CVE List - 2024 / December
Showing 1401 - 1500 of 3433 CVEs for December 2024 (Page 15 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-12479 | 2024-12-11 | cjbi wetech-cms TopicDao.java searchTopicByKeyword sql injection |
| CVE-2024-47537 | 2024-12-11 | GHSL-2024-094: GStreamer has an OOB-write in isomp4/qtdemux.c |
| CVE-2024-37377 | 2024-12-11 | A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. |
| CVE-2024-42448 | 2024-12-11 | From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server... |
| CVE-2024-37401 | 2024-12-11 | An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service. |
| CVE-2024-47538 | 2024-12-11 | GHSL-2024-115: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet |
| CVE-2024-47539 | 2024-12-11 | GHSL-2024-195: GStreamer has an OOB-write in convert_to_s334_1a |
| CVE-2024-47540 | 2024-12-11 | GHSL-2024-197: GStreamer uses uninitialized stack memory in Matroska/WebM demuxer |
| CVE-2024-47541 | 2024-12-11 | GHSL-2024-228: GStreamer has an out-of-bounds write in SSA subtitle parser |
| CVE-2024-47542 | 2024-12-11 | GHSL-2024-235: GStreamer ID3v2 parser out-of-bounds read and NULL-pointer dereference |
| CVE-2024-47543 | 2024-12-11 | GHSL-2024-236: GStreamer has an OOB-read in qtdemux_parse_container |
| CVE-2024-45337 | 2024-12-11 | Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto |
| CVE-2024-47544 | 2024-12-11 | GHSL-2024-238: GStreamer has NULL-pointer dereferences in MP4/MOV demuxer CENC handling |
| CVE-2024-47545 | 2024-12-11 | GHSL-2024-242: GStreamer has an integer underflow in FOURCC_strf parsing leading to OOB-read |
| CVE-2024-12480 | 2024-12-11 | cjbi wetech-cms TopicDao.java searchTopic sql injection |
| CVE-2024-47546 | 2024-12-11 | GHSL-2024-243: GStreamer has an integer underflow in extract_cc_from_data leading to OOB-read |
| CVE-2024-47596 | 2024-12-11 | GHSL-2024-244: GStreamer has an OOB-read in FOURCC_SMI_ parsing |
| CVE-2024-47597 | 2024-12-11 | GHSL-2024-245: GStreamer has an OOB-read in qtdemux_parse_samples |
| CVE-2024-47598 | 2024-12-11 | GHSL-2024-246: GStreamer has an OOB-read in qtdemux_merge_sample_table |
| CVE-2024-47599 | 2024-12-11 | GHSL-2024-247: GStreamer Insufficient error handling in JPEG decoder that can lead to NULL-pointer dereferences |
| CVE-2024-47600 | 2024-12-11 | GHSL-2024-248: GStreamer has an OOB-read in format_channel_mask |
| CVE-2024-47601 | 2024-12-11 | GHSL-2024-249: GStreamer has a NULL-pointer dereference in Matroska/WebM demuxer |
| CVE-2024-47602 | 2024-12-11 | GHSL-2024-250: Streamer NULL-pointer dereferences and out-of-bounds reads in Matroska/WebM demuxer |
| CVE-2024-47603 | 2024-12-11 | GHSL-2024-251: GStreamer NULL-pointer dereference in Matroska/WebM demuxer |
| CVE-2024-47606 | 2024-12-11 | GHSL-2024-166: GStreamer Integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes |
| CVE-2024-47607 | 2024-12-11 | GHSL-2024-116: Stack-buffer overflow in gst_opus_dec_parse_header |
| CVE-2024-47615 | 2024-12-11 | GHSL-2024-117: GStreamer has an out-of-bounds write in Ogg demuxer |
| CVE-2024-47613 | 2024-12-11 | GHSL-2024-118: GStreamer has a null pointer dereference in gst_gdk_pixbuf_dec_flush |
| CVE-2024-47774 | 2024-12-11 | GHSL-2024-262: GStreamer has an OOB-read in gst_avi_subtitle_parse_gab2_chunk |
| CVE-2024-47775 | 2024-12-11 | GHSL-2024-261: GStreamer has an OOB-read in parse_ds64 |
| CVE-2024-47776 | 2024-12-11 | GHSL-2024-260: GStreamer has a OOB-read in gst_wavparse_cue_chunk |
| CVE-2024-47777 | 2024-12-11 | GHSL-2024-259: GStreamer has an OOB-read in gst_wavparse_smpl_chunk |
| CVE-2024-47778 | 2024-12-11 | GHSL-2024-258: GStreamer has an OOB-read in gst_wavparse_adtl_chunk |
| CVE-2024-47835 | 2024-12-11 | GHSL-2024-263: Gstreamer NULL-pointer dereference in LRC subtitle parser |
| CVE-2024-47834 | 2024-12-11 | GHSL-2024-280: Gstreamer Use-After-Free read in Matroska CodecPrivate |
| CVE-2024-12481 | 2024-12-11 | cjbi wetech-cms UserDao.java findUser sql injection |
| CVE-2024-12482 | 2024-12-11 | cjbi wetech-cms Database Backup BackupFileUtil.java backup path traversal |
| CVE-2024-12483 | 2024-12-11 | Dromara UJCMS User ID id authorization |
| CVE-2024-12484 | 2024-12-11 | Codezips Technical Discussion Forum signuppost.php sql injection |
| CVE-2024-12485 | 2024-12-11 | code-projects Online Class and Exam Scheduling System department.php sql injection |
| CVE-2024-12486 | 2024-12-11 | code-projects Online Class and Exam Scheduling System rank_update.php sql injection |
| CVE-2024-12487 | 2024-12-11 | code-projects Online Class and Exam Scheduling System room_update.php sql injection |
| CVE-2024-12488 | 2024-12-11 | code-projects Online Class and Exam Scheduling System subject_update.php sql injection |
| CVE-2024-11950 | 2024-12-11 | XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability |
| CVE-2024-11947 | 2024-12-11 | GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| CVE-2024-11948 | 2024-12-11 | GFI Archiver Telerik Web UI Remote Code Execution Vulnerability |
| CVE-2024-11949 | 2024-12-11 | GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability |
| CVE-2024-11872 | 2024-12-11 | Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability |
| CVE-2024-12489 | 2024-12-11 | code-projects Online Class and Exam Scheduling System term.php sql injection |
| CVE-2024-45404 | 2024-12-11 | OpenCTI's lack of Rate Limit lead to OTP brute forcing |
