CVE List - 2024 / December
Showing 2401 - 2500 of 3433 CVEs for December 2024 (Page 25 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-45082 | 2024-12-18 | IBM Cognos Analytics HTTP open redirection |
| CVE-2024-25042 | 2024-12-18 | IBM Cognos Analytics cross-site scripting |
| CVE-2024-56051 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5 - Student+ Remote Code Execution (RCE) vulnerability |
| CVE-2024-56055 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary Directory Deletion vulnerability |
| CVE-2024-56049 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.2 - Subscriber+ Arbitrary File Deletion vulnerability |
| CVE-2024-54383 | 2024-12-18 | WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Broken Authentication vulnerability |
| CVE-2024-55953 | 2024-12-18 | Dataease Mysql JDBC Connection Parameters Not Verified Leads to Deserialization and Arbitrary File Read Vulnerability |
| CVE-2024-55952 | 2024-12-18 | Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability |
| CVE-2024-54381 | 2024-12-18 | WordPress Advance Menu Manager plugin <= 3.1.1 - Settings Change vulnerability |
| CVE-2024-56057 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.2 - Arbitrary File Upload vulnerability |
| CVE-2024-56054 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability |
| CVE-2024-56052 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.2 - Student+ Arbitrary File Upload vulnerability |
| CVE-2024-56050 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ Arbitrary File Upload vulnerability |
| CVE-2024-56048 | 2024-12-18 | WordPress WPLMS plugin <= 1.9.9 - Arbitrary Option Update to Privilege Escalation vulnerability |
| CVE-2024-56053 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.3 - Instructor+ SQL Injection vulnerability |
| CVE-2024-56047 | 2024-12-18 | WordPress WPLMS plugin < 1.9.9.5.3 - Subscriber+ SQL Injection vulnerability |
| CVE-2024-47038 | 2024-12-18 | In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds... |
| CVE-2024-47039 | 2024-12-18 | OOB Read in the android.hardware.boot.IBootControl/default service |
| CVE-2024-47040 | 2024-12-18 | Use After Free in the android.hardware.radio.sap.ISap/slot2 service |
| CVE-2024-53269 | 2024-12-18 | Happy Eyeballs: Validate that additional_address are IP addresses instead of crashing when sorting in envoy |
| CVE-2024-53270 | 2024-12-18 | HTTP/1: sending overload crashes when the request is reset beforehand in envoy |
| CVE-2024-53271 | 2024-12-18 | HTTP/1.1 multiple issues with envoy.reloadable_features.http1_balsa_delay_reset in envoy |
| CVE-2024-52593 | 2024-12-18 | Missing validation allows spoofed "origin" links in Misskey |
| CVE-2024-52592 | 2024-12-18 | Missing validation allows spoofed poll updates in Misskey |
| CVE-2024-52591 | 2024-12-18 | Missing validation allows spoofed profiles and notes in Misskey |
| CVE-2024-12741 | 2024-12-18 | Deserialization Of Untrusted Data Vulnerability In NI DAQExpress Project File |
| CVE-2024-52590 | 2024-12-18 | Missing validation allows spoofed profiles in Misskey |
| CVE-2024-52579 | 2024-12-18 | Server-Side Request Forgery vulnerability in various APIs in Misskey |
| CVE-2024-49363 | 2024-12-18 | Uncontrolled Recursion and Asymmetric Resource Consumption (Amplification) in media/file proxy in Misskey |
| CVE-2024-51470 | 2024-12-18 | IBM MQ denial of service |
| CVE-2024-12686 | 2024-12-18 | Command Injection vulnerability in Remote Support(RS) & Privilege Remote Access (PRA) |
| CVE-2024-56145 | 2024-12-18 | RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms |
| CVE-2024-45338 | 2024-12-18 | Non-linear parsing of case-insensitive content in golang.org/x/net/html |
| CVE-2024-56140 | 2024-12-18 | Bypass of CSRF Middleware in Astro |
| CVE-2024-12692 | 2024-12-18 | Type Confusion in V8 in Google Chrome prior to 131.0.6778.204... |
| CVE-2024-12693 | 2024-12-18 | Out of bounds memory access in V8 in Google Chrome... |
| CVE-2024-12694 | 2024-12-18 | Use after free in Compositing in Google Chrome prior to... |
| CVE-2024-12695 | 2024-12-18 | Out of bounds write in V8 in Google Chrome prior... |
| CVE-2022-40732 | 2024-12-18 | An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys... |
| CVE-2022-40733 | 2024-12-18 | An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys... |
| CVE-2024-39804 | 2024-12-18 | A library injection vulnerability exists in Microsoft PowerPoint 16.83 for... |
| CVE-2024-41138 | 2024-12-18 | A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app... |
| CVE-2024-41145 | 2024-12-18 | A library injection vulnerability exists in the WebView.app helper app... |
| CVE-2024-41159 | 2024-12-18 | A library injection vulnerability exists in Microsoft OneNote 16.83 for... |
| CVE-2024-41165 | 2024-12-18 | A library injection vulnerability exists in Microsoft Word 16.83 for... |
| CVE-2024-42004 | 2024-12-18 | A library injection vulnerability exists in Microsoft Teams (work or... |
