CVE List - 2024 / November
Showing 501 - 600 of 4054 CVEs for November 2024 (Page 6 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-51515 | 2024-11-05 | Race condition vulnerability in the kernel network module Impact:Successful exploitation... |
| CVE-2024-51516 | 2024-11-05 | Permission control vulnerability in the ability module Impact: Successful exploitation... |
| CVE-2024-51517 | 2024-11-05 | Vulnerability of improper memory access in the phone service module... |
| CVE-2024-51518 | 2024-11-05 | Vulnerability of message types not being verified in the advanced... |
| CVE-2024-47253 | 2024-11-05 | In 2N Access Commander versions 3.1.1.2 and prior, a Path... |
| CVE-2024-51519 | 2024-11-05 | Vulnerability of input parameters not being verified in the HDC... |
| CVE-2024-51520 | 2024-11-05 | Vulnerability of input parameters not being verified in the HDC... |
| CVE-2024-51521 | 2024-11-05 | Input parameter verification vulnerability in the background service module Impact:... |
| CVE-2024-47254 | 2024-11-05 | In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient... |
| CVE-2024-51522 | 2024-11-05 | Vulnerability of improper device information processing in the device management... |
| CVE-2024-51523 | 2024-11-05 | Information management vulnerability in the Gallery module Impact: Successful exploitation... |
| CVE-2024-51524 | 2024-11-05 | Permission control vulnerability in the Wi-Fi module Impact: Successful exploitation... |
| CVE-2024-47255 | 2024-11-05 | In 2N Access Commander versions 3.1.1.2 and prior, a local... |
| CVE-2024-51525 | 2024-11-05 | Permission control vulnerability in the clipboard module Impact: Successful exploitation... |
| CVE-2024-51526 | 2024-11-05 | Permission control vulnerability in the hidebug module Impact: Successful exploitation... |
| CVE-2024-51527 | 2024-11-05 | Permission control vulnerability in the Gallery app Impact: Successful exploitation... |
| CVE-2024-7429 | 2024-11-05 | Zotpress <= 7.3.12 - Missing Authorization |
| CVE-2024-9878 | 2024-11-05 | Photo Gallery by 10Web <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-10687 | 2024-11-05 | Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 24.0.3 - Unauthenticated SQL Injection |
| CVE-2024-51528 | 2024-11-05 | Vulnerability of improper log printing in the Super Home Screen... |
| CVE-2023-52920 | 2024-11-05 | bpf: support non-r10 register spill/fill to/from stack in precision tracking |
| CVE-2024-10319 | 2024-11-05 | 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Template |
| CVE-2024-9178 | 2024-11-05 | XT Floating Cart for WooCommerce <= 2.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload |
| CVE-2024-51529 | 2024-11-05 | Data verification vulnerability in the battery module Impact: Successful exploitation... |
| CVE-2024-51530 | 2024-11-05 | LaunchAnywhere vulnerability in the account module Impact: Successful exploitation of... |
| CVE-2024-9657 | 2024-11-05 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting |
| CVE-2024-9867 | 2024-11-05 | Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.2 - Authenticated (Contributor+ Stored Cross-Site Scripting via Open Map Widget |
| CVE-2024-10263 | 2024-11-05 | Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-10840 | 2024-11-05 | romadebrian WEB-Sekolah Backend akun_edit.php cross site scripting |
| CVE-2024-7059 | 2024-11-05 | A high-severity vulnerability that can lead to arbitrary code execution... |
| CVE-2024-10329 | 2024-11-05 | Ultimate Bootstrap Elements for Elementor <= 1.4.6 - Authenticated (Contributor+) Sensitive Information Exposure |
| CVE-2024-10841 | 2024-11-05 | romadebrian WEB-Sekolah Mail Proses_Kirim.php sql injection |
| CVE-2024-10842 | 2024-11-05 | romadebrian WEB-Sekolah Backend Proses_Edit_Akun.php cross site scripting |
| CVE-2024-10844 | 2024-11-05 | 1000 Projects Bookstore Management System search.php sql injection |
| CVE-2024-10845 | 2024-11-05 | 1000 Projects Bookstore Management System book_detail.php sql injection |
| CVE-2023-29114 | 2024-11-05 | Unauthorized System Log Disclosure in Enel X JuiceBox |
| CVE-2023-29115 | 2024-11-05 | Denial of Service via Web Management interface in Enel X JuiceBox |
| CVE-2023-29116 | 2024-11-05 | PHP Information Disclosure in Enel X JuiceBox |
| CVE-2023-29117 | 2024-11-05 | Authentication Bypass in JuiceBox Web Manager interface |
| CVE-2023-29118 | 2024-11-05 | Unauthorized SQLite Injection in Enel X Juicebox |
| CVE-2023-29119 | 2024-11-05 | Unauthorized SQLite Injection |
| CVE-2023-29120 | 2024-11-05 | Unauthorized Remote Command Execution in Enel X Juicebox |
| CVE-2023-29121 | 2024-11-05 | Exposed TCF agent service in Enel X Juicebox |
| CVE-2023-29122 | 2024-11-05 | Incorrect file ownership of privileged service's libraries in Enel X JuiceBox |
| CVE-2023-29125 | 2024-11-05 | Heap overflow in CM_main.exe binary in Enel X JuiceBox |
