CVE List - 2024 / December
Showing 1001 - 1100 of 3433 CVEs for December 2024 (Page 11 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-38485 | 2024-12-09 | Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage. |
| CVE-2024-49600 | 2024-12-09 | Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution... |
| CVE-2023-7298 | 2024-12-09 | Out-of-Bounds Write Vulnerability in in Autodesk Desktop Software |
| CVE-2024-45761 | 2024-12-09 | Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or... |
| CVE-2024-45760 | 2024-12-09 | Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading... |
| CVE-2024-11268 | 2024-12-09 | PDF File Parsing Vulnerability in Autodesk Revit |
| CVE-2024-11454 | 2024-12-09 | Untrusted Search Path vulnerability in Autodesk Revit |
| CVE-2024-11608 | 2024-12-09 | A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a... |
| CVE-2024-52586 | 2024-12-09 | eLabFTW MFA bypass |
| CVE-2024-52599 | 2024-12-09 | Tuleap vulnerable to XSS in the Gantt chart of the tracker plugin |
| CVE-2024-53847 | 2024-12-09 | Trix vulnerable to Cross-site Scripting on copy & paste |
| CVE-2024-54147 | 2024-12-09 | Altair GraphQL Client's desktop app does not validate HTTPS certificates |
| CVE-2024-12057 | 2024-12-09 | User credentials recorded in log files |
| CVE-2024-12369 | 2024-12-09 | Elytron-oidc-client: oidc authorization code injection |
| CVE-2024-54149 | 2024-12-09 | Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion |
| CVE-2024-54151 | 2024-12-09 | Directus allows unauthenticated access to WebSocket events and operations |
| CVE-2024-55601 | 2024-12-09 | Hugo does not escape some attributes in internal templates |
| CVE-2024-12174 | 2024-12-09 | An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server. |
| CVE-2024-12393 | 2024-12-09 | Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003 |
| CVE-2024-55634 | 2024-12-09 | Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004 |
| CVE-2024-55635 | 2024-12-09 | Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005 |
| CVE-2024-55636 | 2024-12-09 | Drupal core - Less critical - Gadget chain - SA-CORE-2024-006 |
| CVE-2024-55637 | 2024-12-09 | Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007 |
| CVE-2024-55638 | 2024-12-09 | Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008 |
| CVE-2024-9672 | 2024-12-09 | Reflected XSS in PaperCut MF |
| CVE-2024-45493 | 2024-12-10 | An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally... |
| CVE-2024-45494 | 2024-12-10 | An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication... |
| CVE-2024-46341 | 2024-12-10 | TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack. |
| CVE-2024-46442 | 2024-12-10 | An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack. |
| CVE-2024-46657 | 2024-12-10 | Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF... |
| CVE-2024-50699 | 2024-12-10 | TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account. |
| CVE-2024-50920 | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets. |
| CVE-2024-50921 | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller. |
| CVE-2024-50924 | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets... |
| CVE-2024-50928 | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with... |
| CVE-2024-50929 | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service... |
| CVE-2024-50930 | 2024-12-10 | An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code. |
| CVE-2024-50931 | 2024-12-10 | Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions. |
| CVE-2024-51165 | 2024-12-10 | SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the... |
| CVE-2024-53480 | 2024-12-10 | Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter. |
| CVE-2024-53481 | 2024-12-10 | A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname"... |
| CVE-2024-53552 | 2024-12-10 | CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover. |
| CVE-2024-53919 | 2024-12-10 | An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to... |
| CVE-2024-54751 | 2024-12-10 | COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. |
| CVE-2024-55500 | 2024-12-10 | Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine. |
| CVE-2024-55586 | 2024-12-10 | Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is... |
| CVE-2024-46340 | 2024-12-10 | TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset. |
| CVE-2024-55550 | 2024-12-10 | Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the... |
| CVE-2024-32732 | 2024-12-10 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform |
| CVE-2024-47576 | 2024-12-10 | DLL Hijacking vulnerability in SAP Product Lifecycle Costing |
| CVE-2024-47577 | 2024-12-10 | Information Disclosure vulnerability in SAP Commerce Cloud |
| CVE-2024-47578 | 2024-12-10 | Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services) |
