CVE List - 2024 / November
Showing 3701 - 3800 of 4054 CVEs for November 2024 (Page 38 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-50367 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50368 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50369 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50370 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50371 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50372 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50373 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50374 | 2024-11-26 | A CWE-78 "Improper Neutralization of Special Elements used in an... |
| CVE-2024-50375 | 2024-11-26 | A CWE-306 "Missing Authentication for Critical Function" was discovered affecting... |
| CVE-2024-50376 | 2024-11-26 | A CWE-79 "Improper Neutralization of Input During Web Page Generation... |
| CVE-2024-50377 | 2024-11-26 | A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the... |
| CVE-2024-11024 | 2024-11-26 | AppPresser – Mobile App Framework <= 4.4.6 - Unauthenticated Privilege Escalation via Password Reset |
| CVE-2024-8899 | 2024-11-26 | Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Sensitive Information Exposure via sg_content_template |
| CVE-2024-10308 | 2024-11-26 | Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Countdown Widget |
| CVE-2024-10579 | 2024-11-26 | Hustle – Email Marketing, Lead Generation, Optins, Popups <= 7.8.5 - Missing Authorization to Unpublished Form Exposure |
| CVE-2024-47248 | 2024-11-26 | Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack |
| CVE-2023-1521 | 2024-11-26 | Local Privilege Escalation in sccache |
| CVE-2024-47249 | 2024-11-26 | Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler |
| CVE-2024-47250 | 2024-11-26 | Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access |
| CVE-2024-51569 | 2024-11-26 | Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler |
| CVE-2023-2142 | 2024-11-26 | Nunjucks autoescape bypass leads to cross site scripting |
| CVE-2023-0163 | 2024-11-26 | Prototype Pollution in convict |
| CVE-2024-38830 | 2024-11-26 | Local privilege escalation vulnerability |
| CVE-2024-38831 | 2024-11-26 | Local privilege escalation vulnerability (CVE-2024-38831) |
| CVE-2024-38832 | 2024-11-26 | Stored cross-site scripting vulnerability (CVE-2024-38832) |
| CVE-2024-38833 | 2024-11-26 | Stored cross-site scripting vulnerability (CVE-2024-38833) |
| CVE-2024-38834 | 2024-11-26 | Stored cross-site scripting vulnerability (CVE-2024-38834) |
| CVE-2024-9928 | 2024-11-26 | A vulnerability exists in NSD570 login panel that does not... |
| CVE-2024-9929 | 2024-11-26 | A vulnerability exists in NSD570 that allows any authenticated user... |
| CVE-2024-11691 | 2024-11-26 | Certain WebGL operations on Apple silicon M series devices could... |
| CVE-2024-11700 | 2024-11-26 | Malicious websites may have been able to perform user intent... |
| CVE-2024-11692 | 2024-11-26 | An attacker could cause a select dropdown to be shown... |
| CVE-2024-11701 | 2024-11-26 | The incorrect domain may have been displayed in the address... |
| CVE-2024-11702 | 2024-11-26 | Copying sensitive information from Private Browsing tabs on Android, such... |
| CVE-2024-11693 | 2024-11-26 | The executable file warning was not presented when downloading .library-ms... |
| CVE-2024-11694 | 2024-11-26 | Enhanced Tracking Protection's Strict mode may have inadvertently allowed a... |
| CVE-2024-11695 | 2024-11-26 | A crafted URL containing Arabic script and whitespace characters could... |
| CVE-2024-11703 | 2024-11-26 | On Android, Firefox may have inadvertently allowed viewing saved passwords... |
| CVE-2024-11696 | 2024-11-26 | The application failed to account for exceptions thrown by the... |
| CVE-2024-11697 | 2024-11-26 | When handling keypress events, an attacker may have been able... |
| CVE-2024-11704 | 2024-11-26 | A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling... |
| CVE-2024-11698 | 2024-11-26 | A flaw in handling fullscreen transitions may have inadvertently caused... |
| CVE-2024-11705 | 2024-11-26 | `NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL.... |
| CVE-2024-11706 | 2024-11-26 | A null pointer dereference may have inadvertently occurred in `pk12util`,... |
| CVE-2024-11708 | 2024-11-26 | Missing thread synchronization primitives could have led to a data... |
| CVE-2024-11699 | 2024-11-26 | Memory safety bugs present in Firefox 132, Firefox ESR 128.4,... |
| CVE-2024-53975 | 2024-11-26 | Accessing a non-secure HTTP site that uses a non-existent port... |
| CVE-2024-53976 | 2024-11-26 | Under certain circumstances, navigating to a webpage would result in... |
| CVE-2016-10408 | 2024-11-26 | Improper Access Control in Core. |
