CVE List - 2024 / November
Showing 2001 - 2100 of 4054 CVEs for November 2024 (Page 21 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-48966 | 2024-11-14 | Life2000 service tools for test and calibration do not support user authentication |
| CVE-2024-48967 | 2024-11-14 | Life2000 ventilator and Service PC lack sufficient audit logging capabilities |
| CVE-2017-13227 | 2024-11-14 | In the autofill service, the package name that is provided... |
| CVE-2024-52308 | 2024-11-14 | Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer |
| CVE-2024-23169 | 2024-11-15 | The web interface in RSA NetWitness 11.7.2.0 allows Cross-Site Scripting... |
| CVE-2024-24425 | 2024-11-15 | Magma v1.8.0 and OAI EPC Federation v1.20 were discovered to... |
| CVE-2024-24426 | 2024-11-15 | Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0... |
| CVE-2024-24431 | 2024-11-15 | A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0... |
| CVE-2024-24446 | 2024-11-15 | An uninitialized pointer dereference in OpenAirInterface CN5G AMF up to... |
| CVE-2024-24447 | 2024-11-15 | A buffer overflow in the ngap_amf_handle_pdu_session_resource_setup_response function of oai-cn5g-amf up... |
| CVE-2024-24449 | 2024-11-15 | An uninitialized pointer dereference in the NasPdu::NasPdu component of OpenAirInterface... |
| CVE-2024-24450 | 2024-11-15 | Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface... |
| CVE-2024-44625 | 2024-11-15 | Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost... |
| CVE-2024-44758 | 2024-11-15 | An arbitrary file upload vulnerability in the component /Production/UploadFile of... |
| CVE-2024-44759 | 2024-11-15 | An arbitrary file download vulnerability in the component /Doc/DownloadFile of... |
| CVE-2024-45969 | 2024-11-15 | NULL pointer dereference in the MMS Client in MZ Automation... |
| CVE-2024-45970 | 2024-11-15 | Multiple Buffer overflows in the MMS Client in MZ Automation... |
| CVE-2024-45971 | 2024-11-15 | Multiple Buffer overflows in the MMS Client in MZ Automation... |
| CVE-2024-46383 | 2024-11-15 | Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive... |
| CVE-2024-46462 | 2024-11-15 | By default, dedicated folders of ZEDMAIL for Windows up to... |
| CVE-2024-46463 | 2024-11-15 | By default, dedicated folders of ORIZON for Windows up to... |
| CVE-2024-46465 | 2024-11-15 | By default, dedicated folders of CRYHOD for Windows up to... |
| CVE-2024-46466 | 2024-11-15 | By default, dedicated folders of ZONECENTRAL for Windows up to... |
| CVE-2024-46467 | 2024-11-15 | By default, dedicated folders of ZONEPOINT for Windows up to... |
| CVE-2024-48068 | 2024-11-15 | A cross-site scripting (XSS) vulnerability in Shenzhen Landray Software Co.,LTD... |
| CVE-2024-49592 | 2024-11-15 | Trial installer for McAfee Total Protection (legacy trial installer software)... |
| CVE-2024-50647 | 2024-11-15 | The python_food ordering system V1.0 has an unauthorized vulnerability that... |
| CVE-2024-50648 | 2024-11-15 | yshopmall V1.0 has an arbitrary file upload vulnerability, which can... |
| CVE-2024-50649 | 2024-11-15 | The user avatar upload function in python_book V1.0 has an... |
| CVE-2024-50650 | 2024-11-15 | python_book V1.0 is vulnerable to Incorrect Access Control, which allows... |
| CVE-2024-50651 | 2024-11-15 | java_shop 1.0 is vulnerable to Incorrect Access Control, which allows... |