| CVE-2024-42220 | 2024-12-18 | A library injection vulnerability exists in Microsoft Outlook 16.83.3 for... |
| CVE-2024-43106 | 2024-12-18 | A library injection vulnerability exists in Microsoft Excel 16.83 for... |
| CVE-2022-44514 | 2024-12-18 | Acrobat Reader | Use After Free (CWE-416) |
| CVE-2022-44515 | 2024-12-18 | Acrobat Reader | Out-of-bounds Read (CWE-125) |
| CVE-2022-44513 | 2024-12-18 | Acrobat Reader | Out-of-bounds Write (CWE-787) |
| CVE-2022-44520 | 2024-12-18 | Acrobat Reader | Use After Free (CWE-416) |
| CVE-2022-44516 | 2024-12-18 | Acrobat Reader | Out-of-bounds Read (CWE-125) |
| CVE-2022-44512 | 2024-12-18 | Acrobat Reader | Out-of-bounds Write (CWE-787) |
| CVE-2022-44519 | 2024-12-18 | Acrobat Reader | Use After Free (CWE-416) |
| CVE-2022-44517 | 2024-12-18 | Acrobat Reader | Out-of-bounds Read (CWE-125) |
| CVE-2022-44518 | 2024-12-18 | Acrobat Reader | Use After Free (CWE-416) |
| CVE-2023-21586 | 2024-12-18 | Acrobat Reader | NULL Pointer Dereference (CWE-476) |
| CVE-2021-20553 | 2024-12-18 | IBM Sterling B2B Integrator Standard Edition cross-site scripting |
| CVE-2021-29827 | 2024-12-18 | IBM InfoSphere Information Server clickjacking |
| CVE-2024-55603 | 2024-12-18 | Insufficient session invalidation in Kanboard |
| CVE-2024-54663 | 2024-12-19 | An issue was discovered in the Webmail Classic UI in... |
| CVE-2024-54790 | 2024-12-19 | A SQL Injection vulnerability was found in /index.php in PHPGurukul... |
| CVE-2024-54982 | 2024-12-19 | An issue in Quectel BC25 with firmware version BC25PAR01A06 allows... |
| CVE-2024-54983 | 2024-12-19 | An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass... |
| CVE-2024-54984 | 2024-12-19 | An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass... |
| CVE-2024-55081 | 2024-12-19 | An XML External Entity (XXE) injection vulnerability in the component... |
| CVE-2024-55082 | 2024-12-19 | A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of... |
| CVE-2024-55196 | 2024-12-19 | Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish... |
| CVE-2021-39081 | 2024-12-19 | IBM Cognos Analytics Mobile information disclosure |
| CVE-2022-33954 | 2024-12-19 | IBM Robotic Process Automation information disclosure |
| CVE-2023-30443 | 2024-12-19 | IBM Db2 denial of service |
| CVE-2024-35141 | 2024-12-19 | IBM Security Verify Access privilege escalation |
| CVE-2023-23357 | 2024-12-19 | QuLog Center |
| CVE-2023-23356 | 2024-12-19 | QuFirewall |
| CVE-2023-23354 | 2024-12-19 | QuLog Center |
| CVE-2022-27600 | 2024-12-19 | QTS, QuTS hero, QuTScloud |
| CVE-2022-27595 | 2024-12-19 | QVPN Device Client |
| CVE-2024-51532 | 2024-12-19 | Dell PowerStore contains an Improper Neutralization of Argument Delimiters in... |
| CVE-2024-10548 | 2024-12-19 | WP Project Manager <= 2.6.15 - Authenticated (Subscriber+) Sensitive Information Exposure via Project Task List REST API |
| CVE-2024-12121 | 2024-12-19 | Broken Link Checker | Finder <= 2.5.0 - Authenticated (Author+) Blind Server-Side Request Forgery |
| CVE-2024-11984 | 2024-12-19 | SUNNET Corporate Training Management System - Unrestricted Upload of File with Dangerous Type |
| CVE-2024-11740 | 2024-12-19 | Download Manager <= 3.3.03 - Unauthenticated Arbitrary Shortcode Execution |
| CVE-2024-11768 | 2024-12-19 | Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files |
| CVE-2024-12560 | 2024-12-19 | Button Block – Get fully customizable & multi-functional buttons <= 1.1.5 - Authenticated (Contributor+) Post Disclosure via Post Duplication |
| CVE-2024-4229 | 2024-12-19 | Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows... |
| CVE-2024-4230 | 2024-12-19 | External Control of File Name or Path vulnerability in Edgecross... |
| CVE-2020-12819 | 2024-12-19 | A heap-based buffer overflow vulnerability in the processing of Link... |
| CVE-2021-26093 | 2024-12-19 | An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions... |
| CVE-2024-12569 | 2024-12-19 | Sensitive Information in Driver’s Log File |
| CVE-2023-4617 | 2024-12-19 | Gaining remote control over Govee devices |
| CVE-2024-11616 | 2024-12-19 | Double-fetch heap overflow |
| CVE-2020-12820 | 2024-12-19 | Under non-default configuration, a stack-based buffer overflow in FortiOS version... |
| CVE-2020-15934 | 2024-12-19 | An execution with unnecessary privileges vulnerability in the VCM engine... |
| CVE-2021-26115 | 2024-12-19 | An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7... |
| CVE-2024-12331 | 2024-12-19 | File Manager Pro – Filester <= 1.8.6 - Missing Authorization to Authenticated (Subscriber+) Filebird Plugin Installation |
| CVE-2024-12626 | 2024-12-19 | AutomatorWP <= 5.0.9 - Reflected Cross-Site Scripting via a-0-o-search_field_value |
| CVE-2024-37962 | 2024-12-19 | WordPress Fusion Page Builder plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability |
| CVE-2024-45818 | 2024-12-19 | Deadlock in x86 HVM standard VGA handling |
| CVE-2024-45819 | 2024-12-19 | libxl leaks data to PVH guests via ACPI tables |