CVE List - 2024 / December
Showing 501 - 600 of 3433 CVEs for December 2024 (Page 6 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-11941 | 2024-12-05 | Drupal core - Moderately critical - Denial of Service - SA-CORE-2024-001 |
| CVE-2024-11942 | 2024-12-05 | Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002 |
| CVE-2024-54130 | 2024-12-05 | Segmentation Fault in `forwardBundle` Function of ION-DTN BPv7 When Destination EID is `dtn:none` (public) |
| CVE-2024-54129 | 2024-12-05 | Improper Initialization of `imc` Scheme Leading to `SIGABRT` in ION-DTN BPv7 |
| CVE-2024-54001 | 2024-12-05 | Kanboard allows a persistent HTML injection site scripting in settings page date format |
| CVE-2024-12247 | 2024-12-05 | Improper propagation of permission scheme updates across cluster nodes |
| CVE-2024-53857 | 2024-12-05 | rPGP Potential Resource Exhaustion when handling Untrusted Messages |
| CVE-2024-53856 | 2024-12-05 | rPGP Panics on Malformed Untrusted Input |
| CVE-2024-10716 | 2024-12-05 | Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. |
| CVE-2024-12231 | 2024-12-05 | CodeZips Project Management System index.php sql injection |
| CVE-2024-12232 | 2024-12-05 | code-projects Simple CRUD Functionality index.php cross site scripting |
| CVE-2024-12233 | 2024-12-05 | code-projects Online Notice Board Profile Picture registration.php unrestricted upload |
| CVE-2024-54128 | 2024-12-05 | Directus has an HTML Injection in Comment |
| CVE-2024-12234 | 2024-12-05 | 1000 Projects Beauty Parlour Management System edit-customer-detailed.php sql injection |
| CVE-2024-53846 | 2024-12-05 | ssl fails to validate incorrect extened key usage |
| CVE-2024-12235 | 2024-12-05 | Shenzhen Dashi Tongzhou Information Technology AgileBPM AuthorizationTokenCheckFilter.java doFilter access control |
| CVE-2024-11155 | 2024-12-05 | Rockwell Automation Arena® Use After Free Vulnerability |
| CVE-2024-11156 | 2024-12-05 | Rockwell Automation Arena® Out of Bounds Write Vulnerability |
| CVE-2024-11158 | 2024-12-05 | Rockwell Automation Arena® Uninitialized Vulnerability |
| CVE-2024-12130 | 2024-12-05 | Rockwell Automation Arena® Out of Bounds Read Vulnerability |
| CVE-2024-11148 | 2024-12-05 | OpenBSD httpd(8) null dereference |
| CVE-2024-10933 | 2024-12-05 | OpenBSD readdir directory traversal |
| CVE-2017-13308 | 2024-12-05 | In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with... |
| CVE-2024-54140 | 2024-12-05 | sigstore-java has a vulnerability with bundle verification |
| CVE-2018-9386 | 2024-12-05 | In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution... |
| CVE-2018-9388 | 2024-12-05 | In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege. |
| CVE-2018-9390 | 2024-12-05 | In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege... |
| CVE-2018-9391 | 2024-12-05 | In update_gps_sv and output_vzw_debug of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor ker.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with... |
| CVE-2024-52798 | 2024-12-05 | path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x |
| CVE-2024-6156 | 2024-12-05 | Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. |
| CVE-2024-6219 | 2024-12-05 | Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. |
| CVE-2024-38921 | 2024-12-06 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request... |
| CVE-2024-38922 | 2024-12-06 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted... |
| CVE-2024-38923 | 2024-12-06 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request... |
| CVE-2024-38924 | 2024-12-06 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request... |
| CVE-2024-38925 | 2024-12-06 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request... |
| CVE-2024-38926 | 2024-12-06 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request... |
| CVE-2024-38927 | 2024-12-06 | Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request... |
| CVE-2024-41644 | 2024-12-06 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. |
| CVE-2024-41645 | 2024-12-06 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. |
| CVE-2024-41646 | 2024-12-06 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. |
| CVE-2024-41647 | 2024-12-06 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. |
| CVE-2024-41648 | 2024-12-06 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller. |
| CVE-2024-41649 | 2024-12-06 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. |
| CVE-2024-41650 | 2024-12-06 | Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. |
| CVE-2024-44852 | 2024-12-06 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). |
| CVE-2024-44853 | 2024-12-06 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl(). |
| CVE-2024-44854 | 2024-12-06 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan(). |
| CVE-2024-44855 | 2024-12-06 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner(). |
| CVE-2024-44856 | 2024-12-06 | Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner(). |
| CVE-2024-48703 | 2024-12-06 | PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter. |
| CVE-2024-50677 | 2024-12-06 | A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. |