| CVE-2024-50652 | 2024-11-15 | A file upload vulnerability in java_shop 1.0 allows attackers to... |
| CVE-2024-50654 | 2024-11-15 | lilishop <=4.2.4 is vulnerable to Incorrect Access Control, which can... |
| CVE-2024-50655 | 2024-11-15 | emlog pro <=2.3.18 is vulnerable to Cross Site Scripting (XSS),... |
| CVE-2024-50724 | 2024-11-15 | KASO v9.0 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-50800 | 2024-11-15 | Cross Site Scripting vulnerability in M2000 Smart4Web before v.5.020241004 allows... |
| CVE-2024-50983 | 2024-11-15 | FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, which... |
| CVE-2024-50986 | 2024-11-15 | An issue in Clementine v.1.3.1 allows a local attacker to... |
| CVE-2024-51037 | 2024-11-15 | An issue in kodbox v.1.52.04 and before allows a remote... |
| CVE-2024-51141 | 2024-11-15 | An issue in TOTOLINK Bluetooth Wireless Adapter A600UB allows a... |
| CVE-2024-51142 | 2024-11-15 | Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows an... |
| CVE-2024-51164 | 2024-11-15 | Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via... |
| CVE-2024-51330 | 2024-11-15 | An issue in UltiMaker Cura v.4.41 and 5.8.1 and before... |
| CVE-2024-24452 | 2024-11-15 | An invalid memory access when handling the ProtocolIE_ID field of... |
| CVE-2024-24453 | 2024-11-15 | An invalid memory access when handling the ProtocolIE_ID field of... |
| CVE-2024-24454 | 2024-11-15 | An invalid memory access when handling the ProtocolIE_ID field of... |
| CVE-2024-24455 | 2024-11-15 | An invalid memory access when handling a UE Context Release... |
| CVE-2024-24457 | 2024-11-15 | An invalid memory access when handling the ProtocolIE_ID field of... |
| CVE-2024-24458 | 2024-11-15 | An invalid memory access when handling the ENB Configuration Transfer... |
| CVE-2024-24459 | 2024-11-15 | An invalid memory access when handling the ProtocolIE_ID field of... |
| CVE-2024-50653 | 2024-11-15 | CRMEB <=5.4.0 is vulnerable to Incorrect Access Control. Users can... |
| CVE-2024-11120 | 2024-11-15 | GeoVision EOL devices - OS Command Injection |
| CVE-2024-10924 | 2024-11-15 | Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass |
| CVE-2024-10897 | 2024-11-15 | Tutor LMS Elementor Addons <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation |
| CVE-2024-9609 | 2024-11-15 | LearnPress Export Import – WordPress extension for LearnPress <= 4.0.4 - Reflected Cross-Site Scripting |
| CVE-2024-42499 | 2024-11-15 | Improper limitation of a pathname to a restricted directory ('Path... |
| CVE-2024-39610 | 2024-11-15 | Cross-site scripting vulnerability exists in FitNesse releases prior to 20241026.... |
| CVE-2024-10113 | 2024-11-15 | WP AdCenter – Ad Manager & Adsense Ads <= 2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpadcenter_ad Shortcode |
| CVE-2024-10582 | 2024-11-15 | Music Player for Elementor – Audio Player & Podcast Player <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Template Import |
| CVE-2024-9356 | 2024-11-15 | Yotpo: Product & Photo Reviews for WooCommerce <= 1.7.8 - Reflected Cross-Site Scripting |
| CVE-2024-10260 | 2024-11-15 | Tripetto <= 8.0.3 - Unauthentiated Stored Cross-Site Scripting via Form File Upload |
| CVE-2024-10793 | 2024-11-15 | WP Activity Log <= 5.2.1 - Unauthenticated Stored Cross-Site Scripting via User_id Parameter |
| CVE-2024-10104 | 2024-11-15 | Jobs for WordPress < 2.7.8 - Contributor+ Stored XSS |
