CVE List - 2024 / November
Showing 401 - 500 of 4054 CVEs for November 2024 (Page 5 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-51502 | 2024-11-04 | Panic Vulnerability in loona-hpack |
| CVE-2024-51501 | 2024-11-04 | CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes |
| CVE-2024-51500 | 2024-11-04 | Failure to check for packets from the broadcast address allows potential DDoS amplification attack in Meshtastic firmware |
| CVE-2024-51498 | 2024-11-04 | [@imput/cobalt-web] Cross-site Scripting when downloading picker image from malicious instance |
| CVE-2024-50346 | 2024-11-04 | WebFeed HTML injection vulnerabilities |
| CVE-2023-34443 | 2024-11-04 | Cross-site Scripting vulnerability in the run_query.php page in Combodo iTop |
| CVE-2023-34444 | 2024-11-04 | Cross-site Scripting vulnerability on pages/ajax.searchform.php in Combodo iTop |
| CVE-2023-34445 | 2024-11-04 | Cross-site Scripting vulnerability on pages/ajax.render.php in Combodo iTop |
| CVE-2024-31448 | 2024-11-04 | Cross-site Scripting vulnerability in link CSV import in Combodo iTop |
| CVE-2024-31998 | 2024-11-04 | CSRF security issue on CSV import in Combodo iTop |
| CVE-2024-32870 | 2024-11-04 | iTop hub connector Information disclosure |
| CVE-2024-48176 | 2024-11-05 | Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code will not be refreshed after a failed... |
| CVE-2024-48312 | 2024-11-05 | WebLaudos v20.8 (118) was discovered to contain a cross-site scripting (XSS) vulnerability via the login page. |
| CVE-2024-48746 | 2024-11-05 | An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component |
| CVE-2024-50993 | 2024-11-05 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at admin_account.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. |
| CVE-2024-50994 | 2024-11-05 | Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component ipv6_fix.cgi via the ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, and ipv6_lan_length parameters. These vulnerabilities allow attackers to cause a... |
| CVE-2024-50995 | 2024-11-05 | Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-50996 | 2024-11-05 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the bpa_server parameter at genie_bpa.cgi. This vulnerability allows attackers to cause... |
| CVE-2024-50997 | 2024-11-05 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at pptp.cgi. This vulnerability allows attackers to cause... |
| CVE-2024-50998 | 2024-11-05 | Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component openvpn.cgi via the openvpn_service_port and openvpn_service_port_tun parameters. These vulnerabilities allow attackers to cause a Denial of... |
| CVE-2024-50999 | 2024-11-05 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sysNewPasswd parameter at password.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. |
| CVE-2024-51000 | 2024-11-05 | Netgear R8500 v1.0.2.160 was discovered to contain multiple stack overflow vulnerabilities in the component wireless.cgi via the opmode, opmode_an, and opmode_an_2 parameters. These vulnerabilities allow attackers to cause a Denial... |
| CVE-2024-51001 | 2024-11-05 | Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the sysDNSHost parameter at ddns.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-51002 | 2024-11-05 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the l2tp_user_ip parameter at l2tp.cgi. This vulnerability allows attackers to cause... |
| CVE-2024-51003 | 2024-11-05 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component ap_mode.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities... |
| CVE-2024-51004 | 2024-11-05 | Netgear R8500 v1.0.2.160 and R7000P v1.3.3.154 were discovered to multiple stack overflow vulnerabilities in the component usb_device.cgi via the cifs_user, read_access, and write_access parameters. These vulnerabilities allow attackers to cause... |
| CVE-2024-51005 | 2024-11-05 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the share_name parameter at usb_remote_smb_conf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. |
| CVE-2024-51006 | 2024-11-05 | Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_static_ip parameter in the ipv6_tunnel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via... |
| CVE-2024-51007 | 2024-11-05 | Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-51008 | 2024-11-05 | Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at wiz_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. |
| CVE-2024-51009 | 2024-11-05 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at ether.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. |