| CVE-2023-29126 | 2024-11-05 | Insecure loose comparison in Enel X JuiceBox |
| CVE-2024-9579 | 2024-11-05 | Certain Poly Video Conference Devices – Potential Remote Code Execution |
| CVE-2024-49522 | 2024-11-05 | Substance3D - Painter | Out-of-bounds Write (CWE-787) |
| CVE-2024-50090 | 2024-11-05 | drm/xe/oa: Fix overflow in oa batch buffer |
| CVE-2024-50091 | 2024-11-05 | dm vdo: don't refer to dedupe_context after releasing it |
| CVE-2024-50092 | 2024-11-05 | net: netconsole: fix wrong warning |
| CVE-2024-50093 | 2024-11-05 | thermal: intel: int340x: processor: Fix warning during module unload |
| CVE-2024-50094 | 2024-11-05 | sfc: Don't invoke xdp_do_flush() from netpoll. |
| CVE-2024-50095 | 2024-11-05 | RDMA/mad: Improve handling of timed out WRs of mad agent |
| CVE-2024-50096 | 2024-11-05 | nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error |
| CVE-2024-50097 | 2024-11-05 | net: fec: don't save PTP state if PTP is unsupported |
| CVE-2024-50098 | 2024-11-05 | scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down |
| CVE-2024-50099 | 2024-11-05 | arm64: probes: Remove broken LDR (literal) uprobe support |
| CVE-2024-50100 | 2024-11-05 | USB: gadget: dummy-hcd: Fix "task hung" problem |
| CVE-2024-50101 | 2024-11-05 | iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices |
| CVE-2024-50102 | 2024-11-05 | x86: fix user address masking non-canonical speculation issue |
| CVE-2024-50103 | 2024-11-05 | ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() |
| CVE-2024-50104 | 2024-11-05 | ASoC: qcom: sdm845: add missing soundwire runtime stream alloc |
| CVE-2024-50105 | 2024-11-05 | ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc |
| CVE-2024-50106 | 2024-11-05 | nfsd: fix race between laundromat and free_stateid |
| CVE-2024-50107 | 2024-11-05 | platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses |
| CVE-2024-50108 | 2024-11-05 | drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too |
| CVE-2024-50109 | 2024-11-05 | md/raid10: fix null ptr dereference in raid10_size() |
| CVE-2024-50110 | 2024-11-05 | xfrm: fix one more kernel-infoleak in algo dumping |
| CVE-2024-50111 | 2024-11-05 | LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context |
| CVE-2024-50112 | 2024-11-05 | x86/lam: Disable ADDRESS_MASKING in most cases |
| CVE-2024-50113 | 2024-11-05 | firewire: core: fix invalid port index for parent device |
| CVE-2024-50114 | 2024-11-05 | KVM: arm64: Unregister redistributor for failed vCPU creation |
| CVE-2024-50115 | 2024-11-05 | KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory |
| CVE-2024-50116 | 2024-11-05 | nilfs2: fix kernel bug due to missing clearing of buffer delay flag |
| CVE-2024-50117 | 2024-11-05 | drm/amd: Guard against bad data for ATIF ACPI method |
| CVE-2024-50118 | 2024-11-05 | btrfs: reject ro->rw reconfiguration if there are hard ro requirements |
| CVE-2024-50119 | 2024-11-05 | cifs: fix warning when destroy 'cifs_io_request_pool' |
| CVE-2024-50120 | 2024-11-05 | smb: client: Handle kstrdup failures for passwords |
| CVE-2024-50121 | 2024-11-05 | nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net |
| CVE-2024-50122 | 2024-11-05 | PCI: Hold rescan lock while adding devices during host probe |
| CVE-2024-50123 | 2024-11-05 | bpf: Add the missing BPF_LINK_TYPE invocation for sockmap |
| CVE-2024-50124 | 2024-11-05 | Bluetooth: ISO: Fix UAF on iso_sock_timeout |
| CVE-2024-50125 | 2024-11-05 | Bluetooth: SCO: Fix UAF on sco_sock_timeout |
| CVE-2024-50126 | 2024-11-05 | net: sched: use RCU read-side critical section in taprio_dump() |
| CVE-2024-50127 | 2024-11-05 | net: sched: fix use-after-free in taprio_change() |
| CVE-2024-50128 | 2024-11-05 | net: wwan: fix global oob in wwan_rtnl_policy |
| CVE-2024-50129 | 2024-11-05 | net: pse-pd: Fix out of bound for loop |
| CVE-2024-50130 | 2024-11-05 | netfilter: bpf: must hold reference on net namespace |
| CVE-2024-50131 | 2024-11-05 | tracing: Consider the NULL character when validating the event length |
| CVE-2024-50132 | 2024-11-05 | tracing/probes: Fix MAX_TRACE_ARGS limit handling |
| CVE-2024-50133 | 2024-11-05 | LoongArch: Don't crash in stack_top() for tasks without vDSO |
| CVE-2024-50134 | 2024-11-05 | drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA |
| CVE-2024-50135 | 2024-11-05 | nvme-pci: fix race condition between reset and nvme_dev_disable() |
| CVE-2024-50136 | 2024-11-05 | net/mlx5: Unregister notifier on eswitch init failure |
| CVE-2024-50137 | 2024-11-05 | reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC |
| CVE-2024-50138 | 2024-11-05 | bpf: Use raw_spinlock_t in ringbuf |
| CVE-2024-51739 | 2024-11-05 | Users enumeration allowed through Rest API in Combodo iTop |
| CVE-2024-51740 | 2024-11-05 | SSRF through arbitrary PHP class instantiation in the user portal in Combodo iTop |
| CVE-2024-51493 | 2024-11-05 | API key access in settings without reauthentication in OctoPrint |