CVE List - 2024 / November
Showing 1701 - 1800 of 4054 CVEs for November 2024 (Page 18 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-10816 | 2024-11-13 | LUNA RADIO PLAYER <= 6.24.01.24 - Unauthenticated Arbitrary File Read |
| CVE-2024-8933 | 2024-11-13 | CWE-924: Improper Enforcement of Message Integrity During Transmission in a... |
| CVE-2024-8935 | 2024-11-13 | CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause... |
| CVE-2024-8937 | 2024-11-13 | CWE-119: Improper Restriction of Operations within the Bounds of a... |
| CVE-2024-8938 | 2024-11-13 | CWE-119: Improper Restriction of Operations within the Bounds of a... |
| CVE-2024-8936 | 2024-11-13 | CWE-20: Improper Input Validation vulnerability exists that could lead to... |
| CVE-2024-9409 | 2024-11-13 | CWE-400: An Uncontrolled Resource Consumption vulnerability exists that could cause... |
| CVE-2024-10800 | 2024-11-13 | WordPress User Extra Fields <= 16.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation |
| CVE-2024-11150 | 2024-11-13 | WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion |
| CVE-2024-10575 | 2024-11-13 | CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access... |
| CVE-2024-21541 | 2024-11-13 | Versions of the package dom-iterator before 1.0.1 are vulnerable to... |
| CVE-2024-52268 | 2024-11-13 | Cross-site scripting vulnerability exists in VK All in One Expansion... |
| CVE-2024-10877 | 2024-11-13 | AFI – The Easiest Integration Plugin <= 1.92.0 - Reflected Cross-Site Scripting |
| CVE-2024-9059 | 2024-11-13 | Royal Elementor Addons and Template <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Google Maps Widget |
| CVE-2024-9668 | 2024-11-13 | Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget |
| CVE-2024-9682 | 2024-11-13 | Royal Elementor Addons and Templates <= 1.7.1001 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Form Builder Widget |
| CVE-2024-11028 | 2024-11-13 | MultiManager WP – Manage All Your WordPress Sites Easily <= 1.0.5 - Authentication Bypass via User Impersonation |
| CVE-2024-8001 | 2024-11-13 | VIWIS LMS Print authorization |
| CVE-2024-4741 | 2024-11-13 | Use After Free with SSL_free_buffers |
| CVE-2024-47574 | 2024-11-13 | A authentication bypass using an alternate path or channel in... |
| CVE-2022-45157 | 2024-11-13 | Exposure of vSphere's CPI and CSI credentials in Rancher |
| CVE-2024-48989 | 2024-11-13 | A vulnerability in the PROFINET stack implementation of the IndraDrive... |
| CVE-2024-11159 | 2024-11-13 | Using remote content in OpenPGP encrypted messages can lead to... |
| CVE-2024-49506 | 2024-11-13 | Fixed temporary file path in aeon-checks allows fixing of disk encryption key |
| CVE-2024-11165 | 2024-11-13 | An information disclosure vulnerability exists in the backup configuration process... |
| CVE-2024-49505 | 2024-11-13 | XSS vulnerability found in OpenSuse MirrorCache |
| CVE-2024-48900 | 2024-11-13 | Moodle: idor when accessing list of badge recipients |
| CVE-2024-9477 | 2024-11-13 | XSS in AirTies' Air4443 Firmware |
| CVE-2024-49504 | 2024-11-13 | grub2 allows bypassing TPM-bound disk encryption on SL(E)M encrypted Images |
| CVE-2024-52306 | 2024-11-13 | FileManager Deserialization of Untrusted Data |
| CVE-2024-10013 | 2024-11-13 | Progress UI for WinForms format provider unsafe deserialization vulnerability |
| CVE-2024-10012 | 2024-11-13 | Progress UI for WPF format provider unsafe deserialization vulnerability |
| CVE-2024-52305 | 2024-11-13 | UnoPim Stored XSS : Cookie hijacking through Create User function |
| CVE-2024-8049 | 2024-11-13 | Telerik Document Processing Improper Handling of Memory Resources |
| CVE-2024-7295 | 2024-11-13 | Hard-coded credentials used for temporary and cache data encryption |
| CVE-2024-52300 | 2024-11-13 | macro-pdfviewer has a XSS through the width parameter |
| CVE-2024-52299 | 2024-11-13 | The PDF viewer macro allows accessing any attachment without access right checks |
| CVE-2024-11175 | 2024-11-13 | Public CMS Voting Management save cross site scripting |
| CVE-2024-52298 | 2024-11-13 | macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author |
| CVE-2024-52295 | 2024-11-13 | DataEase has a forged JWT token vulnerability |
| CVE-2024-52293 | 2024-11-13 | Craft has a Potential Remote Code Execution via missing path normalization & Twig SSTI |
| CVE-2024-52292 | 2024-11-13 | Craft Allows Attackers to Read Arbitrary System Files |
| CVE-2024-9413 | 2024-11-13 | The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not... |
| CVE-2024-52291 | 2024-11-13 | Craft has a Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution |
| CVE-2024-51996 | 2024-11-13 | Symphony has an Authentication Bypass via RememberMe |
| CVE-2024-45594 | 2024-11-13 | Decidim allows cross-site scripting (XSS) in the online or hybrid meeting embeds |
| CVE-2024-9476 | 2024-11-13 | Privilege escalation vulnerability for Organizations in Grafana |
| CVE-2023-35659 | 2024-11-13 | In DevmemIntChangeSparse of devicemem_server.c, there is a possible arbitrary code... |
| CVE-2023-35686 | 2024-11-13 | In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code... |
| CVE-2024-23715 | 2024-11-13 | In PMRWritePMPageList of pmr.c, there is a possible out of... |
