CVE List - 2024 / November
Showing 2301 - 2400 of 4054 CVEs for November 2024 (Page 24 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-52913 | 2024-11-18 | In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled. |
| CVE-2024-52914 | 2024-11-18 | In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction. |
| CVE-2024-52915 | 2024-11-18 | Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message. |
| CVE-2024-52916 | 2024-11-18 | Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers. |
| CVE-2024-52917 | 2024-11-18 | Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a... |
| CVE-2024-52918 | 2024-11-18 | Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has... |
| CVE-2024-52919 | 2024-11-18 | Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages. |
| CVE-2024-52920 | 2024-11-18 | Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message. |
| CVE-2024-52921 | 2024-11-18 | In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block. |
| CVE-2024-52922 | 2024-11-18 | In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead... |
| CVE-2024-52926 | 2024-11-18 | Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent. |
| CVE-2024-52940 | 2024-11-18 | AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID. |
| CVE-2024-52941 | 2024-11-18 | An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting... |
| CVE-2024-52942 | 2024-11-18 | An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting... |
| CVE-2024-52944 | 2024-11-18 | An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting... |
| CVE-2024-52945 | 2024-11-18 | An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an... |
| CVE-2024-44756 | 2024-11-18 | NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin. |
| CVE-2024-50848 | 2024-11-18 | An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted... |
| CVE-2024-50849 | 2024-11-18 | A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code. |
| CVE-2024-52943 | 2024-11-18 | An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting... |
| CVE-2024-52946 | 2024-11-18 | An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication... |
| CVE-2024-52947 | 2024-11-18 | A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page (upgradeSession... |
| CVE-2024-11305 | 2024-11-18 | Altenergy Power Control Software status_zigbee get_status_zigbee sql injection |
| CVE-2024-11306 | 2024-11-18 | Altenergy Power Control Software database improper authorization |
| CVE-2024-38828 | 2024-11-18 | CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter |
| CVE-2024-43704 | 2024-11-18 | GPU DDK - PowerVR: PVRSRVAcquireProcessHandleBase can cause psProcessHandleBase reuse when PIDs are reused |
| CVE-2024-11308 | 2024-11-18 | TRCore DVC - Use of Hard-coded Cryptographic Key |
| CVE-2024-5030 | 2024-11-18 | CM Table Of Contents – WordPress TOC Plugin < 1.2.3 - Settings Reset via CSRF |
| CVE-2024-11309 | 2024-11-18 | TRCore DVC - Arbitrary File Read through Path Traversal |
| CVE-2024-11310 | 2024-11-18 | TRCore DVC - Arbitrary File Read through Path Traversal |
| CVE-2024-11311 | 2024-11-18 | TRCore DVC - Arbitrary File Upload through Path Traversal |
| CVE-2024-11312 | 2024-11-18 | TRCore DVC - Arbitrary File Upload through Path Traversal |
| CVE-2024-11313 | 2024-11-18 | TRCore DVC - Arbitrary File Upload through Path Traversal |
| CVE-2024-11314 | 2024-11-18 | TRCore DVC - Arbitrary File Upload through Path Traversal |
| CVE-2024-22067 | 2024-11-18 | ZTE NH8091 product has an improper permission control vulnerability |
| CVE-2024-11315 | 2024-11-18 | TRCore DVC - Arbitrary File Upload through Path Traversal |
| CVE-2024-49574 | 2024-11-18 | SQL Injection |
| CVE-2024-48962 | 2024-11-18 | Apache OFBiz: Bypass SameSite restrictions with target redirection using URL parameters (SSTI and CSRF leading to RCE) |
| CVE-2024-47208 | 2024-11-18 | Apache OFBiz: URLs allowing remote use of Groovy expressions, leading to RCE |
| CVE-2024-45505 | 2024-11-18 | Apache HertzBeat: Exists Native Deser RCE and file writing vulnerabilities |
| CVE-2024-45791 | 2024-11-18 | Apache HertzBeat: Exposure sensitive token via http GET method with query string |
| CVE-2024-41151 | 2024-11-18 | Apache HertzBeat: RCE by notice template injection vulnerability |
| CVE-2024-41968 | 2024-11-18 | WAGO: Docker Settings Manipulation in Multiple Devices |
| CVE-2024-41967 | 2024-11-18 | WAGO: Boot Mode Manipulation in Multiple Devices |
| CVE-2024-41969 | 2024-11-18 | WAGO: CODESYS V3 Configuration Authentication Bypass in Multiple Devices |
| CVE-2024-42383 | 2024-11-18 | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-41970 | 2024-11-18 | WAGO: Unauthorized Diagnostic Data Exposure in Multiple Devices |
| CVE-2024-41971 | 2024-11-18 | WAGO: Arbitrary File Overwrite in Multiple Devices |
| CVE-2024-42384 | 2024-11-18 | Integer Overflow or Wraparound in Mongoose Web Server library |
| CVE-2024-41972 | 2024-11-18 | WAGO: Arbitrary File Overwrite Leading to Privileged File Read in Multiple Devices |
