CVE List - 2024 / December
Showing 2201 - 2300 of 3433 CVEs for December 2024 (Page 23 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-12657 | 2024-12-16 | IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E000 null pointer dereference |
| CVE-2024-11144 | 2024-12-16 | Race Condition with LightFTP |
| CVE-2024-4762 | 2024-12-16 | An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges. |
| CVE-2024-6001 | 2024-12-16 | An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code... |
| CVE-2024-8058 | 2024-12-16 | An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL... |
| CVE-2024-12658 | 2024-12-16 | IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E01C null pointer dereference |
| CVE-2024-12659 | 2024-12-16 | IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E004 null pointer dereference |
| CVE-2024-12660 | 2024-12-16 | IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E018 null pointer dereference |
| CVE-2024-12661 | 2024-12-16 | IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E024 null pointer dereference |
| CVE-2024-12662 | 2024-12-16 | IObit Advanced SystemCare Utimate IOCTL AscRegistryFilter.sys 0x8001E040 null pointer dereference |
| CVE-2024-12663 | 2024-12-16 | funnyzpc Mee-Admin Login login observable response discrepancy |
| CVE-2024-12687 | 2024-12-16 | Insecure YAML Deserialization |
| CVE-2024-12664 | 2024-12-16 | ruifang-tech Rebuild Project Task Comment cross site scripting |
| CVE-2024-12665 | 2024-12-16 | ruifang-tech Rebuild Task Comment Attachment Upload cross site scripting |
| CVE-2024-12666 | 2024-12-16 | ClassCMS User Management Page admin insufficient privileges |
| CVE-2024-12667 | 2024-12-16 | InvoicePlane view session expiration |
| CVE-2024-55949 | 2024-12-16 | Privilege escalation in IAM import API in MinIO |
| CVE-2024-55951 | 2024-12-16 | Metabase sandboxed users could see filter values from other sandboxed users |
| CVE-2024-35230 | 2024-12-16 | Welcome and About GeoServer pages communicate version and revision information |
| CVE-2024-56017 | 2024-12-16 | WordPress Stop Registration Spam Plugin <= 1.23 - CSRF to Stored XSS vulnerability |
| CVE-2024-12443 | 2024-12-16 | CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11900 | 2024-12-16 | Portfolio – Filterable Masonry Portfolio Gallery for Professionals <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11902 | 2024-12-16 | Slope Widgets <= 4.2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11905 | 2024-12-16 | Animated Counters <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11906 | 2024-12-16 | TPG Get Posts <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-29646 | 2024-12-17 | Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields. |
| CVE-2024-31668 | 2024-12-17 | rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis/meta. |
| CVE-2024-36831 | 2024-12-17 | A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication. |
| CVE-2024-36832 | 2024-12-17 | A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs... |
| CVE-2024-37605 | 2024-12-17 | A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| CVE-2024-37606 | 2024-12-17 | A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| CVE-2024-37607 | 2024-12-17 | A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
| CVE-2024-51175 | 2024-12-17 | An issue in H3C switch h3c-S1526 allows a remote attacker to obtain sensitive information via the S1526.cfg component. |
| CVE-2024-54662 | 2024-12-17 | Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod. |
| CVE-2024-55056 | 2024-12-17 | A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field. |
| CVE-2024-55057 | 2024-12-17 | Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts. |
| CVE-2024-55058 | 2024-12-17 | An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this... |
| CVE-2024-55059 | 2024-12-17 | A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php. |
| CVE-2024-55496 | 2024-12-17 | A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of add_company.php. Actions on the delete parameter result in... |
| CVE-2024-55513 | 2024-12-17 | A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netaction.php on the web interface. By crafting a suitable form name,... |
| CVE-2024-55514 | 2024-12-17 | A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name,... |
| CVE-2024-55515 | 2024-12-17 | A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_ipslib.php on the web interface. By crafting a suitable form name,... |
| CVE-2024-55516 | 2024-12-17 | A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /upload_sysconfig.php on the web interface. By crafting a suitable form name,... |
| CVE-2024-49194 | 2024-12-17 | Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper... |
| CVE-2024-10205 | 2024-12-17 | Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer |
| CVE-2024-12239 | 2024-12-17 | PowerPack Lite for Beaver Builder <= 1.3.0.5 - Reflected Cross-Site Scripting via Navigate Parameter |
| CVE-2020-12484 | 2024-12-17 | When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the... |
| CVE-2020-12487 | 2024-12-17 | Command Execution Vulnerability in ABE service |
| CVE-2021-26278 | 2024-12-17 | Sensitive information leakage vulnerability in wifi module |
