CVE List - 2024 / November
Showing 701 - 800 of 4054 CVEs for November 2024 (Page 8 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-20418 | 2024-11-06 | Cisco Ultra-Reliable Wireless Backhaul Software Command Injection Vulnerability |
| CVE-2024-51751 | 2024-11-06 | Arbitrary file read with File and UploadButton components in Gradio |
| CVE-2024-51988 | 2024-11-06 | HTTP API's queue deletion endpoint does not verify that the user has a required permission |
| CVE-2024-51757 | 2024-11-06 | Fixes security vulnerability that allowed for server side code to be executed by a <script> tag |
| CVE-2024-51755 | 2024-11-06 | Unguarded calls to __isset() and to array-accesses when the sandbox is enabled in Twig |
| CVE-2024-51754 | 2024-11-06 | Unguarded calls to __toString() when nesting an object into an array in Twig |
| CVE-2024-10941 | 2024-11-06 | A malicious website could have included an iframe with an... |
| CVE-2024-51736 | 2024-11-06 | Command execution hijack on Windows with Process class in symfony/process |
| CVE-2024-50345 | 2024-11-06 | Open redirect via browser-sanitized URLs in symfony/http-foundation |
| CVE-2024-10926 | 2024-11-06 | IBPhoenix ibWebAdmin Tabelas Section toggle_fold_panel.php cross site scripting |
| CVE-2024-50343 | 2024-11-06 | Incorrect response from Validator when input ends with `\n` in symfony/validator |
| CVE-2024-50342 | 2024-11-06 | Internal address and port enumeration allowed by NoPrivateNetworkHttpClient in symfony/http-client |
| CVE-2024-50341 | 2024-11-06 | Security::login does not take into account custom user_checker in symfony/security-bundle |
| CVE-2024-50340 | 2024-11-06 | Ability to change environment from query in symfony/runtime |
| CVE-2024-10927 | 2024-11-06 | MonoCMS Account Information Page account.php cross site scripting |
| CVE-2024-10928 | 2024-11-06 | MonoCMS Posts Page opensaved.php cross site scripting |
| CVE-2019-20457 | 2024-11-07 | An issue was discovered on Brother MFC-J491DW C1806180757 devices. The... |
| CVE-2019-20458 | 2024-11-07 | An issue was discovered on Epson Expression Home XP255 20.08.FM10I8... |
| CVE-2019-20459 | 2024-11-07 | An issue was discovered on Epson Expression Home XP255 20.08.FM10I8... |
| CVE-2019-20460 | 2024-11-07 | An issue was discovered on Epson Expression Home XP255 20.08.FM10I8... |
| CVE-2019-20461 | 2024-11-07 | An issue was discovered on Alecto IVM-100 2019-11-12 devices. The... |
| CVE-2019-20469 | 2024-11-07 | An issue was discovered on One2Track 2019-12-08 devices. Confidential information... |
| CVE-2019-20472 | 2024-11-07 | An issue was discovered on One2Track 2019-12-08 devices. Any SIM... |
| CVE-2020-11916 | 2024-11-07 | An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. The password... |
| CVE-2020-11917 | 2024-11-07 | An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. It uses... |
| CVE-2020-11918 | 2024-11-07 | An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. When a... |
| CVE-2020-11919 | 2024-11-07 | An issue was discovered in Siime Eye 14.1.00000001.3.330.0.0.3.14. There is... |
| CVE-2020-11921 | 2024-11-07 | An issue was discovered in Lush 2 through 2020-02-25. Due... |
| CVE-2020-11926 | 2024-11-07 | An issue was discovered in Luvion Grand Elite 3 Connect... |
| CVE-2024-36063 | 2024-11-07 | The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for... |
| CVE-2024-36064 | 2024-11-07 | The NLL com.nll.cb (aka ACR Phone) application through 0.330-playStore-NoAccessibility-arm8 for... |
| CVE-2024-46960 | 2024-11-07 | The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application... |
| CVE-2024-46961 | 2024-11-07 | The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through... |
| CVE-2024-48290 | 2024-11-07 | An issue in the Bluetooth Low Energy implementation of Realtek... |
| CVE-2024-48950 | 2024-11-07 | An issue was discovered in Logpoint before 7.5.0. An endpoint... |
| CVE-2024-48951 | 2024-11-07 | An issue was discovered in Logpoint before 7.5.0. Server-Side Request... |
| CVE-2024-48952 | 2024-11-07 | An issue was discovered in Logpoint before 7.5.0. SOAR uses... |
| CVE-2024-48953 | 2024-11-07 | An issue was discovered in Logpoint before 7.5.0. Endpoints for... |
| CVE-2024-48954 | 2024-11-07 | An issue was discovered in Logpoint before 7.5.0. Unvalidated input... |
| CVE-2024-50599 | 2024-11-07 | A reflected Cross-Site Scripting (XSS) vulnerability has been identified in... |
| CVE-2024-50766 | 2024-11-07 | SourceCodester Survey Application System 1.0 is vulnerable to SQL Injection... |
| CVE-2024-51428 | 2024-11-07 | An issue in Espressif Esp idf v5.3.0 allows attackers to... |
| CVE-2024-51434 | 2024-11-07 | Inconsistent <plaintext> tag parsing allows for XSS in Froala WYSIWYG... |
| CVE-2019-20462 | 2024-11-07 | An issue was discovered on Alecto IVM-100 2019-11-12 devices. The... |
| CVE-2024-36062 | 2024-11-07 | The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174... |
| CVE-2024-51990 | 2024-11-07 | Path traversal via crafted Git repositories in jj |