| CVE-2024-47579 | 2024-12-10 | Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services) |
| CVE-2024-47580 | 2024-12-10 | Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services) |
| CVE-2024-47581 | 2024-12-10 | Missing Authorization check in SAP HCM (Approve Timesheets version 4) |
| CVE-2024-47582 | 2024-12-10 | XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA |
| CVE-2024-47585 | 2024-12-10 | Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-54197 | 2024-12-10 | Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview) |
| CVE-2024-54198 | 2024-12-10 | Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP |
| CVE-2024-37144 | 2024-12-10 | Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM... |
| CVE-2024-37143 | 2024-12-10 | Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM... |
| CVE-2024-11205 | 2024-12-10 | WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation |
| CVE-2024-21542 | 2024-12-10 | Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function. |
| CVE-2023-6947 | 2024-12-10 | Best WordPress Gallery Plugin – FooGallery <= 2.4.16 - Authenticated (Contributor+) Directory Traversal |
| CVE-2024-10708 | 2024-12-10 | System Dashboard < 2.8.15 - Admin+ Path Traversal |
| CVE-2024-11107 | 2024-12-10 | System Dashboard < 2.8.15 - Unauthenticated Stored XSS |
| CVE-2024-28138 | 2024-12-10 | OS Command Injection |
| CVE-2024-47946 | 2024-12-10 | OS Command Execution through Arbitrary File Upload |
| CVE-2024-45709 | 2024-12-10 | SolarWinds Web Help Desk Local File Read Vulnerability |
| CVE-2024-11940 | 2024-12-10 | Property Hive Mortgage Calculator <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via price Parameter |
| CVE-2024-8256 | 2024-12-10 | Incorrect Permission Assignment in RutOS based routers and TSWOS based managed switches |
| CVE-2024-11973 | 2024-12-10 | Quran multilanguage Text & Audio <= 2.3.21 - Reflected Cross-Site Scripting via sourate and lang Parameters |
| CVE-2024-11945 | 2024-12-10 | Email Reminders <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2024-52538 | 2024-12-10 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... |
| CVE-2024-47484 | 2024-12-10 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... |
| CVE-2024-47977 | 2024-12-10 | Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... |
| CVE-2024-11928 | 2024-12-10 | iChart – Easy Charts and Graphs <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter |
| CVE-2024-11106 | 2024-12-10 | Simple Restrict <= 1.2.7 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-10959 | 2024-12-10 | Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth |
| CVE-2024-11868 | 2024-12-10 | LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API |
| CVE-2024-47117 | 2024-12-10 | IBM Carbon Design System cross-site scripting |
| CVE-2020-28398 | 2024-12-10 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500... |
| CVE-2024-49704 | 2024-12-10 | A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47),... |
| CVE-2024-49849 | 2024-12-10 | A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions),... |
| CVE-2024-52051 | 2024-12-10 | A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions),... |
| CVE-2024-53041 | 2024-12-10 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-53242 | 2024-12-10 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation... |
| CVE-2024-53832 | 2024-12-10 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could... |
| CVE-2024-54005 | 2024-12-10 | A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47),... |
| CVE-2024-54091 | 2024-12-10 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 12), Solid Edge SE2025 (All versions < V225.0 Update 3). The affected application contains an out... |
| CVE-2024-54093 | 2024-12-10 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files.... |
| CVE-2024-54094 | 2024-12-10 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files.... |
| CVE-2024-54095 | 2024-12-10 | A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing... |
| CVE-2024-5660 | 2024-12-10 | Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on Cortex-A77, Cortex-A78, Cortex-A78C, Cortex-A78AE, Cortex-A710, Cortex-X1, Cortex-X1C, Cortex-X2, Cortex-X3, Cortex-X4, Cortex-X925, Neoverse V1, Neoverse V2, Neoverse V3, Neoverse... |
| CVE-2024-12323 | 2024-12-10 | turboSMTP <= 4.6 - Reflected Cross-Site Scripting via 'page' |
| CVE-2024-12236 | 2024-12-10 | Use of Custom URI for media inputs with VPC-SC enabled potentially leads to data exfiltration |
| CVE-2024-54152 | 2024-12-10 | Angular Expressions - Remote Code Execution when using locals |
| CVE-2024-10494 | 2024-12-10 | Out of bounds read in HeapObjMapImpl.cpp in NI LabVIEW |
| CVE-2024-10495 | 2024-12-10 | Out of bounds read when loading the font table in fontmgr.cpp in NI LabVIEW |
| CVE-2024-10496 | 2024-12-10 | Out of bounds read in BuildFontMap in fontmgr.cpp in NI LabVIEW |