| CVE-2024-31337 | 2024-11-13 | In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code... |
| CVE-2024-34719 | 2024-11-13 | In multiple locations, there is a possible permissions bypass due... |
| CVE-2024-34729 | 2024-11-13 | In multiple locations, there is a possible arbitrary code execution... |
| CVE-2024-34747 | 2024-11-13 | In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due... |
| CVE-2024-49379 | 2024-11-13 | Remote Code Execution (RCE) via Cross-Site Scripting (XSS) in Umbrel |
| CVE-2024-40660 | 2024-11-13 | In setTransactionState of SurfaceFlinger.cpp, there is a possible way to... |
| CVE-2024-40661 | 2024-11-13 | In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to... |
| CVE-2024-40671 | 2024-11-13 | In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to... |
| CVE-2024-43080 | 2024-11-13 | In onReceive of AppRestrictionsFragment.java, there is a possible escalation of... |
| CVE-2024-43081 | 2024-11-13 | In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction... |
| CVE-2024-43082 | 2024-11-13 | In onActivityResult of EditUserPhotoController.java, there is a possible cross-user media... |
| CVE-2024-43083 | 2024-11-13 | In validate of WifiConfigurationUtil.java , there is a possible persistent... |
| CVE-2024-43084 | 2024-11-13 | In visitUris of multiple files, there is a possible information... |
| CVE-2024-43085 | 2024-11-13 | In handleMessage of UsbDeviceManager.java, there is a possible method to... |
| CVE-2024-43086 | 2024-11-13 | In validateAccountsInternal of AccountManagerService.java, there is a possible way to... |
| CVE-2024-43087 | 2024-11-13 | In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to... |
| CVE-2024-43088 | 2024-11-13 | In multiple functions in AppInfoBase.java, there is a possible way... |
| CVE-2024-43089 | 2024-11-13 | In updateInternal of MediaProvider.java , there is a possible access... |
| CVE-2024-43090 | 2024-11-13 | In multiple locations, there is a possible cross-user image read... |
| CVE-2024-43091 | 2024-11-13 | In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of... |
| CVE-2024-43093 | 2024-11-13 | In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of... |
| CVE-2024-29076 | 2024-11-13 | Uncaught exception for some Intel(R) CST software before version 8.7.10803... |
| CVE-2024-21850 | 2024-11-13 | Sensitive information in resource not removed before reuse in some... |
| CVE-2024-23918 | 2024-11-13 | Improper conditions check in some Intel(R) Xeon(R) processor memory controller... |
| CVE-2024-21820 | 2024-11-13 | Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller... |
| CVE-2024-25565 | 2024-11-13 | Insufficient control flow management in UEFI firmware for some Intel(R)... |
| CVE-2024-23198 | 2024-11-13 | Improper input validation in firmware for some Intel(R) PROSet/Wireless Software... |
| CVE-2024-24984 | 2024-11-13 | Improper input validation for some Intel(R) Wireless Bluetooth(R) products for... |
| CVE-2024-28049 | 2024-11-13 | Improper input validation in firmware for some Intel(R) PROSet/Wireless Software... |
| CVE-2024-52549 | 2024-11-13 | Jenkins Script Security Plugin 1367.vdf2fc45f229c and earlier, except 1365.1367.va_3b_b_89f8a_95b_ and... |
| CVE-2024-52550 | 2024-11-13 | Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does... |
| CVE-2024-52551 | 2024-11-13 | Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check... |
| CVE-2024-52552 | 2024-11-13 | Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string... |
| CVE-2024-52553 | 2024-11-13 | Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not... |
| CVE-2024-52554 | 2024-11-13 | Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares... |
| CVE-2024-21853 | 2024-11-13 | Improper finite state machines (FSMs) in the hardware logic in... |
| CVE-2024-25563 | 2024-11-13 | Improper initialization in firmware for some Intel(R) PROSet/Wireless Software and... |
| CVE-2024-22185 | 2024-11-13 | Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R)... |
| CVE-2024-24985 | 2024-11-13 | Exposure of resource to wrong sphere in some Intel(R) processors... |
| CVE-2024-21783 | 2024-11-13 | Integer overflow for some Intel(R) VPL software before version 24.1.4... |
| CVE-2024-21808 | 2024-11-13 | Improper buffer restrictions in some Intel(R) VPL software before version... |
| CVE-2024-28051 | 2024-11-13 | Out-of-bounds read in some Intel(R) VPL software before version 24.1.4... |
| CVE-2024-11193 | 2024-11-13 | An information disclosure vulnerability exists in Yugabyte Anywhere, where the... |
| CVE-2024-28030 | 2024-11-13 | NULL pointer dereference in some Intel(R) VPL software before version... |
| CVE-2024-38665 | 2024-11-13 | Out-of-bounds write in some Intel(R) Graphics Drivers may allow an... |
| CVE-2024-23919 | 2024-11-13 | Improper buffer restrictions in some Intel(R) Graphics software may allow... |
| CVE-2024-34023 | 2024-11-13 | Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow... |
| CVE-2024-34170 | 2024-11-13 | Improper buffer restrictions in some Intel(R) Graphics Drivers may allow... |
| CVE-2024-25647 | 2024-11-13 | Incorrect default permissions for some Intel(R) Binary Configuration Tool software... |
| CVE-2024-23312 | 2024-11-13 | Uncontrolled search path for some Intel(R) Binary Configuration Tool software... |