CVE List - 2024 / December
Showing 2701 - 2800 of 3433 CVEs for December 2024 (Page 28 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-55539 | 2024-12-23 | Weak algorithm used to sign RPM package. The following products... |
| CVE-2024-53256 | 2024-12-23 | Rizin has a command injection via RzBinInfo bclass due legacy code |
| CVE-2024-54148 | 2024-12-23 | Gogs has a Path Traversal in file editing UI |
| CVE-2024-55947 | 2024-12-23 | Gogs has a Path Traversal in file update API |
| CVE-2024-23945 | 2024-12-23 | Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails |
| CVE-2024-45387 | 2024-12-23 | Apache Traffic Control: SQL Injection in Traffic Ops endpoint PUT deliveryservice_request_comments |
| CVE-2024-56201 | 2024-12-23 | Jinja has a sandbox breakout through malicious filenames |
| CVE-2024-56326 | 2024-12-23 | Jinja has a sandbox breakout through indirect reference to format method |
| CVE-2024-56364 | 2024-12-23 | Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx |
| CVE-2024-53275 | 2024-12-23 | GHSL-2024-091: DNS rebinding attack in home-gallery |
| CVE-2024-53276 | 2024-12-23 | GHSL-2024-092: Open CORS policy in home-gallery |
| CVE-2024-56362 | 2024-12-23 | Navidrome Stores JWT Secret in Plaintext in navidrome.db |
| CVE-2024-56363 | 2024-12-23 | APTRS has SSTI vulnerability |
| CVE-2024-53961 | 2024-12-23 | ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
| CVE-2018-25106 | 2024-12-23 | webuidesigning NebulaX Theme Legacy.php nebula_send_to_hubspot sql injection |
| CVE-2024-9427 | 2024-12-24 | Koji: escape html tag characters in the query string |
| CVE-2024-47515 | 2024-12-24 | Pagure: generate_archive() follows symbolic links in temporary clones |
| CVE-2024-12582 | 2024-12-24 | Skupper: skupper-cli: flawed authentication method may lead to arbitrary file read or denial of service |
| CVE-2024-12266 | 2024-12-24 | ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing Authorization |
| CVE-2024-12710 | 2024-12-24 | WP-Appbox <= 4.5.3 - Reflected Cross-Site Scripting |
| CVE-2024-12518 | 2024-12-24 | shMapper by Teplitsa <= 1.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12507 | 2024-12-24 | Optio Dentistry <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12617 | 2024-12-24 | WC Price History for Omnibus <= 2.1.3 - Missing Authorization |
| CVE-2024-41887 | 2024-12-24 | Arbitrary File Overwrite |
| CVE-2024-12034 | 2024-12-24 | Advanced Google reCAPTCHA <= 1.25 - Brute Force Protection IP Unblock |
| CVE-2024-11885 | 2024-12-24 | NinjaTeam Chat for Telegram <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12210 | 2024-12-24 | Print Invoice & Delivery Notes for WooCommerce <= 5.4.0 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion |
| CVE-2024-12594 | 2024-12-24 | ALL In One Custom Login Page <= 7.1.1 - Missing Authorization to Authenticated (Subscriber+)Privilege Escalation |
| CVE-2024-12622 | 2024-12-24 | WordPress Simple Shopping Cart <= 5.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12100 | 2024-12-24 | Bitcoin Lightning Publisher for WordPress <= 1.4.1 - Reflected Cross-Site Scripting |
| CVE-2024-12405 | 2024-12-24 | Export Customers Data <= 1.2.3 - Reflected Cross-Site Scripting |
| CVE-2024-41886 | 2024-12-24 | Improper Input Validation |
| CVE-2024-41885 | 2024-12-24 | Hardcoding sensitive information |
| CVE-2024-41884 | 2024-12-24 | Null Pointer Dereference |
| CVE-2024-41883 | 2024-12-24 | Null Pointer Dereference |
| CVE-2024-41882 | 2024-12-24 | Stack based buffer overflow |
| CVE-2024-12096 | 2024-12-24 | Exhibit to WP Gallery <= 0.0.2 - Reflected XSS |
| CVE-2024-12814 | 2024-12-24 | Loan Comparison <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-11896 | 2024-12-24 | Text Prompter – Unlimited chatgpt text prompts for openai tasks <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12468 | 2024-12-24 | WP Datepicker <= 2.1.4 - Reflected Cross-Site Scripting |
| CVE-2024-8721 | 2024-12-24 | Tracking Code Manager <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12103 | 2024-12-24 | Content No Cache: prevent specific content from being cached <= 0.1.2 - Unauthenticated Private Content Disclosure |
| CVE-2024-12031 | 2024-12-24 | Advanced Floating Content <= 3.8.2 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-12850 | 2024-12-24 | Database Backup and check Tables Automated With Scheduler 2024 <= 2.32 - Authenticated (Admin+) Arbitrary File Read |
| CVE-2024-12881 | 2024-12-24 | PlugVersions – Easily rollback to previous versions of your plugins <= 0.0.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Creation |
| CVE-2024-53240 | 2024-12-24 | xen/netfront: fix crash when removing device |
| CVE-2024-53241 | 2024-12-24 | x86/xen: don't do PV iret hypercall through hypercall page |
| CVE-2024-12268 | 2024-12-24 | Responsive Blocks – WordPress Gutenberg Blocks <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10584 | 2024-12-24 | DirectoryPress <= 3.6.16 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2024-11726 | 2024-12-24 | Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress <= 1.1.21 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-10856 | 2024-12-24 | Booking Calendar WpDevArt <= 3.2.19 - Authenticated (Contributor+) SQL Injection |