| CVE-2024-42385 | 2024-11-18 | Improper Neutralization of Delimiters in Mongoose Web Server library |
| CVE-2024-41973 | 2024-11-18 | WAGO: Remote Arbitrary File Write with Root Privileges in multiple Devices |
| CVE-2024-42386 | 2024-11-18 | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-41974 | 2024-11-18 | WAGO: BACNet Service Property Modification Due to Permission Misconfiguration in Multiple Devices |
| CVE-2024-42387 | 2024-11-18 | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42388 | 2024-11-18 | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42389 | 2024-11-18 | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42390 | 2024-11-18 | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42391 | 2024-11-18 | Use of Out-of-range Pointer Offset in Mongoose Web Server library |
| CVE-2024-42392 | 2024-11-18 | Improper Neutralization of Delimiters in Mongoose Web Server library |
| CVE-2023-39176 | 2024-11-18 | Kernel: ksmbd: transform header out-of-bounds read information disclosure vulnerability |
| CVE-2023-39179 | 2024-11-18 | Kernel: ksmbd: read request out-of-bounds read information disclosure vulnerability |
| CVE-2023-39180 | 2024-11-18 | Kernel: ksmbd: read request memory leak denial-of-service vulnerability |
| CVE-2024-11023 | 2024-11-18 | Session Hijacking in Firebase JavaScript SDK |
| CVE-2024-48896 | 2024-11-18 | Moodle: users' names returned in messaging error message |
| CVE-2024-48897 | 2024-11-18 | Moodle: idor in edit/delete rss feed |
| CVE-2024-48898 | 2024-11-18 | Moodle: some users can delete audiences of other reports |
| CVE-2024-48901 | 2024-11-18 | Moodle: idor when fetching report schedules |
| CVE-2024-52316 | 2024-11-18 | Apache Tomcat: Authentication bypass when using Jakarta Authentication API |
| CVE-2024-52317 | 2024-11-18 | Apache Tomcat: Request/response mix-up with HTTP/2 |
| CVE-2024-11319 | 2024-11-18 | Stored XSS in Open Source Project "django-cms" |
| CVE-2024-52318 | 2024-11-18 | Apache Tomcat: Incorrect JSP tag recycling leads to XSS |
| CVE-2024-3370 | 2024-11-18 | SQLi in Egebilgi Software's Website Template |
| CVE-2024-11303 | 2024-11-18 | Path Traversal |
| CVE-2024-9526 | 2024-11-18 | Stored XSS in Kubeflow Pipeline View |
| CVE-2024-11318 | 2024-11-18 | IDOR vulnerability in AbsysNet |
| CVE-2024-8781 | 2024-11-18 | Container Escape Vulnerability in TR7's Application Security Platform (ASP) |
| CVE-2024-52434 | 2024-11-18 | WordPress Popup by Supsystic plugin <= 1.10.29 - Remote Code Execution (RCE) vulnerability |
| CVE-2024-52429 | 2024-11-18 | WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability |
| CVE-2024-52427 | 2024-11-18 | WordPress Event Tickets with Ticket Scanner plugin <= 2.3.11 - Remote Code Execution (RCE) vulnerability |
| CVE-2024-52433 | 2024-11-18 | WordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerability |
| CVE-2024-52432 | 2024-11-18 | WordPress NIX Anti-Spam Light plugin <= 0.0.4 - PHP Object Injection vulnerability |
| CVE-2024-11304 | 2024-11-18 | Multiple Stored Cross-Site Scripting |
| CVE-2024-52430 | 2024-11-18 | WordPress Lis Video Gallery plugin <= 0.2.1 - PHP Object Injection vulnerability |
| CVE-2024-52428 | 2024-11-18 | WordPress Ads Booster by Ads Pro plugin <= 1.12 - Local File Inclusion vulnerability |
| CVE-2024-52436 | 2024-11-18 | WordPress Post SMTP plugin <= 2.9.9 - SQL Injection vulnerability |
| CVE-2024-52435 | 2024-11-18 | WordPress Premium Packages – Sell Digital Products Securely plugin <= 5.9.3 - SQL Injection vulnerability |
| CVE-2024-52431 | 2024-11-18 | WordPress WP Video Robot plugin <= 1.20.0 - SQL Injection vulnerability |
| CVE-2024-37155 | 2024-11-18 | OpenCTI May Bypass Introspection Restriction |
| CVE-2021-1465 | 2024-11-18 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive... |
| CVE-2024-52426 | 2024-11-18 | WordPress Linear plugin <= 2.7.11 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-52425 | 2024-11-18 | WordPress Drozd – Addons for Elementor plugin <= 1.1.1 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2021-1462 | 2024-11-18 | Cisco SD-WAN vManage Software Privilege Escalation Vulnerability |
| CVE-2021-1444 | 2024-11-18 | Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software Web Services Interface Cross-Site Scripting Vulnerability |
| CVE-2021-1461 | 2024-11-18 | Cisco SD-WAN Software Signature Verification Bypass Vulnerability |
| CVE-2021-1440 | 2024-11-18 | Cisco IOS XR Software BGP Resource Public Key Infrastructure Denial of Service Vulnerability |
| CVE-2021-1424 | 2024-11-18 | Cisco ASR 5000 Series Software (StarOS) ipsecmgr Process Denial of Service Vulnerability |
| CVE-2021-1425 | 2024-11-18 | Cisco Cisco Email Security Appliance and Content Security Management Appliance Information Disclosure Vulnerability |
| CVE-2021-1410 | 2024-11-18 | Cisco Webex Meetings Unauthorized Distribution List Update Vulnerability |
| CVE-2024-52565 | 2024-11-18 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406... |