| CVE-2024-51010 | 2024-11-05 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component ap_mode.cgi via the apmode_gateway parameter. This vulnerability allows... |
| CVE-2024-51011 | 2024-11-05 | Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial... |
| CVE-2024-51012 | 2024-11-05 | Netgear R8500 v1.0.2.160 was discovered to contain a stack overflow via the ipv6_pri_dns parameter at ipv6_fix.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-51013 | 2024-11-05 | Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the RADIUSAddr%d_wla parameter at wireless.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-51014 | 2024-11-05 | Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid_an parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-51015 | 2024-11-05 | Netgear R7000P v1.3.3.154 was discovered to contain a command injection vulnerability via the device_name2 parameter at operation_mode.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. |
| CVE-2024-51016 | 2024-11-05 | Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the addName%d parameter in usb_approve.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-51017 | 2024-11-05 | Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the l2tp_user_netmask parameter at l2tp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-51018 | 2024-11-05 | Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-51019 | 2024-11-05 | Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pppoe_localnetmask parameter at pppoe.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-51020 | 2024-11-05 | Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the apn parameter at usbISP_detail_edit.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-51021 | 2024-11-05 | Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a command injection vulnerability via the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary... |
| CVE-2024-51022 | 2024-11-05 | Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the ssid parameter in bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-51023 | 2024-11-05 | D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a... |
| CVE-2024-51024 | 2024-11-05 | D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a... |
| CVE-2024-51115 | 2024-11-05 | DCME-320 v7.4.12.90 was discovered to contain a command injection vulnerability. |
| CVE-2024-51116 | 2024-11-05 | Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflow in the function 'formSetPPTPServer'. |
| CVE-2024-51132 | 2024-11-05 | An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities. |
| CVE-2024-51240 | 2024-11-05 | An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package |
| CVE-2024-51358 | 2024-11-05 | An issue in Linux Server Heimdall v.2.6.1 allows a remote attacker to execute arbitrary code via a crafted script to the Add new application. |
| CVE-2024-51362 | 2024-11-05 | The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without... |
| CVE-2024-51379 | 2024-11-05 | Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field.... |
| CVE-2024-51380 | 2024-11-05 | Stored Cross-Site Scripting (XSS) vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically... |
| CVE-2024-51381 | 2024-11-05 | Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising... |
| CVE-2024-51382 | 2024-11-05 | Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers... |
| CVE-2024-52013 | 2024-11-05 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause... |
| CVE-2024-52014 | 2024-11-05 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at genie_pptp.cgi. This vulnerability allows attackers to cause... |
| CVE-2024-52015 | 2024-11-05 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptp_user_ip parameter at bsw_pptp.cgi. This vulnerability allows attackers to cause... |
| CVE-2024-52016 | 2024-11-05 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to multiple stack overflow vulnerabilities in the component wlg_adv.cgi via the apmode_dns1_pri and apmode_dns1_sec parameters. These vulnerabilities... |
| CVE-2024-52017 | 2024-11-05 | Netgear XR300 v1.0.3.78 was discovered to contain a stack overflow via the passphrase parameter at bridge_wireless_main.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-52018 | 2024-11-05 | Netgear XR300 v1.0.3.78 was discovered to contain a command injection vulnerability in the system_name parameter at genie_dyn.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. |
| CVE-2024-52019 | 2024-11-05 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at genie_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. |