| CVE-2024-53145 | 2024-12-24 | um: Fix potential integer overflow during physmem setup |
| CVE-2024-53146 | 2024-12-24 | NFSD: Prevent a potential integer overflow |
| CVE-2024-53147 | 2024-12-24 | exfat: fix out-of-bounds access of directory entries |
| CVE-2024-53148 | 2024-12-24 | comedi: Flush partial mappings in error case |
| CVE-2024-53149 | 2024-12-24 | usb: typec: ucsi: glink: fix off-by-one in connector_status |
| CVE-2024-53150 | 2024-12-24 | ALSA: usb-audio: Fix out of bounds reads when finding clock sources |
| CVE-2024-53151 | 2024-12-24 | svcrdma: Address an integer overflow |
| CVE-2024-53152 | 2024-12-24 | PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() |
| CVE-2024-53153 | 2024-12-24 | PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() |
| CVE-2024-53154 | 2024-12-24 | clk: clk-apple-nco: Add NULL check in applnco_probe |
| CVE-2024-53155 | 2024-12-24 | ocfs2: fix uninitialized value in ocfs2_file_read_iter() |
| CVE-2024-53156 | 2024-12-24 | wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() |
| CVE-2024-53157 | 2024-12-24 | firmware: arm_scpi: Check the DVFS OPP count returned by the firmware |
| CVE-2024-53158 | 2024-12-24 | soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() |
| CVE-2024-53160 | 2024-12-24 | rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu |
| CVE-2024-53161 | 2024-12-24 | EDAC/bluefield: Fix potential integer overflow |
| CVE-2024-53162 | 2024-12-24 | crypto: qat/qat_4xxx - fix off by one in uof_get_name() |
| CVE-2024-53163 | 2024-12-24 | crypto: qat/qat_420xx - fix off by one in uof_get_name() |
| CVE-2024-43441 | 2024-12-24 | Apache HugeGraph-Server: Fixed JWT Token(Secret) |
| CVE-2024-12744 | 2024-12-24 | SQL Injection in the Amazon Redshift JDBC Driver affecting v2.1.0.31 |
| CVE-2024-12745 | 2024-12-24 | SQL Injection in the Amazon Redshift Python Connector affecting v2.1.4 |
| CVE-2024-12746 | 2024-12-24 | SQL Injection in the Amazon Redshift ODBC Driver affecting v2.1.5.0 |
| CVE-2022-21505 | 2024-12-24 | In the linux kernel, if IMA appraisal is used with... |
| CVE-2019-2483 | 2024-12-24 | Vulnerability in the Oracle iStore product of Oracle E-Business Suite... |
| CVE-2024-56430 | 2024-12-25 | OpenFHE through 1.2.3 has a NULL pointer dereference in BinFHEContext::EvalFloor... |
| CVE-2024-56431 | 2024-12-25 | oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717... |
| CVE-2024-1609 | 2024-12-25 | OPPO Store APP has a WebView component privilege escalation vulnerability. |
| CVE-2024-12032 | 2024-12-25 | Tourfic – Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking <= 2.15.3 - Authenticated (Subscriber+) SQL Injection |
| CVE-2024-12413 | 2024-12-25 | MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 2.0.00 - Missing Authorization |
| CVE-2024-12272 | 2024-12-25 | WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor <= 1.3.7 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-12190 | 2024-12-25 | Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder <= 2.17.3 - Missing Authorization to Authenticated (Subscriber+) Form Submission Disclosure |
| CVE-2024-12636 | 2024-12-25 | Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages <= 3.2.7 - Cross-Site Request Forgery |
| CVE-2024-12428 | 2024-12-25 | WP Data Access – App, Table, Form and Chart Builder plugin <= 5.5.22 - Unauthenticated SQL Injection |
| CVE-2024-10858 | 2024-12-25 | Jetpack 13.0-14.0 - Unauthenticated DOM-XSS |
| CVE-2024-11281 | 2024-12-25 | WooCommerce Point of Sale <= 6.1.0 - Insecure Direct Object Reference to Privilege Escalation via Arbitrary User Email Change |
| CVE-2024-12335 | 2024-12-25 | Avada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure |
| CVE-2024-10862 | 2024-12-25 | NEX-Forms <= 8.7.13 - Authenticated (Admin+) SQL Injection |
| CVE-2024-52046 | 2024-12-25 | Apache MINA: MINA applications using unbounded deserialization may allow RCE |
| CVE-2024-8950 | 2024-12-25 | SQLi in Arne Informatics' Piramit Automation |
| CVE-2024-39725 | 2024-12-25 | IBM Engineering Lifecycle Optimization - Engineering Insights information disclosure |
| CVE-2024-39727 | 2024-12-25 | IBM Engineering Lifecycle Optimization - Engineering Insights tabnabbing |
| CVE-2024-52535 | 2024-12-25 | Dell SupportAssist for Home PCs versions 4.6.1 and prior and... |
| CVE-2023-5117 | 2024-12-25 | Exposure of Sensitive Information Due to Incompatible Policies in GitLab |
| CVE-2024-47102 | 2024-12-25 | IBM AIX denial of service |
| CVE-2024-52906 | 2024-12-25 | IBM AIX denial of service |
| CVE-2024-47978 | 2024-12-25 | Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges... |
| CVE-2024-53291 | 2024-12-25 | Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information... |
| CVE-2024-52543 | 2024-12-25 | Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File... |
| CVE-2024-52534 | 2024-12-25 | Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication... |