valid Host field value can cause crashes |
| CVE-2024-50306 | 2024-11-14 | Apache Traffic Server: Server process can fail to drop privilege |
| CVE-2024-47914 | 2024-11-14 | VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF) |
| CVE-2024-47915 | 2024-11-14 | VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2024-47916 | 2024-11-14 | Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CVE-2023-4134 | 2024-11-14 | Kernel: cyttsp4_core: use-after-free in cyttsp4_watchdog_work() |
| CVE-2024-10571 | 2024-11-14 | Chartify – WordPress Chart Plugin <= 2.9.5 - Unauthenticated Local File Inclusion via source |
| CVE-2024-9693 | 2024-11-14 | Incorrect Authorization in GitLab |
| CVE-2024-8180 | 2024-11-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2022-31666 | 2024-11-14 | Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies |
| CVE-2022-31671 | 2024-11-14 | Harbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs |
| CVE-2022-31670 | 2024-11-14 | Harbor fails to validate the user permissions when updating tag retention policies |
| CVE-2022-31669 | 2024-11-14 | Harbor fails to validate the user permissions when updating tag immutability policies |
| CVE-2024-45670 | 2024-11-14 | IBM Security SOAR weak password recovery mechanism |
| CVE-2022-31667 | 2024-11-14 | Harbor fails to validate the user permissions when updating a robot account |
| CVE-2022-31668 | 2024-11-14 | User permission validation failure and disclosure of P2P preheat execution logs |
| CVE-2024-45099 | 2024-11-14 | IBM Security ReaQta cross-site scripting |
| CVE-2024-45642 | 2024-11-14 | IBM Security ReaQta information disclosure |
| CVE-2023-4458 | 2024-11-14 | Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability |
| CVE-2024-3447 | 2024-11-14 | Qemu: sdhci: heap buffer overflow in sdhci_write_dataport() |
| CVE-2024-7730 | 2024-11-14 | Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb() |
| CVE-2024-11207 | 2024-11-14 | Apereo CAS login redirect |
| CVE-2024-10976 | 2024-11-14 | PostgreSQL row security below e.g. subqueries disregards user ID changes |
| CVE-2024-10977 | 2024-11-14 | PostgreSQL libpq retains an error message from man-in-the-middle |
| CVE-2024-10978 | 2024-11-14 | PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID |
| CVE-2024-10979 | 2024-11-14 | PostgreSQL PL/Perl environment variable changes execute arbitrary code |
| CVE-2024-8648 | 2024-11-14 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2024-7404 | 2024-11-14 | Improper Restriction of Rendered UI Layers or Frames in GitLab |
| CVE-2024-9633 | 2024-11-14 | Incorrect Ownership Assignment in GitLab |
| CVE-2024-11208 | 2024-11-14 | Apereo CAS login session expiration |
| CVE-2024-11209 | 2024-11-14 | Apereo CAS 2FA login improper authentication |
| CVE-2024-11215 | 2024-11-14 | Path traversal vulnerability in EasyPHP |
| CVE-2024-10962 | 2024-11-14 | Migration, Backup, Staging – WPvivid <= 0.9.107 - Unauthenticated PHP Object Injection |
| CVE-2024-11210 | 2024-11-14 | EyouCMS FilemanagerLogic.php editFile path traversal |
| CVE-2022-2232 | 2024-11-14 | Keycloak: ldap injection on username input |
| CVE-2024-11211 | 2024-11-14 | EyouCMS Website Logo unrestricted upload |
| CVE-2024-11212 | 2024-11-14 | SourceCodester Best Employee Management System fetch_product_details.php sql injection |
| CVE-2024-7124 | 2024-11-14 | Reflected XSS in DInGO dLibra |
| CVE-2024-11136 | 2024-11-14 | Arbitrary file removal via path traversal in TCL Camera |
| CVE-2024-52302 | 2024-11-14 | common-user-management Unrestricted File Upload Leading to Remote Code Execution (RCE) |
| CVE-2024-52505 | 2024-11-14 | matrix-appservice-irc allows IRC Command injection in provisioning API |
| CVE-2024-42188 | 2024-11-14 | HCL Connections is vulnerable to a broken access control vulnerability |
| CVE-2024-11213 | 2024-11-14 | SourceCodester Best Employee Management System edit_role.php sql injection |
| CVE-2024-11214 | 2024-11-14 | SourceCodester Best Employee Management System profile.php unrestricted upload |
| CVE-2024-10921 | 2024-11-14 | Improper neutralization of null bytes may lead to buffer over-reads in MongoDB Server |
| CVE-2024-6068 | 2024-11-14 | Input Validation Vulnerability exists in Arena® Input Analyzer |
| CVE-2024-37285 | 2024-11-14 | Kibana arbitrary code execution via YAML deserialization |
| CVE-2024-52524 | 2024-11-14 | ReDoS in Giskard Scan text perturbation |
| CVE-2024-52393 | 2024-11-14 | WordPress Podlove Podcast Publisher plugin <= 4.1.15 - Admin+ Remote Code Execution (RCE) vulnerability |