| CVE-2024-53272 | 2024-12-11 | GHSL-2024-109: Reflected XSS in /login in habitica |
| CVE-2024-53273 | 2024-12-11 | GHSL-2024-110: Reflected XSS in /register in habitica |
| CVE-2024-53274 | 2024-12-11 | GHSL-2024-111: Reflected XSS in /home in habitica |
| CVE-2024-12490 | 2024-12-11 | code-projects Online Class and Exam Scheduling System teacher_save.php sql injection |
| CVE-2024-53845 | 2024-12-11 | AES/CBC Constant IV Vulnerability in ESPTouch v2 |
| CVE-2024-55652 | 2024-12-11 | PwnDoc Server-Side Template Injection vulnerability - Sandbox Escape to RCE using custom filters |
| CVE-2024-55657 | 2024-12-11 | SiYuan has an arbitrary file read via /api/template/render |
| CVE-2024-55658 | 2024-12-11 | SiYuan has an arbitrary file read and path traversal via /api/export/exportResources |
| CVE-2024-55659 | 2024-12-11 | SiYuan has an arbitrary file write in the host via /api/asset/upload |
| CVE-2024-55660 | 2024-12-11 | SiYuan has an SSTI via /api/template/renderSprig |
| CVE-2024-54465 | 2024-12-11 | A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges. |
| CVE-2024-54486 | 2024-12-11 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura... |
| CVE-2024-54490 | 2024-12-11 | This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A local attacker may gain access to user's Keychain items. |
| CVE-2024-44243 | 2024-12-11 | A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system. |
| CVE-2024-54500 | 2024-12-11 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura... |
| CVE-2024-54501 | 2024-12-11 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura... |
| CVE-2024-44242 | 2024-12-11 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary... |
| CVE-2024-54491 | 2024-12-11 | The issue was resolved by sanitizing logging This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location. |
| CVE-2024-44212 | 2024-12-11 | A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging... |
| CVE-2024-54479 | 2024-12-11 | The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2.... |
| CVE-2024-44245 | 2024-12-11 | The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, visionOS 2.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2. An app... |
| CVE-2024-44300 | 2024-12-11 | A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access... |
| CVE-2024-54510 | 2024-12-11 | A race condition was addressed with improved locking. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2,... |
| CVE-2024-54506 | 2024-12-11 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.2. An attacker may be able to cause unexpected system termination or arbitrary... |
| CVE-2024-44290 | 2024-12-11 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1. An app may be able to determine a... |
| CVE-2024-54526 | 2024-12-11 | The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2.... |
| CVE-2024-44224 | 2024-12-11 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain... |
| CVE-2024-44225 | 2024-12-11 | A logic issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2,... |
| CVE-2024-54474 | 2024-12-11 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data. |
| CVE-2024-54531 | 2024-12-11 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. An app may be able to bypass kASLR. |
| CVE-2024-44248 | 2024-12-11 | This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A user with screen sharing access may be able to view... |
| CVE-2024-54527 | 2024-12-11 | This issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2.... |
| CVE-2024-44291 | 2024-12-11 | A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to... |
| CVE-2024-54504 | 2024-12-11 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data. |
| CVE-2024-54494 | 2024-12-11 | A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS... |
| CVE-2024-54528 | 2024-12-11 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to overwrite arbitrary... |
| CVE-2024-54508 | 2024-12-11 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing... |
| CVE-2024-54498 | 2024-12-11 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break... |
| CVE-2024-54477 | 2024-12-11 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data. |
| CVE-2024-54524 | 2024-12-11 | A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to access arbitrary files. |
| CVE-2024-54476 | 2024-12-11 | The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data. |
| CVE-2024-54529 | 2024-12-11 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary... |
| CVE-2024-54495 | 2024-12-11 | The issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to modify protected parts of the... |
| CVE-2024-44246 | 2024-12-11 | The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, Safari 18.2, iPadOS 17.7.3. On a device... |
| CVE-2024-54513 | 2024-12-11 | A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may... |
| CVE-2024-54505 | 2024-12-11 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2... |
| CVE-2024-44220 | 2024-12-11 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. Parsing a maliciously crafted video file may lead to unexpected system... |
| CVE-2024-54534 | 2024-12-11 | The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing... |
| CVE-2024-54471 | 2024-12-11 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials. |
| CVE-2024-54502 | 2024-12-11 | The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously... |