CVE List - 2024 / November
Showing 3701 - 3800 of 4054 CVEs for November 2024 (Page 38 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-50368 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3)... |
| CVE-2024-50369 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3)... |
| CVE-2024-50370 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3)... |
| CVE-2024-50371 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3)... |
| CVE-2024-50372 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3)... |
| CVE-2024-50373 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3)... |
| CVE-2024-50374 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3)... |
| CVE-2024-50375 | 2024-11-26 | A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be... |
| CVE-2024-50376 | 2024-11-26 | A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<=... |
| CVE-2024-50377 | 2024-11-26 | A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to... |
| CVE-2024-11024 | 2024-11-26 | AppPresser – Mobile App Framework <= 4.4.6 - Unauthenticated Privilege Escalation via Password Reset |
| CVE-2024-8899 | 2024-11-26 | Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_template |
| CVE-2024-10308 | 2024-11-26 | Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Countdown Widget |
| CVE-2024-10579 | 2024-11-26 | Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unpublished Form Exposure |
| CVE-2024-47248 | 2024-11-26 | Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack |
| CVE-2023-1521 | 2024-11-26 | Local Privilege Escalation in sccache |
| CVE-2024-47249 | 2024-11-26 | Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler |
| CVE-2024-47250 | 2024-11-26 | Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access |
| CVE-2024-51569 | 2024-11-26 | Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler |
| CVE-2023-2142 | 2024-11-26 | Nunjucks autoescape bypass leads to cross site scripting |
| CVE-2023-0163 | 2024-11-26 | Prototype Pollution in convict |
| CVE-2024-38830 | 2024-11-26 | Local privilege escalation vulnerability |
| CVE-2024-38831 | 2024-11-26 | Local privilege escalation vulnerability (CVE-2024-38831) |
| CVE-2024-38832 | 2024-11-26 | Stored cross-site scripting vulnerability (CVE-2024-38832) |
| CVE-2024-38833 | 2024-11-26 | Stored cross-site scripting vulnerability (CVE-2024-38833) |
| CVE-2024-38834 | 2024-11-26 | Stored cross-site scripting vulnerability (CVE-2024-38834) |
| CVE-2024-9928 | 2024-11-26 | A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker... |
| CVE-2024-9929 | 2024-11-26 | A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps. |
| CVE-2024-11691 | 2024-11-26 | Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only... |
| CVE-2024-11700 | 2024-11-26 | Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to... |
| CVE-2024-11692 | 2024-11-26 | An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133,... |
| CVE-2024-11701 | 2024-11-26 | The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects... |
| CVE-2024-11702 | 2024-11-26 | Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133... |
| CVE-2024-11693 | 2024-11-26 | The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133,... |
| CVE-2024-11694 | 2024-11-26 | Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have... |
| CVE-2024-11695 | 2024-11-26 | A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133,... |
| CVE-2024-11703 | 2024-11-26 | On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133. |
| CVE-2024-11696 | 2024-11-26 | The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime... |
| CVE-2024-11697 | 2024-11-26 | When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution.... |
| CVE-2024-11704 | 2024-11-26 | A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption.... |
| CVE-2024-11698 | 2024-11-26 | A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left... |
| CVE-2024-11705 | 2024-11-26 | `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11... |
| CVE-2024-11706 | 2024-11-26 | A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133... |
| CVE-2024-11708 | 2024-11-26 | Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133. |
| CVE-2024-11699 | 2024-11-26 | Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2024-53975 | 2024-11-26 | Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for... |
| CVE-2024-53976 | 2024-11-26 | Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This... |
| CVE-2016-10408 | 2024-11-26 | Improper Access Control in Core. |
| CVE-2017-18306 | 2024-11-26 | Information Exposure in Camera Driver |
| CVE-2017-18307 | 2024-11-26 | Information Exposure in Kernel |
