CVE List - 2024 / November
Showing 801 - 900 of 4054 CVEs for November 2024 (Page 9 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-43438 | 2024-11-07 | Moodle: idor in feedback non-respondents report allows messaging arbitrary site users |
| CVE-2024-43440 | 2024-11-07 | Moodle: lfi vulnerability when restoring malformed block backups |
| CVE-2024-9926 | 2024-11-07 | Jetpack < 13.9.1 - Subscriber+ Arbitrary Feedback Access |
| CVE-2024-8378 | 2024-11-07 | Safe SVG < 2.2.6 - Author+ SVG Sanitisation Bypass |
| CVE-2024-10668 | 2024-11-07 | Auth Bypass in Quickshare |
| CVE-2024-10963 | 2024-11-07 | Pam: improper hostname interpretation in pam_access leads to access control bypass |
| CVE-2024-40715 | 2024-11-07 | A vulnerability in Veeam Backup & Replication Enterprise Manager has... |
| CVE-2024-10964 | 2024-11-07 | emqx neuron plugin_handle.c handle_add_plugin buffer overflow |
| CVE-2024-10965 | 2024-11-07 | emqx neuron JSON File schema information disclosure |
| CVE-2024-47073 | 2024-11-07 | Dataease arbitrary interface access vulnerability |
| CVE-2024-45794 | 2024-11-07 | SQL Injection in CreateUser API in devtron |
| CVE-2024-51758 | 2024-11-07 | Exported files stored in default (`public`) filesystem if not reconfigured in filament |
| CVE-2024-51989 | 2024-11-07 | Cross-site Scripting (XSS) Vulnerability in PasswordPusher |
| CVE-2024-51995 | 2024-11-07 | Logic bug in ajax.render.php allows for bypass of 'backOffice' access control in Combodo iTop |
| CVE-2024-51994 | 2024-11-07 | Cross-site Scripting in portal picture upload in Combodo iTop |
| CVE-2024-51993 | 2024-11-07 | Password is stored in clear in the database in Combodo iTop |
| CVE-2024-10966 | 2024-11-07 | TOTOLINK X18 cstecgi.cgi os command injection |
| CVE-2024-10967 | 2024-11-07 | code-projects E-Health Care System delete_user_appointment_request.php sql injection |
| CVE-2024-10968 | 2024-11-07 | 1000 Projects Bookstore Management System contact_process.php sql injection |
| CVE-2024-10969 | 2024-11-07 | 1000 Projects Bookstore Management System Login login_process.php sql injection |
| CVE-2024-10007 | 2024-11-07 | Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation |
| CVE-2024-10975 | 2024-11-07 | Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission |
| CVE-2024-10824 | 2024-11-07 | Authorization Bypass Vulnerability was Identified in GitHub Enterprise Server that Allowed Unauthorized Internal Users to Access Secret Scanning Alert Data |
| CVE-2024-8810 | 2024-11-07 | Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed GitHub Apps to grant themselves write access |
| CVE-2024-49524 | 2024-11-07 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2024-49523 | 2024-11-07 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-8424 | 2024-11-07 | WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEM |
| CVE-2024-51998 | 2024-11-07 | Path traversal using file URI scheme without supplying hostname in changedetection.io |
| CVE-2024-51987 | 2024-11-07 | HTTP Client uses incorrect token after refresh in Duende.AccessTokenManagement.OpenIdConnect |
| CVE-2024-47072 | 2024-11-07 | XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream |
| CVE-2020-8007 | 2024-11-08 | The pwrstudio web application of EV Charger (in the server... |
| CVE-2023-27195 | 2024-11-08 | Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to... |
| CVE-2024-25431 | 2024-11-08 | An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in... |
| CVE-2024-27527 | 2024-11-08 | wasm3 139076a is vulnerable to Denial of Service (DoS). |
| CVE-2024-27528 | 2024-11-08 | wasm3 139076a suffers from Invalid Memory Read, leading to DoS... |
| CVE-2024-27529 | 2024-11-08 | wasm3 139076a contains memory leaks in Read_utf8. |
| CVE-2024-27532 | 2024-11-08 | wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable... |
| CVE-2024-35410 | 2024-11-08 | wac commit 385e1 was discovered to contain a heap overflow... |
| CVE-2024-35418 | 2024-11-08 | wac commit 385e1 was discovered to contain a heap overflow... |
| CVE-2024-35419 | 2024-11-08 | wac commit 385e1 was discovered to contain a heap overflow... |
| CVE-2024-35420 | 2024-11-08 | wac commit 385e1 was discovered to contain a heap overflow. |
| CVE-2024-35421 | 2024-11-08 | vmir e8117 was discovered to contain a segmentation violation via... |
| CVE-2024-35423 | 2024-11-08 | vmir e8117 was discovered to contain a heap buffer overflow... |
| CVE-2024-35424 | 2024-11-08 | vmir e8117 was discovered to contain a segmentation violation via... |
| CVE-2024-35427 | 2024-11-08 | vmir e8117 was discovered to contain a segmentation violation via... |
| CVE-2024-40239 | 2024-11-08 | An incorrect access control issue in Life: Personal Diary, Journal... |
| CVE-2024-40240 | 2024-11-08 | An incorrect access control issue in HomeServe Home Repair' android... |
| CVE-2024-44765 | 2024-11-08 | An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH... |
| CVE-2024-46947 | 2024-11-08 | Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF. |
