CVE List - 2024 / November
Showing 2501 - 2600 of 4054 CVEs for November 2024 (Page 26 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-50278 | 2024-11-19 | dm cache: fix potential out-of-bounds access on the first resume |
| CVE-2024-50279 | 2024-11-19 | dm cache: fix out-of-bounds access to the dirty bitset when resizing |
| CVE-2024-50280 | 2024-11-19 | dm cache: fix flushing uninitialized delayed_work on cache_ctr error |
| CVE-2024-50281 | 2024-11-19 | KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation |
| CVE-2024-50282 | 2024-11-19 | drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() |
| CVE-2024-50283 | 2024-11-19 | ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp |
| CVE-2024-50284 | 2024-11-19 | ksmbd: Fix the missing xa_store error check |
| CVE-2024-50285 | 2024-11-19 | ksmbd: check outstanding simultaneous SMB operations |
| CVE-2024-50286 | 2024-11-19 | ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create |
| CVE-2024-50287 | 2024-11-19 | media: v4l2-tpg: prevent the risk of a division by zero |
| CVE-2024-50288 | 2024-11-19 | media: vivid: fix buffer overwrite when using > 32 buffers |
| CVE-2024-50289 | 2024-11-19 | media: av7110: fix a spectre vulnerability |
| CVE-2024-50290 | 2024-11-19 | media: cx24116: prevent overflows on SNR calculus |
| CVE-2024-50291 | 2024-11-19 | media: dvb-core: add missing buffer index check |
| CVE-2024-50292 | 2024-11-19 | ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove |
| CVE-2024-50293 | 2024-11-19 | net/smc: do not leave a dangling sk pointer in __smc_create() |
| CVE-2024-50294 | 2024-11-19 | rxrpc: Fix missing locking causing hanging calls |
| CVE-2024-50295 | 2024-11-19 | net: arc: fix the device for dma_map_single/dma_unmap_single |
| CVE-2024-50296 | 2024-11-19 | net: hns3: fix kernel crash when uninstalling driver |
| CVE-2024-50297 | 2024-11-19 | net: xilinx: axienet: Enqueue Tx packets in dql before dmaengine starts |
| CVE-2024-50298 | 2024-11-19 | net: enetc: allocate vf_state during PF probes |
| CVE-2024-50299 | 2024-11-19 | sctp: properly validate chunk size in sctp_sf_ootb() |
| CVE-2024-50300 | 2024-11-19 | regulator: rtq2208: Fix uninitialized use of regulator_config |
| CVE-2024-50301 | 2024-11-19 | security/keys: fix slab-out-of-bounds in key_task_permission |
| CVE-2024-50302 | 2024-11-19 | HID: core: zero-initialize the report buffer |
| CVE-2024-21539 | 2024-11-19 | Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to... |
| CVE-2024-8403 | 2024-11-19 | Denial-of-Service Vulnerability in Ethernet port on MELSEC iQ-F Ethernet Module and EtherNet/IP Module |
| CVE-2024-10103 | 2024-11-19 | MailPoet < 5.3.2 - Admin+ Stored XSS |
| CVE-2024-11098 | 2024-11-19 | SVG Block <= 1.1.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-10268 | 2024-11-19 | MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar <= 5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via sonaar_audioplayer Shortcode |
| CVE-2024-11069 | 2024-11-19 | WordPress GDPR <= 2.0.2 - Missing Authorization to Unauthenticated Arbitrary User Deletion |
| CVE-2024-10388 | 2024-11-19 | WordPress GDPR <= 2.0.2 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2024-31141 | 2024-11-19 | Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider |
| CVE-2024-11038 | 2024-11-19 | WPB Popup for Contact Form 7 – Showing The Contact Form 7 Popup on Button Click – CF7 Popup <= 1.7.5 - Unauthenticated Arbitrary Shortcode Execution via wpb_pcf_fire_contact_form |
| CVE-2024-11036 | 2024-11-19 | GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress <= 7.1.5 - Unauthenticated Arbitrary Shortcode Execution via gamipress_get_user_earnings |
| CVE-2024-11195 | 2024-11-19 | Email Subscription Popup <= 1.2.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via print_email_subscribe_form Shortcode |
| CVE-2024-11194 | 2024-11-19 | Classified Listing – Classified ads & Business Directory Plugin <= 3.1.15.1 - Authenticated (Subscriber+) Limited Arbitrary Option Update |
| CVE-2024-11224 | 2024-11-19 | Parallax Image <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via position Parameter |
| CVE-2024-11198 | 2024-11-19 | GD Rating System <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via extra_class Parameter |
| CVE-2024-9830 | 2024-11-19 | Bard <= 2.216 - Reflected Cross-Site Scripting via add_query_arg Parameter |
| CVE-2024-9777 | 2024-11-19 | Ashe <= 2.243 - Reflected Cross-Site Scripting via add_query_arg Parameter |
| CVE-2024-11075 | 2024-11-19 | SICK Incoming Goods Suite privilege escalation vulnerability |
| CVE-2024-10204 | 2024-11-19 | Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025 |
| CVE-2024-10524 | 2024-11-19 | GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs |
| CVE-2024-52582 | 2024-11-19 | cachi2 allows traceback prints locals |
| CVE-2024-52600 | 2024-11-19 | Statamic CMS has Path Traversal in Asset Upload |
| CVE-2024-52395 | 2024-11-19 | WordPress Floating Buttons for WooCommerce plugin <= 2.8.8 - Broken Access Control vulnerability |
| CVE-2024-51817 | 2024-11-19 | WordPress Combo WP Rewrite Slugs plugin <= 1.0 - Settings Change vulnerability |
| CVE-2024-51671 | 2024-11-19 | WordPress Otter Blocks plugin <= 3.0.3 - Broken Access Control vulnerability |
| CVE-2024-51660 | 2024-11-19 | WordPress Easy Accordion Gutenberg Block plugin <= 1.2.3 - Broken Access Control vulnerability |
| CVE-2024-50417 | 2024-11-19 | WordPress Bold Page Builder plugin <= 5.1.3 - Broken Access Control vulnerability |