| CVE-2024-52371 | 2024-11-14 | WordPress Global Gateway e4 plugin <= 2.0 - Arbitrary File Deletion vulnerability |
| CVE-2024-52396 | 2024-11-14 | WordPress WOLF plugin <= 1.0.8.3 - CSV Limited Path Traversal vulnerability |
| CVE-2024-1682 | 2024-11-14 | Unclaimed S3 Bucket Reference in psf/requests Documentation |
| CVE-2024-4343 | 2024-11-14 | Python Command Injection in imartinez/privategpt |
| CVE-2024-52381 | 2024-11-14 | WordPress ZIJ KART plugin <= 1.1 - Local File Inclusion vulnerability |
| CVE-2024-3379 | 2024-11-14 | Incorrect Authorization in lunary-ai/lunary |
| CVE-2024-3501 | 2024-11-14 | Exposure of Sensitive Information in lunary-ai/lunary |
| CVE-2024-3502 | 2024-11-14 | Exposure of Sensitive Information in lunary-ai/lunary |
| CVE-2024-52384 | 2024-11-14 | WordPress Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation plugin <= 2.4.9 - Arbitrary File Upload vulnerability |
| CVE-2024-4311 | 2024-11-14 | Lack of login attempt rate-limiting in zenml-io/zenml |
| CVE-2024-5125 | 2024-11-14 | XSS and Open Redirect via SVG File Upload in parisneo/lollms-webui |
| CVE-2024-52383 | 2024-11-14 | WordPress Ai Auto Tool Content Writing Assistant plugin <= 2.1.2 - Broken Access Control vulnerability |
| CVE-2024-49362 | 2024-11-14 | Remote Code Execution on click of <a> Link in markdown preview |
| CVE-2024-52382 | 2024-11-14 | WordPress Matix Popup Builder plugin <= 1.0.0 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-52380 | 2024-11-14 | WordPress Picsmize plugin <= 1.0.0 - Arbitrary File Upload vulnerability |
| CVE-2024-52379 | 2024-11-14 | WordPress kineticPay for WooCommerce plugin <= 2.0.8 - Arbitrary File Upload vulnerability |
| CVE-2024-52378 | 2024-11-14 | WordPress DigiPass plugin <= 0.3.0 - Arbitrary File Download vulnerability |
| CVE-2024-52377 | 2024-11-14 | WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.4 - Arbitrary File Upload vulnerability |
| CVE-2024-52376 | 2024-11-14 | WordPress Boat Rental Plugin for WordPress plugin <= 1.0.1 - Arbitrary File Upload vulnerability |
| CVE-2024-52375 | 2024-11-14 | WordPress Datasets Manager by Arttia Creative plugin <= 1.5 - Arbitrary File Upload vulnerability |
| CVE-2024-52374 | 2024-11-14 | WordPress Do That Task plugin <= 1.5.5 - Arbitrary File Upload vulnerability |
| CVE-2024-52373 | 2024-11-14 | WordPress Devexhub Gallery plugin <= 2.0.1 - Arbitrary File Upload vulnerability |
| CVE-2024-52372 | 2024-11-14 | WordPress Easy CSV Importer plugin <= 7.0.0 - Arbitrary File Upload vulnerability |
| CVE-2024-52370 | 2024-11-14 | WordPress Hive Support – WordPress Help Desk, Live Chat & AI Chat Bot Plugin for WordPress plugin <= 1.1.1 - Arbitrary File Upload vulnerability |
| CVE-2024-52369 | 2024-11-14 | WordPress KBucket plugin <= 4.1.6 - Arbitrary File Upload vulnerability |
| CVE-2024-3760 | 2024-11-14 | Email Bombing Vulnerability in lunary-ai/lunary |
| CVE-2024-10394 | 2024-11-14 | A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix client |
| CVE-2024-10396 | 2024-11-14 | An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash |
| CVE-2024-10397 | 2024-11-14 | A malicious server can crash the OpenAFS cache manager and... |
| CVE-2024-49025 | 2024-11-14 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2024-51688 | 2024-11-14 | WordPress FraudLabs Pro SMS Verification plugin <= 1.10.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-51687 | 2024-11-14 | WordPress Platform.ly Official plugin <= 1.1.3 - CSRF to Stored XSS vulnerability |
| CVE-2024-51684 | 2024-11-14 | WordPress W3P SEO plugin < 1.8.6 - CSRF to Stored XSS vulnerability |
| CVE-2024-9834 | 2024-11-14 | Improper data protection on Life2000 ventilator serial interface |
| CVE-2024-9832 | 2024-11-14 | No limit on failed login attempts with Clinician Password or Serial Number Clinician Password on Life2000 Ventilator |
| CVE-2024-48971 | 2024-11-14 | Clinician Password and Serial Number Clinician Password are hard-coded in Life2000 Ventilator |
| CVE-2024-48973 | 2024-11-14 | Debug port on Life2000 Ventilator serial interface is enabled by default |
| CVE-2024-48974 | 2024-11-14 | Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates |
| CVE-2024-48970 | 2024-11-14 | Life2000 Ventilator microcontroller lacks memory protection |
| CVE-2024-51679 | 2024-11-14 | WordPress Appointmind plugin <= 4.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-51659 | 2024-11-14 | WordPress Twitter @Anywhere Plus plugin <= 2.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-51658 | 2024-11-14 | WordPress WP Course Manager plugin <= 1.3 - CSRF to Stored XSS vulnerability |