CVE List - 2024 / November
Showing 3601 - 3700 of 4054 CVEs for November 2024 (Page 37 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-12491 | 2024-11-25 | Framework Information Disclosure Vulnerability |
| CVE-2020-12492 | 2024-11-25 | Wifi information acquisition vulnerability in Framework Services |
| CVE-2024-11498 | 2024-11-25 | Resource exhaustion via Stack overflow in libjxl |
| CVE-2024-11403 | 2024-11-25 | Out of Bounds Memory Read/Write in libjxl |
| CVE-2024-27134 | 2024-11-25 | Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf |
| CVE-2024-11672 | 2024-11-25 | Incorrect authorization in the add permission component in Devolutions Remote... |
| CVE-2024-11671 | 2024-11-25 | Improper authentication in SQL data source MFA validation in Devolutions... |
| CVE-2024-11670 | 2024-11-25 | Incorrect authorization in the permission validation component of Devolutions Remote... |
| CVE-2023-45181 | 2024-11-25 | IBM Jazz Foundation cross-site scripting |
| CVE-2023-26280 | 2024-11-25 | IBM Jazz Foundation improper access control |
| CVE-2024-7915 | 2024-11-25 | macOS Sensei Mac Cleaner Local Privilege Escalation via PID Reuse - Race Condition Attack |
| CVE-2024-8272 | 2024-11-25 | macOS Universal Audio (UAConnect) <= 2.7.0 - Local Privilege Escalation |
| CVE-2024-51723 | 2024-11-25 | Vulnerability in Management Console Impacts BlackBerry AtHoc |
| CVE-2024-32468 | 2024-11-25 | Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator |
| CVE-2024-52529 | 2024-11-25 | Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in Cilium |
| CVE-2024-52811 | 2024-11-25 | Acks not validated before logged to qlog leads to buffer overflow in ngtcp2 |
| CVE-2024-53255 | 2024-11-25 | Reflected Cross-site Scripting in /admin?page=media via file Parameter in BoidCMS |
| CVE-2024-53262 | 2024-11-25 | Unescaped error message included on error page in SvelteKit |
| CVE-2024-53261 | 2024-11-25 | Cross-Site Scripting attack (XSS) on dev mode 404 page in SvelteKit |
| CVE-2024-53258 | 2024-11-25 | download_all_submissions allows student to download another student's submissions in Autolab |
| CVE-2024-53268 | 2024-11-25 | Lack of validation on openExternal allows 1 click remote code execution in joplin |
| CVE-2024-53096 | 2024-11-25 | mm: resolve faulty mmap_region() error path behaviour |
| CVE-2024-53097 | 2024-11-25 | mm: krealloc: Fix MTE false alarm in __do_krealloc |
| CVE-2024-53098 | 2024-11-25 | drm/xe/ufence: Prefetch ufence addr to catch bogus address |
| CVE-2024-53099 | 2024-11-25 | bpf: Check validity of link->type in bpf_link_show_fdinfo() |
| CVE-2024-53100 | 2024-11-25 | nvme: tcp: avoid race between queue_lock lock and destroy |
| CVE-2024-53101 | 2024-11-25 | fs: Fix uninitialized value issue in from_kuid and from_kgid |
| CVE-2024-11673 | 2024-11-25 | 1000 Projects Bookstore Management System cross-site request forgery |
| CVE-2024-53843 | 2024-11-25 | Reflected XSS Vulnerability in Authentication Flow URL Handling in @dapperduckling/keycloak-connector-server |
| CVE-2024-11674 | 2024-11-25 | CodeAstro Hospital Management System his_doc_update-account.php unrestricted upload |
| CVE-2024-50942 | 2024-11-26 | qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability... |
| CVE-2024-51058 | 2024-11-26 | Local File Inclusion (LFI) vulnerability has been discovered in TCPDF... |
| CVE-2024-53365 | 2024-11-26 | A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL... |
| CVE-2024-53555 | 2024-11-26 | A CSV injection vulnerability in Taiga v6.8.1 allows attackers to... |
| CVE-2024-53619 | 2024-11-26 | An authenticated arbitrary file upload vulnerability in the Documents module... |
| CVE-2024-53620 | 2024-11-26 | A cross-site scripting (XSS) vulnerability in the Article module of... |
| CVE-2024-11675 | 2024-11-26 | CodeAstro Hospital Management System Add Patient Details Page his_admin_register_patient.php cross site scripting |
| CVE-2024-11676 | 2024-11-26 | CodeAstro Hospital Management System Add Laboratory Equipment Page his_admin_add_lab_equipment.php cross site scripting |
| CVE-2024-52899 | 2024-11-26 | IBM Data Virtualization Manager code execution |
| CVE-2024-11677 | 2024-11-26 | CodeAstro Hospital Management System Add Vendor Details Page his_admin_add_vendor.php cross site scripting |
| CVE-2024-11678 | 2024-11-26 | CodeAstro Hospital Management System his_doc_register_patient.php cross site scripting |
| CVE-2024-10729 | 2024-11-26 | Booking & Appointment Plugin for WooCommerce <= 6.9.0 - Authenticated (Subscriber+) Arbitrary Option Update |
| CVE-2024-49595 | 2024-11-26 | Dell Wyse Management Suite, version WMS 4.4 and before, contain... |
| CVE-2024-49597 | 2024-11-26 | Dell Wyse Management Suite, versions WMS 4.4 and prior, contain... |
| CVE-2024-49596 | 2024-11-26 | Dell Wyse Management Suite, version WMS 4.4 and prior, contain... |
| CVE-2024-49351 | 2024-11-26 | IBM Workload Scheduler information disclosure |
| CVE-2024-49353 | 2024-11-26 | IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data denial of service |
| CVE-2024-11342 | 2024-11-26 | Skt NURCaptcha <= 3.5.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11418 | 2024-11-26 | Additional Order Filters for WooCommerce <= 1.21 - Reflected Cross-Site Scripting |