| CVE-2024-49697 | 2024-11-19 | WordPress Sunshine Photo Cart plugin <= 3.2.9 - Broken Access Control vulnerability |
| CVE-2024-49689 | 2024-11-19 | WordPress HD Quiz – Save Results Light plugin <= 0.5 - Broken Access Control vulnerability |
| CVE-2024-49680 | 2024-11-19 | WordPress wpvr plugin <= 8.5.5 - Broken Access Control vulnerability |
| CVE-2024-51938 | 2024-11-19 | WordPress Charity Addon for Elementor plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51937 | 2024-11-19 | WordPress IA Map Analytics Basic plugin <= 20170413 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51936 | 2024-11-19 | WordPress ESB Testimonials plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51935 | 2024-11-19 | WordPress Fast Video and Image Display plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51934 | 2024-11-19 | WordPress Ekiline Block Collection plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51933 | 2024-11-19 | WordPress Cookie Nonsense for YT plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51932 | 2024-11-19 | WordPress Kings Tab Slider plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51931 | 2024-11-19 | WordPress AzonBox plugin <= 1.1.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51930 | 2024-11-19 | WordPress Custom URL Shortener plugin <= 0.3.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51929 | 2024-11-19 | WordPress Icon Widget plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51928 | 2024-11-19 | WordPress Blocks Post Grid plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51927 | 2024-11-19 | WordPress Rig Elements For Elementor plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51926 | 2024-11-19 | WordPress GreenCon plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51925 | 2024-11-19 | WordPress Testimonial Slider Shortcode plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51924 | 2024-11-19 | WordPress WP Agenda plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51923 | 2024-11-19 | WordPress Websand Subscription Form plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51922 | 2024-11-19 | WordPress VP Sitemap plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51921 | 2024-11-19 | WordPress scrollup plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51920 | 2024-11-19 | WordPress Map Store Locator plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51918 | 2024-11-19 | WordPress Pay With Stripe plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51917 | 2024-11-19 | WordPress Multiple Votes in one page plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51916 | 2024-11-19 | WordPress Multifox Plus plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51914 | 2024-11-19 | WordPress drop in image slideshow gallery plugin <= 12.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51913 | 2024-11-19 | WordPress Mapme plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51912 | 2024-11-19 | WordPress IntelliWidget Elements plugin <= 2.2.7 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51911 | 2024-11-19 | WordPress Featured product by category name plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51910 | 2024-11-19 | WordPress Assist24 Help Desk plugin <= 20150401.2 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51909 | 2024-11-19 | WordPress audioCase plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51908 | 2024-11-19 | WordPress Adventure Bucket List plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51907 | 2024-11-19 | WordPress WP Virtual Room Configurator plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51906 | 2024-11-19 | WordPress RSV 360 View plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51905 | 2024-11-19 | WordPress RSV PDF Preview plugin <= 1.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51904 | 2024-11-19 | WordPress Embed documents shortcode plugin <= 1.5 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51903 | 2024-11-19 | WordPress WP Listings Pro plugin <= 3.0.14 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51902 | 2024-11-19 | WordPress TinyCode plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51901 | 2024-11-19 | WordPress Smooth Maps plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51899 | 2024-11-19 | WordPress Simple Pricing Table plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51898 | 2024-11-19 | WordPress Semantic Shortcode plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51897 | 2024-11-19 | WordPress News Articles plugin <= 1.0.0 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51896 | 2024-11-19 | WordPress Magic Slider plugin <= 1.3 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51895 | 2024-11-19 | WordPress Minical Hotel Booking Plugin plugin <= 1.0.2 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51894 | 2024-11-19 | WordPress Topbar ID for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51893 | 2024-11-19 | WordPress Postify: Post Layout For Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51892 | 2024-11-19 | WordPress Sell Media File with Stripe plugin <= 1.0.6 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51891 | 2024-11-19 | WordPress Official SalesWizard CRM Plugin plugin <= 1.0.2 - Stored Cross Site Scripting (XSS) vulnerability |
| CVE-2024-51890 | 2024-11-19 | WordPress Geoportail Shortcode plugin <= 2.4.4 - Stored Cross Site Scripting (XSS) vulnerability |