| CVE-2024-47190 | 2024-11-08 | Northern.tech Hosted Mender before 2024.07.11 allows SSRF. |
| CVE-2024-48073 | 2024-11-08 | sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The... |
| CVE-2024-50634 | 2024-11-08 | A vulnerability in a weak JWT token in Watcharr v1.43.0... |
| CVE-2024-50809 | 2024-11-08 | The theme.php file in SDCMS 2.8 has a command execution... |
| CVE-2024-50810 | 2024-11-08 | hopetree izone lts c011b48 contains a Cross Site Scripting (XSS)... |
| CVE-2024-50811 | 2024-11-08 | hopetree izone lts c011b48 contains a server-side request forgery (SSRF)... |
| CVE-2024-50966 | 2024-11-08 | dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request... |
| CVE-2024-51030 | 2024-11-08 | A SQL injection vulnerability in manage_client.php and view_cab.php of Sourcecodester... |
| CVE-2024-51031 | 2024-11-08 | A Cross-site Scripting (XSS) vulnerability in manage_account.php in Sourcecodester Cab... |
| CVE-2024-51032 | 2024-11-08 | A Cross-site Scripting (XSS) vulnerability in manage_recipient.php of Sourcecodester Toll... |
| CVE-2024-51055 | 2024-11-08 | An issue Hoosk v1.7.1 allows a remote attacker to execute... |
| CVE-2024-51152 | 2024-11-08 | File Upload vulnerability in Laravel CMS v.1.4.7 and before allows... |
| CVE-2024-51157 | 2024-11-08 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-51211 | 2024-11-08 | SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically... |
| CVE-2024-27530 | 2024-11-08 | wasm3 139076a contains a Use-After-Free in ForEachModule. |
| CVE-2024-35422 | 2024-11-08 | vmir e8117 was discovered to contain a heap buffer overflow... |
| CVE-2024-35425 | 2024-11-08 | vmir e8117 was discovered to contain a segmentation violation via... |
| CVE-2024-35426 | 2024-11-08 | vmir e8117 was discovered to contain a stack overflow via... |
| CVE-2024-46948 | 2024-11-08 | Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect... |
| CVE-2024-50808 | 2024-11-08 | SeaCms 13.1 is vulnerable to code injection in the notification... |
| CVE-2024-48011 | 2024-11-08 | Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure... |
| CVE-2024-45759 | 2024-11-08 | Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40,... |
| CVE-2024-48010 | 2024-11-08 | Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and... |
| CVE-2024-10987 | 2024-11-08 | code-projects E-Health Care System user_appointment.php sql injection |
| CVE-2024-10988 | 2024-11-08 | code-projects E-Health Care System doctor_login.php sql injection |
| CVE-2024-10989 | 2024-11-08 | code-projects E-Health Care System detail.php sql injection |
| CVE-2024-10990 | 2024-11-08 | SourceCodester Online Veterinary Appointment System view_service.php sql injection |
| CVE-2024-21538 | 2024-11-08 | Versions of the package cross-spawn before 6.0.6, from 7.0.0 and... |
| CVE-2024-10991 | 2024-11-08 | Codezips Hospital Appointment System editBranchResult.php sql injection |
| CVE-2024-50173 | 2024-11-08 | drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() |
| CVE-2024-50174 | 2024-11-08 | drm/panthor: Fix race when converting group handle to group object |
| CVE-2024-50175 | 2024-11-08 | media: qcom: camss: Remove use_count guard in stop_streaming |
| CVE-2024-50176 | 2024-11-08 | remoteproc: k3-r5: Fix error handling when power-up failed |
| CVE-2024-50177 | 2024-11-08 | drm/amd/display: fix a UBSAN warning in DML2.1 |
| CVE-2024-50178 | 2024-11-08 | cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request() |
| CVE-2024-50179 | 2024-11-08 | ceph: remove the incorrect Fw reference check when dirtying pages |
| CVE-2024-10993 | 2024-11-08 | Codezips Online Institute Management System manage_website.php unrestricted upload |
| CVE-2024-10621 | 2024-11-08 | Simple Shortcode for Google Maps <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-50180 | 2024-11-08 | fbdev: sisfb: Fix strbuf array overflow |
| CVE-2024-50182 | 2024-11-08 | secretmem: disable memfd_secret() if arch cannot set direct map |
| CVE-2024-50183 | 2024-11-08 | scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance |
| CVE-2024-50184 | 2024-11-08 | virtio_pmem: Check device status before requesting flush |
| CVE-2024-50185 | 2024-11-08 | mptcp: handle consistently DSS corruption |
| CVE-2024-50186 | 2024-11-08 | net: explicitly clear the sk pointer, when pf->create fails |
| CVE-2024-50187 | 2024-11-08 | drm/vc4: Stop the active perfmon before being destroyed |
| CVE-2024-50188 | 2024-11-08 | net: phy: dp83869: fix memory corruption when enabling fiber |
| CVE-2024-50189 | 2024-11-08 | HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() |
| CVE-2024-50190 | 2024-11-08 | ice: fix memleak in ice_init_tx_topology() |
| CVE-2024-50191 | 2024-11-08 | ext4: don't set SB_RDONLY after filesystem errors |
| CVE-2024-50192 | 2024-11-08 | irqchip/gic-v4: Don't allow a VMOVP on a dying VPE |
| CVE-2024-50193 | 2024-11-08 | x86/entry_32: Clear CPU buffers after register restore in NMI return |