CVE List - 2024 / November
Showing 3901 - 4000 of 4054 CVEs for November 2024 (Page 40 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-49502 | 2024-11-28 | Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web |
| CVE-2024-22038 | 2024-11-28 | DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge |
| CVE-2024-11599 | 2024-11-28 | Domain Restriction Bypass on Registration |
| CVE-2024-22037 | 2024-11-28 | Database password leaked by systemd uyuni-server-attestation service |
| CVE-2024-11103 | 2024-11-28 | Contest Gallery <= 24.0.7 - Unauthenticated Arbitrary Password Reset to Privilege Escalation/Account Takeover |
| CVE-2024-10798 | 2024-11-28 | Royal Elementor Addons and Templates <= 1.7.1003 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10670 | 2024-11-28 | Primary Addon for Elementor <= 1.6.2 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-8672 | 2024-11-28 | Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution |
| CVE-2024-10780 | 2024-11-28 | Restaurant & Cafe Addon for Elementor <= 1.5.9 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-11082 | 2024-11-28 | Tumult Hype Animations <= 1.9.15 - Authenticated (Author+) Arbitrary File Upload via hypeanimations_panel Function |
| CVE-2024-8308 | 2024-11-28 | Siempelkamp: SQL injection due to improper handling of HTTP request input data |
| CVE-2024-52475 | 2024-11-28 | WordPress Wawp plugin < 3.0.18 - Account Takeover vulnerability |
| CVE-2024-11620 | 2024-11-28 | WordPress Rank Math SEO plugin <= 1.0.231 - Arbitrary .htaccess Overwrite to Remote Code Execution (RCE) vulnerability |
| CVE-2024-52481 | 2024-11-28 | WordPress Jobify theme <= 4.2.3 - Unauthenticated Arbitrary File Read vulnerability |
| CVE-2024-52501 | 2024-11-28 | WordPress Office Locator plugin <= 1.3.0 - Local File Inclusion vulnerability |
| CVE-2024-52499 | 2024-11-28 | WordPress Pricing table addon for elementor plugin <= 1.0.0 - Local File Inclusion vulnerability |
| CVE-2024-52498 | 2024-11-28 | WordPress SP Blog Designer plugin <= 1.0.0 - Local File Inclusion vulnerability |
| CVE-2024-52497 | 2024-11-28 | WordPress Shopready plugin <= 3.5 - Local File Inclusion vulnerability |
| CVE-2024-52496 | 2024-11-28 | WordPress Absolute Addons For Elementor plugin <= 1.0.14 - Local File Inclusion vulnerability |
| CVE-2024-52490 | 2024-11-28 | WordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerability |
| CVE-2024-52495 | 2024-11-28 | WordPress Distance Based Shipping Calculator plugin <= 2.0.21 - SQL Injection vulnerability |
| CVE-2024-52474 | 2024-11-28 | WordPress Express Payments plugin <= 1.1.8 - SQL Injection vulnerability |
| CVE-2024-53737 | 2024-11-28 | WordPress WP Mailster plugin <= 1.8.16.0 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-11402 | 2024-11-28 | WordPress Block Editor Bootstrap Blocks plugin <= 6.6.1 - Reflected Cross Site Scripting (XSS) vulnerability |
| CVE-2024-53736 | 2024-11-28 | WordPress Custom Shortcode Sidebars plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53734 | 2024-11-28 | WordPress Idealien Category Enhancements plugin <= 1.2 - CSRF to Stored XSS vulnerability |
| CVE-2024-53733 | 2024-11-28 | WordPress Fence URL plugin <= 2.0.0 - CSRF to Stored XSS vulnerability |
| CVE-2024-53732 | 2024-11-28 | WordPress Footer Flyout Widget plugin <= 1.1 - CSRF to Stored XSS vulnerability |
| CVE-2024-53731 | 2024-11-28 | WordPress Fintelligence Calculator plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-7747 | 2024-11-28 | Wallet for WooCommerce <= 1.5.6 - Authenticated (Subscriber+) Incorrect Conversion between Numeric Types |
| CVE-2024-11959 | 2024-11-28 | D-Link DIR-605L formResetStatistic buffer overflow |
| CVE-2024-11960 | 2024-11-28 | D-Link DIR-605L formSetPortTr buffer overflow |
| CVE-2024-11961 | 2024-11-28 | Guangzhou Huayi Intelligent Technology Jeewms WmOmNoticeHController.java preHandle information disclosure |
| CVE-2023-52922 | 2024-11-28 | can: bcm: Fix UAF in bcm_proc_show() |
| CVE-2024-11962 | 2024-11-28 | code-projects Simple Car Rental System login.php sql injection |
| CVE-2024-11963 | 2024-11-28 | code-projects Responsive Hotel Site room.php sql injection |
| CVE-2024-11969 | 2024-11-28 | Incorrect default permissions in Cradlepoint NetCloud Exchange |
| CVE-2024-52338 | 2024-11-28 | Apache Arrow R package: Arbitrary code execution when loading a malicious data file |
| CVE-2024-11964 | 2024-11-28 | PHPGurukul Complaint Management system index.php sql injection |
| CVE-2024-11965 | 2024-11-28 | PHPGurukul Complaint Management system reset-password.php sql injection |
| CVE-2024-11966 | 2024-11-28 | PHPGurukul Complaint Management system index.php sql injection |
| CVE-2024-11967 | 2024-11-28 | PHPGurukul Complaint Management system reset-password.php sql injection |
| CVE-2024-11968 | 2024-11-28 | code-projects Farmacia pagamento.php sql injection |
| CVE-2024-11970 | 2024-11-28 | code-projects Concert Ticket Ordering System tour(cor).php sql injection |
| CVE-2024-11971 | 2024-11-28 | Guizhou Xiaoma Technology jpress Avatar upload cross site scripting |
| CVE-2024-8299 | 2024-11-28 | Malicious Code Execution Vulnerability in GENESIS64 and MC Works64 |