| CVE-2021-26279 | 2024-12-17 | Information disclosure vulnerability in Weather module |
| CVE-2024-12356 | 2024-12-17 | Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA) |
| CVE-2024-55864 | 2024-12-17 | Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script... |
| CVE-2024-9624 | 2024-12-17 | WP All Import Pro <= 4.9.3 - Authenticated (Administrator+) Server-Side Request Forgery via File Import |
| CVE-2024-54125 | 2024-12-17 | Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary... |
| CVE-2024-38499 | 2024-12-17 | Improper Privilege Management Vulnerability in CA Client Automation 14.5 |
| CVE-2024-11999 | 2024-12-17 | CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product. |
| CVE-2021-26280 | 2024-12-17 | Permission bypass vulnerability in permission manager module |
| CVE-2021-26281 | 2024-12-17 | Information disclosure vulnerability in Alarm clock module |
| CVE-2024-12219 | 2024-12-17 | Stop Registration Spam <= 1.23 - Cross-Site Request Forgery to Cross-Site Scripting |
| CVE-2024-12220 | 2024-12-17 | SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2024-11294 | 2024-12-17 | Memberful <= 1.73.9 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-12293 | 2024-12-17 | User Role Editor <= 4.64.3 - Cross-Site Request Forgery to Privilege Escalation |
| CVE-2024-8326 | 2024-12-17 | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions <= 241114 - Authenticated (Contributor+) Sensitive Information Exposure |
| CVE-2024-12024 | 2024-12-17 | EventPrime – Events Calendar, Bookings and Tickets <= 4.0.5.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name |
| CVE-2024-12127 | 2024-12-17 | Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting via page Parameter |
| CVE-2024-12469 | 2024-12-17 | WP BASE Booking of Appointments, Services and Events <= 4.9.1 - Reflected Cross-Site Scripting via status Parameter |
| CVE-2024-12601 | 2024-12-17 | Calculated Fields Form <= 5.2.63 - Denial of Service |
| CVE-2024-12395 | 2024-12-17 | WooCommerce Additional Fees On Checkout (Free) <= 1.4.7 - Reflected Cross-Site Scripting via 'number' |
| CVE-2024-9654 | 2024-12-17 | Easy Digital Downloads 3.1 - 3.3.4 - Improper Authorization to Paywall Bypass |
| CVE-2024-11280 | 2024-12-17 | PPWP – Password Protect Pages <= 1.9.5 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-52542 | 2024-12-17 | Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering. |
| CVE-2024-8429 | 2024-12-17 | Improper Authentication in Digital Operation Services' WiFiBurada |
| CVE-2024-8475 | 2024-12-17 | Protection Mechanism Failure in Digital Operation Services' WiFiBurada |
| CVE-2024-50379 | 2024-12-17 | Apache Tomcat: RCE due to TOCTOU issue in JSP compilation |
| CVE-2024-54677 | 2024-12-17 | Apache Tomcat: DoS in examples web application |
| CVE-2024-10356 | 2024-12-17 | ElementsReady Addons for Elementor <= 6.4.8 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates |
| CVE-2024-9819 | 2024-12-17 | IDOR in NextGEO's NG Analyser |
| CVE-2024-8972 | 2024-12-17 | SQLi in Mobil365 Informatics' Saha365 App |
| CVE-2024-11422 | 2024-12-17 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software |
| CVE-2024-12178 | 2024-12-17 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software |
| CVE-2024-10476 | 2024-12-17 | Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as... |
| CVE-2024-12191 | 2024-12-17 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software |
| CVE-2024-12192 | 2024-12-17 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software |
| CVE-2024-12193 | 2024-12-17 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software |
| CVE-2024-12179 | 2024-12-17 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software |
| CVE-2024-12194 | 2024-12-17 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software |
| CVE-2024-12197 | 2024-12-17 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software |
| CVE-2024-12198 | 2024-12-17 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software |
| CVE-2024-12199 | 2024-12-17 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software |
| CVE-2024-12200 | 2024-12-17 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software |
| CVE-2024-12669 | 2024-12-17 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software |
| CVE-2024-12670 | 2024-12-17 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software |
| CVE-2024-12671 | 2024-12-17 | DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software |
| CVE-2024-53144 | 2024-12-17 | Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE |
| CVE-2024-42194 | 2024-12-17 | HCL BigFix Inventory is affected by an access control vulnerability |
| CVE-2024-49817 | 2024-12-17 | IBM Security Guardium Key Lifecycle Manager information disclosure |
| CVE-2024-49818 | 2024-12-17 | IBM Security Guardium Key Lifecycle Manager information disclosure |
| CVE-2024-49819 | 2024-12-17 | IBM Security Guardium Key Lifecycle Manager information disclosure |
| CVE-2024-49820 | 2024-12-17 | IBM Security Guardium Key Lifecycle Manager information disclosure |
| CVE-2024-49816 | 2024-12-17 | IBM Security Guardium Key Lifecycle Manager information disclosure |