| CVE-2018-11816 | 2024-11-26 | Use After Free in Video |
| CVE-2018-5852 | 2024-11-26 | Buffer Over-read in IPA |
| CVE-2024-9461 | 2024-11-26 | Total Upkeep <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings |
| CVE-2024-8236 | 2024-11-26 | Elementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-22117 | 2024-11-26 | Value of sysmap_element_url can be de-synchronized causing the map element to crash when new URLs is added |
| CVE-2024-36463 | 2024-11-26 | The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects. |
| CVE-2024-52336 | 2024-11-26 | Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root |
| CVE-2024-52337 | 2024-11-26 | Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method |
| CVE-2024-11407 | 2024-11-26 | Denial of Service through Data corruption in gRPC-C++ |
| CVE-2024-10878 | 2024-11-26 | Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting |
| CVE-2024-32965 | 2024-11-26 | ssrf vulnerability in lobe-chat |
| CVE-2024-11668 | 2024-11-26 | Insufficient Session Expiration in GitLab |
| CVE-2024-8237 | 2024-11-26 | Inefficient Algorithmic Complexity in GitLab |
| CVE-2024-8177 | 2024-11-26 | Inefficient Algorithmic Complexity in GitLab |
| CVE-2024-8114 | 2024-11-26 | Missing Authorization in GitLab |
| CVE-2024-53844 | 2024-11-26 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi |
| CVE-2024-11669 | 2024-11-26 | Incorrect Authorization in GitLab |
| CVE-2024-11828 | 2024-11-26 | Inefficient Algorithmic Complexity in GitLab |
| CVE-2024-53267 | 2024-11-26 | Vulnerability with bundle verification in sigstore-java |
| CVE-2024-52008 | 2024-11-26 | Password Policy Bypass Vulnerability in Fides Webserver |
| CVE-2024-8676 | 2024-11-26 | Cri-o: checkpoint restore can be triggered from different namespaces |
| CVE-2024-11145 | 2024-11-26 | Easy Folder Listing Pro deserialization vulnerability |
| CVE-2024-10240 | 2024-11-26 | Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab |
| CVE-2019-17082 | 2024-11-26 | Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can... |
| CVE-2024-49035 | 2024-11-26 | Partner.Microsoft.Com Elevation of Privilege Vulnerability |
| CVE-2024-49038 | 2024-11-26 | Microsoft Copilot Studio Elevation Of Privilege Vulnerability |
| CVE-2024-49052 | 2024-11-26 | Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability |
| CVE-2024-49053 | 2024-11-26 | Microsoft Dynamics 365 Sales Spoofing Vulnerability |
| CVE-2024-11742 | 2024-11-26 | SourceCodester Best House Rental Management System ajax.php cross site scripting |
| CVE-2024-11743 | 2024-11-26 | SourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgery |
| CVE-2024-43784 | 2024-11-26 | Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletion |
| CVE-2024-11744 | 2024-11-26 | 1000 Projects Portfolio Management System MCA register.php sql injection |
| CVE-2024-11745 | 2024-11-26 | Tenda AC8 SetStaticRouteCfg route_static_check stack-based overflow |
| CVE-2024-11622 | 2024-11-26 | An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. |
| CVE-2024-53673 | 2024-11-26 | A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code. |
| CVE-2024-53674 | 2024-11-26 | An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. |
| CVE-2024-53675 | 2024-11-26 | An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. |
| CVE-2024-11817 | 2024-11-26 | PHPGurukul User Registration & Login and User Management System index.php sql injection |
| CVE-2024-11818 | 2024-11-26 | PHPGurukul User Registration & Login and User Management System signup.php sql injection |
| CVE-2024-11819 | 2024-11-26 | 1000 Projects Portfolio Management System MCA forgot_password_process.php sql injection |
| CVE-2024-53849 | 2024-11-26 | Several stack buffer overflows and pointer overflows in editorconfig-core-c |
| CVE-2024-31976 | 2024-11-27 | EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter. |
| CVE-2024-37816 | 2024-11-27 | Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow. |
| CVE-2024-46054 | 2024-11-27 | OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files. |
| CVE-2024-46055 | 2024-11-27 | OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names. |
| CVE-2024-51228 | 2024-11-27 | An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the... |
| CVE-2024-52951 | 2024-11-27 | Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim... |
| CVE-2024-53603 | 2024-11-27 | A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter. |
| CVE-2024-53604 | 2024-11-27 | A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter. |
| CVE-2024-53635 | 2024-11-27 | A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata... |