| CVE-2024-8300 | 2024-11-28 | Malicious Code Execution Vulnerability in GENESIS64 |
| CVE-2024-9852 | 2024-11-28 | Malicious Code Execution Vulnerability in GENESIS64 and MC Works64 |
| CVE-2024-35366 | 2024-11-29 | FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input.... |
| CVE-2024-35369 | 2024-11-29 | In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead... |
| CVE-2024-35371 | 2024-11-29 | Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers... |
| CVE-2024-35451 | 2024-11-29 | LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF. |
| CVE-2024-36611 | 2024-11-29 | In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is... |
| CVE-2024-36612 | 2024-11-29 | Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers. |
| CVE-2024-36615 | 2024-11-29 | FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would... |
| CVE-2024-36616 | 2024-11-29 | An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. |
| CVE-2024-36617 | 2024-11-29 | FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. |
| CVE-2024-36619 | 2024-11-29 | FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. |
| CVE-2024-36620 | 2024-11-29 | moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. |
| CVE-2024-36621 | 2024-11-29 | moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion. |
| CVE-2024-36622 | 2024-11-29 | In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter. |
| CVE-2024-36624 | 2024-11-29 | Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js. |
| CVE-2024-36625 | 2024-11-29 | Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts. |
| CVE-2024-36626 | 2024-11-29 | In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Tools.php. |
| CVE-2024-36671 | 2024-11-29 | nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the getnum function at /modules/struct.c. |
| CVE-2024-39162 | 2024-11-29 | pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| CVE-2024-45495 | 2024-11-29 | MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking. |
| CVE-2024-47193 | 2024-11-29 | WithSecure Elements Agent for Mac before 24.3, MDR before 24.3, and Elements Client Security for Mac before 16.10 allow a remote Denial of Service. |
| CVE-2024-48406 | 2024-11-29 | Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the power(uct_int_t x, uct_int_t n) in src/uct_upstream.c. |
| CVE-2024-52777 | 2024-11-29 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php. |
| CVE-2024-52778 | 2024-11-29 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php. |
| CVE-2024-52779 | 2024-11-29 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php. |
| CVE-2024-52780 | 2024-11-29 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php. |
| CVE-2024-52781 | 2024-11-29 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php. |
| CVE-2024-52782 | 2024-11-29 | DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php. |
| CVE-2024-53504 | 2024-11-29 | A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory. |
| CVE-2024-53505 | 2024-11-29 | A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent. |
| CVE-2024-53506 | 2024-11-29 | A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs. |
| CVE-2024-53507 | 2024-11-29 | A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems. |
| CVE-2024-53623 | 2024-11-29 | Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information. |
| CVE-2024-54123 | 2024-11-29 | Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format. |
| CVE-2024-54124 | 2024-11-29 | In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen. |
| CVE-2024-54159 | 2024-11-29 | stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack. |
| CVE-2024-35367 | 2024-11-29 | FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer |
| CVE-2024-35368 | 2024-11-29 | FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. |
| CVE-2024-36618 | 2024-11-29 | FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. |
| CVE-2024-36623 | 2024-11-29 | moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes. |
| CVE-2024-48651 | 2024-11-29 | In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql. |
| CVE-2024-11978 | 2024-11-29 | Interinfo DreamMaker - Arbitrary File Reading through Path Traversal |
| CVE-2024-11979 | 2024-11-29 | Interinfo DreamMaker - Unrestricted File Upload through Path Traversal |
| CVE-2024-53701 | 2024-11-29 | Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. Under certain conditions, and when an... |
| CVE-2024-10704 | 2024-11-29 | Photo Gallery by 10Web < 1.8.31 - Admin+ Stored XSS |
| CVE-2024-10980 | 2024-11-29 | Element Pack Elementor Addons < 5.10.3 - Contributor+ Stored XSS |
| CVE-2024-11980 | 2024-11-29 | Billion Electric router - Missing Authentication |
| CVE-2024-11981 | 2024-11-29 | Billion Electric router - Authentication Bypass |
| CVE-2024-11982 | 2024-11-29 | Billion Electric router - Plaintext Storage of a Password |
| CVE-2024-11983 | 2024-11-29 | Billion Electric router - OS Command Injection |
| CVE-2024-11481 | 2024-11-29 | A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation,... |
| CVE-2024-11482 | 2024-11-29 | A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user. |
| CVE-2024-9044 | 2024-11-29 | XML External Entity (XXE) Vulnerability in EasyTax |