| CVE-2024-10946 | 2024-11-07 | Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System SysLib sql injection |
| CVE-2024-10947 | 2024-11-07 | Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System BatchOrder sql injection |
| CVE-2024-10027 | 2024-11-07 | WP Booking Calendar < 10.6.3 - Admin+ Stored XSS |
| CVE-2024-38286 | 2024-11-07 | Apache Tomcat: Denial of Service |
| CVE-2024-30140 | 2024-11-07 | HCL BigFix Compliance is affected by unvalidated redirects and forwards |
| CVE-2024-30141 | 2024-11-07 | HCL BigFix Compliance is vulnerable to the generation of error messages containing sensitive information |
| CVE-2024-30142 | 2024-11-07 | HCL BigFix Compliance is affected by a missing secure flag on a cookie |
| CVE-2024-10203 | 2024-11-07 | Agent Arbitrary File Deletion |
| CVE-2024-50139 | 2024-11-07 | KVM: arm64: Fix shift-out-of-bounds bug |
| CVE-2024-50140 | 2024-11-07 | sched/core: Disable page allocation in task_tick_mm_cid() |
| CVE-2024-50141 | 2024-11-07 | ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context |
| CVE-2024-50142 | 2024-11-07 | xfrm: validate new SA's prefixlen using SA family when sel.family is unset |
| CVE-2024-50143 | 2024-11-07 | udf: fix uninit-value use in udf_get_fileshortad |
| CVE-2024-50144 | 2024-11-07 | drm/xe: fix unbalanced rpm put() with fence_fini() |
| CVE-2024-50145 | 2024-11-07 | octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() |
| CVE-2024-50146 | 2024-11-07 | net/mlx5e: Don't call cleanup on profile rollback failure |
| CVE-2024-50147 | 2024-11-07 | net/mlx5: Fix command bitmask initialization |
| CVE-2024-50148 | 2024-11-07 | Bluetooth: bnep: fix wild-memory-access in proto_unregister |
| CVE-2024-50149 | 2024-11-07 | drm/xe: Don't free job in TDR |
| CVE-2024-50150 | 2024-11-07 | usb: typec: altmode should keep reference to parent |
| CVE-2024-50151 | 2024-11-07 | smb: client: fix OOBs when building SMB2_IOCTL request |
| CVE-2024-50152 | 2024-11-07 | smb: client: fix possible double free in smb2_set_ea() |
| CVE-2024-50153 | 2024-11-07 | scsi: target: core: Fix null-ptr-deref in target_alloc_device() |
| CVE-2024-50154 | 2024-11-07 | tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). |
| CVE-2024-50155 | 2024-11-07 | netdevsim: use cond_resched() in nsim_dev_trap_report_work() |
| CVE-2024-50156 | 2024-11-07 | drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() |
| CVE-2024-50157 | 2024-11-07 | RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop |
| CVE-2024-50158 | 2024-11-07 | RDMA/bnxt_re: Fix out of bound check |
| CVE-2024-50159 | 2024-11-07 | firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() |
| CVE-2024-50160 | 2024-11-07 | ALSA: hda/cs8409: Fix possible NULL dereference |
| CVE-2024-50161 | 2024-11-07 | bpf: Check the remaining info_cnt before repeating btf fields |
| CVE-2024-50162 | 2024-11-07 | bpf: devmap: provide rxq after redirect |
| CVE-2024-50163 | 2024-11-07 | bpf: Make sure internal and UAPI bpf_redirect flags don't overlap |
| CVE-2024-50164 | 2024-11-07 | bpf: Fix overloading of MEM_UNINIT's meaning |
| CVE-2024-50165 | 2024-11-07 | bpf: Preserve param->string when parsing mount options |
| CVE-2024-50166 | 2024-11-07 | fsl/fman: Fix refcount handling of fman-related devices |
| CVE-2024-50167 | 2024-11-07 | be2net: fix potential memory leak in be_xmit() |
| CVE-2024-50168 | 2024-11-07 | net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() |
| CVE-2024-50169 | 2024-11-07 | vsock: Update rx_bytes on read_skb() |
| CVE-2024-50170 | 2024-11-07 | net: bcmasp: fix potential memory leak in bcmasp_xmit() |
| CVE-2024-50171 | 2024-11-07 | net: systemport: fix potential memory leak in bcm_sysport_xmit() |
| CVE-2024-50172 | 2024-11-07 | RDMA/bnxt_re: Fix a possible memory leak |
| CVE-2024-51504 | 2024-11-07 | Apache ZooKeeper: Authentication bypass with IP-based authentication in Admin Server |
| CVE-2023-1932 | 2024-11-07 | Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss |
| CVE-2023-1973 | 2024-11-07 | Undertow: unrestricted request storage leads to memory exhaustion |
| CVE-2024-10526 | 2024-11-07 | Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service |
| CVE-2024-24914 | 2024-11-07 | Authenticated Gaia users can inject code or commands by global... |
| CVE-2024-8442 | 2024-11-07 | Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider <= 3.15.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Blog Widget |
| CVE-2024-43425 | 2024-11-07 | Moodle: remote code execution via calculated question types |
| CVE-2024-43426 | 2024-11-07 | Moodle: arbitrary file read risk through pdftex |
| CVE-2024-43428 | 2024-11-07 | Moodle: cache poisoning via injection into storage |
| CVE-2024-43431 | 2024-11-07 | Moodle: idor in badges allows deletion of arbitrary badges |
| CVE-2024-43434 | 2024-11-07 | Moodle: csrf risk in feedback non-respondents report |
| CVE-2024-43436 | 2024-11-07 | Moodle: site administration sql injection via xmldb editor |