| CVE-2024-9529 | 2024-11-15 | Secure Custom Fields < 6.3.6.3 - Admin+ Remote Code Execution |
| CVE-2024-8961 | 2024-11-15 | Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10825 | 2024-11-15 | Hide My WP Ghost – Security & Firewall <= 5.3.01 - Reflected Cross-Site Scripting via URL |
| CVE-2024-45784 | 2024-11-15 | Apache Airflow: Sensitive configuration values are not masked in the logs by default |
| CVE-2024-8979 | 2024-11-15 | Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Author+) Sensitive Information Exposure to Privilege Escalation |
| CVE-2024-8978 | 2024-11-15 | Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders <= 6.0.9 - Authenticated (Contributor+) Sensitive Information Exposure |
| CVE-2024-10311 | 2024-11-15 | External Database Based Actions <= 0.1 - Authenticated (Subscriber+) Authentication Bypass |
| CVE-2024-10443 | 2024-11-15 | Improper neutralization of special elements used in a command ('Command... |
| CVE-2024-11182 | 2024-11-15 | Stored XSS vulnerability in MDaemon Email Server |
| CVE-2021-3741 | 2024-11-15 | Stored Cross-site Scripting (XSS) in chatwoot/chatwoot |
| CVE-2021-3742 | 2024-11-15 | Server-Side Request Forgery (SSRF) in chatwoot/chatwoot |
| CVE-2021-3838 | 2024-11-15 | PHAR Deserialization in dompdf/dompdf |
| CVE-2021-3841 | 2024-11-15 | Stored Cross-site Scripting (XSS) in sylius/sylius |
| CVE-2021-3902 | 2024-11-15 | Improper Restriction of XML External Entity Reference in dompdf/dompdf |
| CVE-2021-3986 | 2024-11-15 | Information Disclosure in janeczku/calibre-web |
| CVE-2021-3987 | 2024-11-15 | Improper Access Control in janeczku/calibre-web |
| CVE-2021-3988 | 2024-11-15 | Cross-site Scripting (XSS) in janeczku/calibre-web |
| CVE-2021-3991 | 2024-11-15 | Improper Authorization in dolibarr/dolibarr |
| CVE-2022-1884 | 2024-11-15 | Remote Command Execution in gogs/gogs |
| CVE-2023-0737 | 2024-11-15 | CSRF in wallabag/wallabag |
| CVE-2023-4679 | 2024-11-15 | Use After Free in gpac/gpac |
| CVE-2024-0787 | 2024-11-15 | Improper Restriction of Excessive Authentication Attempts in phpipam/phpipam |
| CVE-2024-1240 | 2024-11-15 | Open Redirection in pyload/pyload |
| CVE-2021-3740 | 2024-11-15 | Session Fixation in chatwoot/chatwoot |
| CVE-2024-1097 | 2024-11-15 | Stored XSS in craigk5n/webcalendar |
| CVE-2023-2332 | 2024-11-15 | Stored Cross-site Scripting (XSS) in pimcore/pimcore |
| CVE-2022-1226 | 2024-11-15 | Cross-site Scripting (XSS) in phpipam/phpipam |
| CVE-2023-0109 | 2024-11-15 | Stored XSS in usememos/memos |
| CVE-2024-0875 | 2024-11-15 | Stored XSS in openemr/openemr |
| CVE-2024-10534 | 2024-11-15 | Improper Access Control in Dataprom Informatics' PACS-ACSS |
| CVE-2024-11237 | 2024-11-15 | TP-Link VN020 F3v(T) DHCP DISCOVER Packet Parser TP-Thumper stack-based overflow |
| CVE-2024-11238 | 2024-11-15 | Landray EKP sysUiComponent.do delPreviewFile path traversal |
| CVE-2024-11239 | 2024-11-15 | Landray EKP API Interface import.do deleteFile path traversal |
| CVE-2024-11240 | 2024-11-15 | IBPhoenix ibWebAdmin Banco de Dados Tab database.php cross site scripting |
| CVE-2024-11241 | 2024-11-15 | code-projects Job Recruitment reset.php sql injection |
| CVE-2024-11242 | 2024-11-15 | ZZCMS Keyword Filtering ad_list.php sql injection |
| CVE-2024-41785 | 2024-11-15 | IBM Concert cross-site scripting |