| CVE-2017-18306 | 2024-11-26 | Information Exposure in Camera Driver |
| CVE-2017-18307 | 2024-11-26 | Information Exposure in Kernel |
| CVE-2018-11816 | 2024-11-26 | Use After Free in Video |
| CVE-2018-5852 | 2024-11-26 | Buffer Over-read in IPA |
| CVE-2024-9461 | 2024-11-26 | Total Upkeep <= 1.16.6 - Authenticated (Administrator+) Remote Code Execution via Backup Settings |
| CVE-2024-8236 | 2024-11-26 | Elementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-22117 | 2024-11-26 | Value of sysmap_element_url can be de-synchronized causing the map element to crash when new URLs is added |
| CVE-2024-36463 | 2024-11-26 | The implementation of atob in "Zabbix JS" allows to create... |
| CVE-2024-52336 | 2024-11-26 | Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root |
| CVE-2024-52337 | 2024-11-26 | Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method |
| CVE-2024-11407 | 2024-11-26 | Denial of Service through Data corruption in gRPC-C++ |
| CVE-2024-10878 | 2024-11-26 | Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting |
| CVE-2024-32965 | 2024-11-26 | ssrf vulnerability in lobe-chat |
| CVE-2024-11668 | 2024-11-26 | Insufficient Session Expiration in GitLab |
| CVE-2024-8237 | 2024-11-26 | Inefficient Algorithmic Complexity in GitLab |
| CVE-2024-8177 | 2024-11-26 | Inefficient Algorithmic Complexity in GitLab |
| CVE-2024-8114 | 2024-11-26 | Missing Authorization in GitLab |
| CVE-2024-53844 | 2024-11-26 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in labsai/eddi |
| CVE-2024-11669 | 2024-11-26 | Incorrect Authorization in GitLab |
| CVE-2024-11828 | 2024-11-26 | Inefficient Algorithmic Complexity in GitLab |
| CVE-2024-53267 | 2024-11-26 | Vulnerability with bundle verification in sigstore-java |
| CVE-2024-52008 | 2024-11-26 | Password Policy Bypass Vulnerability in Fides Webserver |
| CVE-2024-8676 | 2024-11-26 | Cri-o: checkpoint restore can be triggered from different namespaces |
| CVE-2024-11145 | 2024-11-26 | Easy Folder Listing Pro deserialization vulnerability |
| CVE-2024-10240 | 2024-11-26 | Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab |
| CVE-2019-17082 | 2024-11-26 | Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass.... |
| CVE-2024-49035 | 2024-11-26 | Partner.Microsoft.Com Elevation of Privilege Vulnerability |
| CVE-2024-49038 | 2024-11-26 | Microsoft Copilot Studio Elevation Of Privilege Vulnerability |
| CVE-2024-49052 | 2024-11-26 | Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability |
| CVE-2024-49053 | 2024-11-26 | Microsoft Dynamics 365 Sales Spoofing Vulnerability |
| CVE-2024-11742 | 2024-11-26 | SourceCodester Best House Rental Management System ajax.php cross site scripting |
| CVE-2024-11743 | 2024-11-26 | SourceCodester Best House Rental Management System POST Request ajax.php cross-site request forgery |
| CVE-2024-43784 | 2024-11-26 | Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to it's deletion |
| CVE-2024-11744 | 2024-11-26 | 1000 Projects Portfolio Management System MCA register.php sql injection |
| CVE-2024-11745 | 2024-11-26 | Tenda AC8 SetStaticRouteCfg route_static_check stack-based overflow |
| CVE-2024-11622 | 2024-11-26 | An XML external entity injection (XXE) vulnerability in HPE Insight... |
| CVE-2024-53673 | 2024-11-26 | A java deserialization vulnerability in HPE Remote Insight Support may... |
| CVE-2024-53674 | 2024-11-26 | An XML external entity injection (XXE) vulnerability in HPE Insight... |
| CVE-2024-53675 | 2024-11-26 | An XML external entity injection (XXE) vulnerability in HPE Insight... |
| CVE-2024-11817 | 2024-11-26 | PHPGurukul User Registration & Login and User Management System index.php sql injection |
| CVE-2024-11818 | 2024-11-26 | PHPGurukul User Registration & Login and User Management System signup.php sql injection |
| CVE-2024-11819 | 2024-11-26 | 1000 Projects Portfolio Management System MCA forgot_password_process.php sql injection |
| CVE-2024-53849 | 2024-11-26 | Several stack buffer overflows and pointer overflows in editorconfig-core-c |
| CVE-2024-31976 | 2024-11-27 | EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker... |
| CVE-2024-37816 | 2024-11-27 | Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow. |
| CVE-2024-46054 | 2024-11-27 | OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload... |
| CVE-2024-46055 | 2024-11-27 | OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in... |
| CVE-2024-51228 | 2024-11-27 | An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT... |
| CVE-2024-52951 | 2024-11-27 | Stored Cross-Site Scripting in the Access Request History in Omada... |
| CVE-2024-53603 | 2024-11-27 | A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul... |
| CVE-2024-53604 | 2024-11-27 | A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul... |