| CVE-2024-53278 | 2024-11-26 | Cross-site scripting vulnerability exists in WP Admin UI Customize versions... |
| CVE-2024-10570 | 2024-11-26 | Security & Malware scan by CleanTalk <= 2.145 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection |
| CVE-2024-10781 | 2024-11-26 | Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.44 - Authorization Bypass due to Missing Empty Value Check to Unauthenticated Arbitrary Plugin Installation |
| CVE-2024-10542 | 2024-11-26 | Spam protection, Anti-Spam, FireWall by CleanTalk <= 6.43.2 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated Arbitrary Plugin Installation |
| CVE-2024-10471 | 2024-11-26 | Everest Forms < 3.0.4.2 - Admin+ Stored XSS |
| CVE-2024-11002 | 2024-11-26 | InPost Gallery <= 2.1.4.2 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via inpost_gallery_get_shortcode_template |
| CVE-2024-10857 | 2024-11-26 | Product Input Fields for WooCommerce <= 1.9 - Authenticated (Contributor+) Arbitrary File Read |
| CVE-2024-6476 | 2024-11-26 | Gee-netics, member of the AXIS Camera Station Pro Bug Bounty... |
| CVE-2024-6749 | 2024-11-26 | Seth Fogie, member of the AXIS Camera Station Pro Bug... |
| CVE-2024-6831 | 2024-11-26 | Seth Fogie, member of AXIS Camera Station Pro Bug Bounty... |
| CVE-2024-47257 | 2024-11-26 | Florent Thiéry has found that selected Axis devices were vulnerable... |
| CVE-2024-8772 | 2024-11-26 | 51l3nc3, member of the AXIS OS Bug Bounty Program, has... |
| CVE-2024-8160 | 2024-11-26 | Erik de Jong, member of the AXIS OS Bug Bounty... |
| CVE-2024-9504 | 2024-11-26 | Booking calendar, Appointment Booking System <= 3.2.15 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-11202 | 2024-11-26 | Multiple Plugins <= (Various Versions) - Reflected Cross-Site Scripting via cminds_free_guide Shortcode |
| CVE-2024-28038 | 2024-11-26 | The web interface of the affected devices processes a cookie... |
| CVE-2024-28955 | 2024-11-26 | Affected devices create coredump files when crashed, storing them with... |
| CVE-2024-29146 | 2024-11-26 | User passwords are decrypted and stored on memory before any... |
| CVE-2024-29978 | 2024-11-26 | User passwords are decrypted and stored on memory before any... |
| CVE-2024-32151 | 2024-11-26 | User passwords are decrypted and stored on memory before any... |
| CVE-2024-33605 | 2024-11-26 | Improper processing of some parameters of installed_emanual_list.html leads to a... |
| CVE-2024-33610 | 2024-11-26 | "sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides... |
| CVE-2024-33616 | 2024-11-26 | Admin authentication can be bypassed with some specific invalid credentials,... |
| CVE-2024-34162 | 2024-11-26 | The web interface of the affected devices is designed to... |
| CVE-2024-35244 | 2024-11-26 | There are several hidden accounts. Some of them are intended... |
| CVE-2024-36248 | 2024-11-26 | API keys for some cloud services are hardcoded in the... |
| CVE-2024-36249 | 2024-11-26 | Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech... |
| CVE-2024-36251 | 2024-11-26 | The web interface of the affected devices process some crafted... |
| CVE-2024-36254 | 2024-11-26 | Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec... |
| CVE-2024-9170 | 2024-11-26 | Booster for WooCommerce <= 7.2.3 - Authenticated (ShopManager+) Stored Cross-Site Scripting via wcj_product_meta Shortcode |
| CVE-2024-11119 | 2024-11-26 | BNE Gallery Extended <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via gallery Shortcode |
| CVE-2024-11192 | 2024-11-26 | Spotify Play Button for WordPress <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode |
| CVE-2024-11091 | 2024-11-26 | Support SVG – Upload svg files in wordpress without hassle <= 1.1.0 - Authenticated (Author+) Stored Cross-site Scripting via SVG File Upload |
| CVE-2016-10394 | 2024-11-26 | Improper Authentication in Core |
| CVE-2017-11076 | 2024-11-26 | Use of Out-of-range Pointer Offset in Video |
| CVE-2017-15832 | 2024-11-26 | Buffer overwrite due to improper input validation in WLAN host |
| CVE-2017-17772 | 2024-11-26 | Multiple buffer overread vulnerabilities in WLAN |
| CVE-2017-18153 | 2024-11-26 | Use After Free in WLAN |
| CVE-2018-11922 | 2024-11-26 | Configurations in Android Build |
| CVE-2018-11952 | 2024-11-26 | Improper Authentication in TrustZone |
| CVE-2024-11032 | 2024-11-26 | Parsi Date <= 5.1.1 - Reflected Cross-Site Scripting via add_query_arg Parameter |
| CVE-2024-11680 | 2024-11-26 | ProjectSend Unauthenticated Configuration Modification |
| CVE-2024-50358 | 2024-11-26 | A CWE-15 "External Control of System or Configuration Setting" was... |
| CVE-2024-50359 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50360 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50361 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50362 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50363 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50364 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50365 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50366 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |