CVE List - 2024 / November
Showing 801 - 900 of 4054 CVEs for November 2024 (Page 9 of 41)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-43440 | 2024-11-07 | Moodle: lfi vulnerability when restoring malformed block backups |
| CVE-2024-9926 | 2024-11-07 | Jetpack < 13.9.1 - Subscriber+ Arbitrary Feedback Access |
| CVE-2024-8378 | 2024-11-07 | Safe SVG < 2.2.6 - Author+ SVG Sanitisation Bypass |
| CVE-2024-10668 | 2024-11-07 | Auth Bypass in Quickshare |
| CVE-2024-10963 | 2024-11-07 | Pam: improper hostname interpretation in pam_access leads to access control bypass |
| CVE-2024-40715 | 2024-11-07 | A vulnerability in Veeam Backup & Replication Enterprise Manager has been identified, which allows attackers to perform authentication bypass. Attackers must be able to perform Man-in-the-Middle (MITM) attack to exploit... |
| CVE-2024-10964 | 2024-11-07 | emqx neuron plugin_handle.c handle_add_plugin buffer overflow |
| CVE-2024-10965 | 2024-11-07 | emqx neuron JSON File schema information disclosure |
| CVE-2024-47073 | 2024-11-07 | Dataease arbitrary interface access vulnerability |
| CVE-2024-45794 | 2024-11-07 | SQL Injection in CreateUser API in devtron |
| CVE-2024-51758 | 2024-11-07 | Exported files stored in default (`public`) filesystem if not reconfigured in filament |
| CVE-2024-51989 | 2024-11-07 | Cross-site Scripting (XSS) Vulnerability in PasswordPusher |
| CVE-2024-51995 | 2024-11-07 | Logic bug in ajax.render.php allows for bypass of 'backOffice' access control in Combodo iTop |
| CVE-2024-51994 | 2024-11-07 | Cross-site Scripting in portal picture upload in Combodo iTop |
| CVE-2024-51993 | 2024-11-07 | Password is stored in clear in the database in Combodo iTop |
| CVE-2024-10966 | 2024-11-07 | TOTOLINK X18 cstecgi.cgi os command injection |
| CVE-2024-10967 | 2024-11-07 | code-projects E-Health Care System delete_user_appointment_request.php sql injection |
| CVE-2024-10968 | 2024-11-07 | 1000 Projects Bookstore Management System contact_process.php sql injection |
| CVE-2024-10969 | 2024-11-07 | 1000 Projects Bookstore Management System Login login_process.php sql injection |
| CVE-2024-10007 | 2024-11-07 | Pre-Receive Hook Path Collision Vulnerability in GitHub Enterprise Server Allowing Privilege Escalation |
| CVE-2024-10975 | 2024-11-07 | Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission |
| CVE-2024-10824 | 2024-11-07 | Authorization Bypass Vulnerability was Identified in GitHub Enterprise Server that Allowed Unauthorized Internal Users to Access Secret Scanning Alert Data |
| CVE-2024-8810 | 2024-11-07 | Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed GitHub Apps to grant themselves write access |
| CVE-2024-49524 | 2024-11-07 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) |
| CVE-2024-49523 | 2024-11-07 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) |
| CVE-2024-8424 | 2024-11-07 | WatchGuard Endpoint Protection Privilege Escalation in PSANHost Enables Arbitrary File Delete as SYSTEM |
| CVE-2024-51998 | 2024-11-07 | Path traversal using file URI scheme without supplying hostname in changedetection.io |
| CVE-2024-51987 | 2024-11-07 | HTTP Client uses incorrect token after refresh in Duende.AccessTokenManagement.OpenIdConnect |
| CVE-2024-47072 | 2024-11-07 | XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream |
| CVE-2023-27195 | 2024-11-08 | Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw... |
| CVE-2024-25431 | 2024-11-08 | An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function. |
| CVE-2024-27527 | 2024-11-08 | wasm3 139076a is vulnerable to Denial of Service (DoS). |
| CVE-2024-27528 | 2024-11-08 | wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution. |
| CVE-2024-27529 | 2024-11-08 | wasm3 139076a contains memory leaks in Read_utf8. |
| CVE-2024-27532 | 2024-11-08 | wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types. |
| CVE-2024-35410 | 2024-11-08 | wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-35418 | 2024-11-08 | wac commit 385e1 was discovered to contain a heap overflow via the setup_call function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-35419 | 2024-11-08 | wac commit 385e1 was discovered to contain a heap overflow via the load_module function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted... |
| CVE-2024-35420 | 2024-11-08 | wac commit 385e1 was discovered to contain a heap overflow. |
| CVE-2024-35421 | 2024-11-08 | vmir e8117 was discovered to contain a segmentation violation via the wasm_parse_block function at /src/vmir_wasm_parser.c. |
| CVE-2024-35423 | 2024-11-08 | vmir e8117 was discovered to contain a heap buffer overflow via the wasm_parse_section_functions function at /src/vmir_wasm_parser.c. |
| CVE-2024-35424 | 2024-11-08 | vmir e8117 was discovered to contain a segmentation violation via the import_function function at /src/vmir_wasm_parser.c. |
| CVE-2024-35427 | 2024-11-08 | vmir e8117 was discovered to contain a segmentation violation via the export_function function at /src/vmir_wasm_parser.c. |
| CVE-2024-40239 | 2024-11-08 | An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. |
| CVE-2024-40240 | 2024-11-08 | An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. |
| CVE-2024-44765 | 2024-11-08 | An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and... |
| CVE-2024-46947 | 2024-11-08 | Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF. |
| CVE-2024-47190 | 2024-11-08 | Northern.tech Hosted Mender before 2024.07.11 allows SSRF. |
| CVE-2024-48073 | 2024-11-08 | sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo... |
| CVE-2024-50634 | 2024-11-08 | A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege... |
| CVE-2024-50809 | 2024-11-08 | The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands |
| CVE-2024-50810 | 2024-11-08 | hopetree izone lts c011b48 contains a Cross Site Scripting (XSS) vulnerability in the article comment function. In \apps\comment\views.py, AddCommintView() does not securely filter user input and renders it directly to... |
| CVE-2024-50811 | 2024-11-08 | hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\apps\\tool\\apis\\bd_push.py does not securely filter user input through push_urls() and get_urls(). |
| CVE-2024-50966 | 2024-11-08 | dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin. |
| CVE-2024-51030 | 2024-11-08 | A SQL injection vulnerability in manage_client.php and view_cab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access... |
| CVE-2024-51031 | 2024-11-08 | A Cross-site Scripting (XSS) vulnerability in manage_account.php in Sourcecodester Cab Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "First Name," "Middle Name," and "Last... |
| CVE-2024-51032 | 2024-11-08 | A Cross-site Scripting (XSS) vulnerability in manage_recipient.php of Sourcecodester Toll Tax Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "owner" input field. |
| CVE-2024-51055 | 2024-11-08 | An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component. |
| CVE-2024-51152 | 2024-11-08 | File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component. |
| CVE-2024-51157 | 2024-11-08 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html. |
| CVE-2024-51211 | 2024-11-08 | SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated... |
| CVE-2020-8007 | 2024-11-08 | The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0,... |
| CVE-2024-27530 | 2024-11-08 | wasm3 139076a contains a Use-After-Free in ForEachModule. |
| CVE-2024-35422 | 2024-11-08 | vmir e8117 was discovered to contain a heap buffer overflow via the wasm_call function at /src/vmir_wasm_parser.c. |
| CVE-2024-35425 | 2024-11-08 | vmir e8117 was discovered to contain a segmentation violation via the function_prepare_parse function at /src/vmir_function.c. |
| CVE-2024-35426 | 2024-11-08 | vmir e8117 was discovered to contain a stack overflow via the init_local_vars function at /src/vmir_wasm_parser.c. |
| CVE-2024-46948 | 2024-11-08 | Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control. |
| CVE-2024-50808 | 2024-11-08 | SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable... |
| CVE-2024-48011 | 2024-11-08 | Dell PowerProtect DD, versions prior to 7.7.5.50, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability,... |
| CVE-2024-45759 | 2024-11-08 | Dell PowerProtect Data Domain, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an escalation of privilege vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to... |
| CVE-2024-48010 | 2024-11-08 | Dell PowerProtect DD, versions prior to 8.1.0.0, 7.13.1.10, 7.10.1.40, and 7.7.5.50, contains an access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to escalation of... |
| CVE-2024-10987 | 2024-11-08 | code-projects E-Health Care System user_appointment.php sql injection |
| CVE-2024-10988 | 2024-11-08 | code-projects E-Health Care System doctor_login.php sql injection |
| CVE-2024-10989 | 2024-11-08 | code-projects E-Health Care System detail.php sql injection |
| CVE-2024-10990 | 2024-11-08 | SourceCodester Online Veterinary Appointment System view_service.php sql injection |
| CVE-2024-21538 | 2024-11-08 | Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase... |
| CVE-2024-10991 | 2024-11-08 | Codezips Hospital Appointment System editBranchResult.php sql injection |
| CVE-2024-50173 | 2024-11-08 | drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() |
| CVE-2024-50174 | 2024-11-08 | drm/panthor: Fix race when converting group handle to group object |
| CVE-2024-50175 | 2024-11-08 | media: qcom: camss: Remove use_count guard in stop_streaming |
| CVE-2024-50176 | 2024-11-08 | remoteproc: k3-r5: Fix error handling when power-up failed |
| CVE-2024-50177 | 2024-11-08 | drm/amd/display: fix a UBSAN warning in DML2.1 |
| CVE-2024-50178 | 2024-11-08 | cpufreq: loongson3: Use raw_smp_processor_id() in do_service_request() |
| CVE-2024-50179 | 2024-11-08 | ceph: remove the incorrect Fw reference check when dirtying pages |
| CVE-2024-10993 | 2024-11-08 | Codezips Online Institute Management System manage_website.php unrestricted upload |
| CVE-2024-10621 | 2024-11-08 | Simple Shortcode for Google Maps <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode |
| CVE-2024-50180 | 2024-11-08 | fbdev: sisfb: Fix strbuf array overflow |
| CVE-2024-50182 | 2024-11-08 | secretmem: disable memfd_secret() if arch cannot set direct map |
| CVE-2024-50183 | 2024-11-08 | scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance |
| CVE-2024-50184 | 2024-11-08 | virtio_pmem: Check device status before requesting flush |
| CVE-2024-50185 | 2024-11-08 | mptcp: handle consistently DSS corruption |
| CVE-2024-50186 | 2024-11-08 | net: explicitly clear the sk pointer, when pf->create fails |
| CVE-2024-50187 | 2024-11-08 | drm/vc4: Stop the active perfmon before being destroyed |
| CVE-2024-50188 | 2024-11-08 | net: phy: dp83869: fix memory corruption when enabling fiber |
| CVE-2024-50189 | 2024-11-08 | HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() |
| CVE-2024-50190 | 2024-11-08 | ice: fix memleak in ice_init_tx_topology() |
| CVE-2024-50191 | 2024-11-08 | ext4: don't set SB_RDONLY after filesystem errors |
| CVE-2024-50192 | 2024-11-08 | irqchip/gic-v4: Don't allow a VMOVP on a dying VPE |
| CVE-2024-50193 | 2024-11-08 | x86/entry_32: Clear CPU buffers after register restore in NMI return |
| CVE-2024-50194 | 2024-11-08 | arm64: probes: Fix uprobes for big-endian kernels |