| CVE-2024-52020 | 2024-11-05 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at wiz_fix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. |
| CVE-2024-52021 | 2024-11-05 | Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wan_gateway parameter at bsw_fix.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request. |
| CVE-2024-52022 | 2024-11-05 | Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a command injection vulnerability in the component wlg_adv.cgi via the apmode_gateway parameter. This vulnerability allows... |
| CVE-2024-52023 | 2024-11-05 | Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at pppoe2.cgi. This vulnerability allows attackers to cause a Denial... |
| CVE-2024-52024 | 2024-11-05 | Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at wizpppoe.cgi. This vulnerability allows attackers to cause a Denial... |
| CVE-2024-52025 | 2024-11-05 | Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at geniepppoe.cgi. This vulnerability allows attackers to cause a Denial... |
| CVE-2024-52026 | 2024-11-05 | Netgear XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 was discovered to contain a stack overflow via the pppoe_localip parameter at bsw_pppoe.cgi. This vulnerability allows attackers to cause a Denial... |
| CVE-2024-52028 | 2024-11-05 | Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at wiz_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-52029 | 2024-11-05 | Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at genie_pptp.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-52030 | 2024-11-05 | Netgear R7000P v1.3.3.154 was discovered to contain a stack overflow via the pptp_user_netmask parameter at ru_wan_flow.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-10806 | 2024-11-05 | PHPGurukul Hospital Management System betweendates-detailsreports.php cross site scripting |
| CVE-2024-10807 | 2024-11-05 | PHPGurukul Hospital Management System search.php cross site scripting |
| CVE-2024-10808 | 2024-11-05 | code-projects E-Health Care System req_detail.php sql injection |
| CVE-2024-10809 | 2024-11-05 | code-projects E-Health Care System chat.php sql injection |
| CVE-2024-10810 | 2024-11-05 | code-projects E-Health Care System app_request.php sql injection |
| CVE-2024-10340 | 2024-11-05 | Shortcodes Blocks Creator Ultimate <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-9459 | 2024-11-05 | SQL Injection |
| CVE-2024-5578 | 2024-11-05 | Table of Contents Plus <= 2408 - Editor+ Stored XSS |
| CVE-2024-7876 | 2024-11-05 | Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS |
| CVE-2024-7877 | 2024-11-05 | Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS |
| CVE-2024-9689 | 2024-11-05 | Post From Frontend <= 1.0.0 - Post Deletion via CSRF |
| CVE-2024-9883 | 2024-11-05 | Pods < 3.2.7.1 - Admin+ Stored XSS |
| CVE-2024-10097 | 2024-11-05 | Loginizer Security and Loginizer <= 1.9.2 - Authentication Bypass via WordPress.com OAuth provider |
| CVE-2024-47797 | 2024-11-05 | Liteos_a has an out-of-bounds Write vulnerability |
| CVE-2024-47404 | 2024-11-05 | Liteos_a has a double free vulnerability |
| CVE-2024-47137 | 2024-11-05 | Liteos_a has an out-of-bounds Write vulnerability |
| CVE-2024-47402 | 2024-11-05 | Liteos_a has an Out-of-bounds Read vulnerability |
| CVE-2024-51510 | 2024-11-05 | Out-of-bounds access vulnerability in the logo module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-9443 | 2024-11-05 | Basticom Framework <= 1.5.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-10114 | 2024-11-05 | Social Login - WordPress / WooCommerce Plugin <= 2.7.7 - Authentication Bypass via WordPress.com OAuth provider |
| CVE-2024-10711 | 2024-11-05 | WooCommerce Report <= 1.5.1 - Cross-Site Request Forgery to Arbitrary Options Update |
| CVE-2024-9667 | 2024-11-05 | Seriously Simple Podcasting <= 3.5.0 - Reflected Cross-Site Scripting via add_query_arg Parameter |
| CVE-2024-51511 | 2024-11-05 | Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-51512 | 2024-11-05 | Vulnerability of parameter type not being verified in the WantAgent module Impact: Successful exploitation of this vulnerability may affect availability. |
| CVE-2024-51513 | 2024-11-05 | Vulnerability of processes not being fully terminated in the VPN module Impact: Successful exploitation of this vulnerability will affect power consumption. |
| CVE-2024-51514 | 2024-11-05 | Vulnerability of pop-up windows belonging to no app in the VPN module Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2024-51515 | 2024-11-05 | Race condition vulnerability in the kernel network module Impact:Successful exploitation of this vulnerability may affect availability. |