| CVE-2024-53907 | 2024-12-06 | An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack... |
| CVE-2024-53908 | 2024-12-06 | An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject... |
| CVE-2024-54745 | 2024-12-06 | WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. |
| CVE-2024-54747 | 2024-12-06 | WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. |
| CVE-2024-54749 | 2024-12-06 | Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the... |
| CVE-2024-54750 | 2024-12-06 | Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: In Ubiquiti's view there is no vulnerability as... |
| CVE-2024-55268 | 2024-12-06 | A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber... |
| CVE-2024-49041 | 2024-12-06 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2024-11149 | 2024-12-06 | OpenBSD vmm GDTR limits |
| CVE-2024-10836 | 2024-12-06 | Flixita <= 1.0.82 - Reflected Cross-Site Scripting via id Parameter |
| CVE-2024-9769 | 2024-12-06 | Video Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting |
| CVE-2024-10247 | 2024-12-06 | YouTube Gallery and Vimeo Gallery Plugin <= 2.4.2 - Authenticated (Administrator+) SQL Injection |
| CVE-2024-11379 | 2024-12-06 | Broadcast <= 51.01 - Reflected Cross-Site Scripting |
| CVE-2024-11201 | 2024-12-06 | myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode |
| CVE-2024-11585 | 2024-12-06 | WP Hide & Security Enhancer <= 2.5.1 - Missing Authorization to Unauthenticated Arbitrary File Contents Deletion |
| CVE-2024-10578 | 2024-12-06 | Pubnews <= 1.0.7 - Unauthenticated Arbitrary Plugin Installation |
| CVE-2024-10480 | 2024-12-06 | 3DPrint Lite < 2.1 - Settings Update via CSRF |
| CVE-2024-10551 | 2024-12-06 | Sticky Social Icons <= 1.2.1 - Admin+ Stored XSS |
| CVE-2024-11178 | 2024-12-06 | Login With OTP <= 1.4.2 - Authentication Bypass via Weak OTP |
| CVE-2024-12003 | 2024-12-06 | WP System <= 1.1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-10879 | 2024-12-06 | ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting |
| CVE-2024-12060 | 2024-12-06 | WP Media Optimizer (.webp) <= 1.4.0 - Reflected Cross-Site Scripting via wpmowebp-css-resources and wpmowebp-js-resources Parameters |
| CVE-2024-11444 | 2024-12-06 | CLUEVO LMS, E-Learning Platform <= 1.13.2 - Cross-Site Request Forgery to Module Deletion |
| CVE-2024-11292 | 2024-12-06 | WP Private Content Plus <= 3.6.1 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-10849 | 2024-12-06 | NewsMash <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9705 | 2024-12-06 | Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Authenticated (Subscriber+) Template Name Update |
| CVE-2024-9866 | 2024-12-06 | Event Tickets with Ticket Scanner <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-11323 | 2024-12-06 | AI Quiz | Quiz Maker <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update |
| CVE-2024-12027 | 2024-12-06 | Message Filter for Contact Form 7 <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Filter Updates/Deletions |
| CVE-2024-11336 | 2024-12-06 | Clickbank WordPress Plugin (Storefront) <= 1.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2024-11368 | 2024-12-06 | Splash Sync <= 2.0.6 - Reflected Cross-Site Scripting |
| CVE-2024-11276 | 2024-12-06 | PDF Builder for WooCommerce. Create invoices,packing slips and more <= 1.2.136 - Reflected Cross-Site Scripting |
| CVE-2024-11450 | 2024-12-06 | ONLYOFFICE Docs <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10320 | 2024-12-06 | Cookielay <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cookielay Shortcode |
| CVE-2024-12110 | 2024-12-06 | Gold Addons for Elementor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) License Activation/Deactivation |
| CVE-2024-9872 | 2024-12-06 | Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting |
| CVE-2024-12028 | 2024-12-06 | Friends <= 3.2.1 - Missing Authorization |
| CVE-2024-11352 | 2024-12-06 | TwentyTwenty <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-9706 | 2024-12-06 | Ultimate Coming Soon & Maintenance <= 1.0.9 - Missing Authorization to Unauthenticated Template Activation |
| CVE-2024-11687 | 2024-12-06 | Next-Cart Store to WooCommerce Migration <= 3.9.2 - Reflected Cross-Site Scripting |
| CVE-2024-11823 | 2024-12-06 | Folder Gallery <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-12155 | 2024-12-06 | SV100 Companion <= 2.0.02 - Missing Authorization to Unuathenticated Arbitrary Options Update |
| CVE-2024-11204 | 2024-12-06 | ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter |
| CVE-2024-10692 | 2024-12-06 | PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.8.1 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-10689 | 2024-12-06 | XLTab – Accordions and Tabs for Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Post Disclosure |
| CVE-2024-11339 | 2024-12-06 | Smart PopUp Blaster <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting |
| CVE-2024-10909 | 2024-12-06 | Pojo Forms <= 1.4.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution via form_preview_shortcode |
| CVE-2024-11728 | 2024-12-06 | KiviCare – Clinic & Patient Management System (EHR) <= 3.6.4 - Unauthenticated SQL Injection |