CVE List - 2024 / December
Showing 1001 - 1100 of 3433 CVEs for December 2024 (Page 11 of 35)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-42426 | 2024-12-09 | Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled... |
| CVE-2024-38485 | 2024-12-09 | Dell ECS, versions prior to 3.8.0, contain(s) a Host Header... |
| CVE-2024-49600 | 2024-12-09 | Dell Power Manager (DPM), versions prior to 3.17, contain an... |
| CVE-2023-7298 | 2024-12-09 | Out-of-Bounds Write Vulnerability in in Autodesk Desktop Software |
| CVE-2024-45761 | 2024-12-09 | Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an... |
| CVE-2024-45760 | 2024-12-09 | Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an... |
| CVE-2024-11268 | 2024-12-09 | PDF File Parsing Vulnerability in Autodesk Revit |
| CVE-2024-11454 | 2024-12-09 | Untrusted Search Path vulnerability in Autodesk Revit |
| CVE-2024-11608 | 2024-12-09 | A maliciously crafted SKP file, when linked or imported into... |
| CVE-2024-52586 | 2024-12-09 | eLabFTW MFA bypass |
| CVE-2024-52599 | 2024-12-09 | Tuleap vulnerable to XSS in the Gantt chart of the tracker plugin |
| CVE-2024-53847 | 2024-12-09 | Trix vulnerable to Cross-site Scripting on copy & paste |
| CVE-2024-54147 | 2024-12-09 | Altair GraphQL Client's desktop app does not validate HTTPS certificates |
| CVE-2024-12057 | 2024-12-09 | User credentials recorded in log files |
| CVE-2024-12369 | 2024-12-09 | Elytron-oidc-client: oidc authorization code injection |
| CVE-2024-54149 | 2024-12-09 | Winter CMS Modules allows a sandbox bypass in Twig templates leading to data modification and deletion |
| CVE-2024-54151 | 2024-12-09 | Directus allows unauthenticated access to WebSocket events and operations |
| CVE-2024-55601 | 2024-12-09 | Hugo does not escape some attributes in internal templates |
| CVE-2024-12174 | 2024-12-09 | An Improper Certificate Validation vulnerability exists in Tenable Security Center... |
| CVE-2024-12393 | 2024-12-09 | Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2024-003 |
| CVE-2024-55634 | 2024-12-09 | Drupal core - Moderately critical - Access bypass - SA-CORE-2024-004 |
| CVE-2024-55635 | 2024-12-09 | Drupal core - Critical - Cross Site Scripting - SA-CORE-2024-005 |
| CVE-2024-55636 | 2024-12-09 | Drupal core - Less critical - Gadget chain - SA-CORE-2024-006 |
| CVE-2024-55637 | 2024-12-09 | Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007 |
| CVE-2024-55638 | 2024-12-09 | Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008 |
| CVE-2024-9672 | 2024-12-09 | Reflected XSS in PaperCut MF |
| CVE-2024-45493 | 2024-12-10 | An issue was discovered in MSA FieldServer Gateway 5.0.0 through... |
| CVE-2024-45494 | 2024-12-10 | An issue was discovered in MSA FieldServer Gateway 5.0.0 through... |
| CVE-2024-46341 | 2024-12-10 | TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded... |
| CVE-2024-46442 | 2024-12-10 | An issue in the BYD Dilink Headunit System v3.0 to... |
| CVE-2024-46657 | 2024-12-10 | Artifex Software mupdf v1.24.9 was discovered to contain a segmentation... |
| CVE-2024-50699 | 2024-12-10 | TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak... |
| CVE-2024-50920 | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and... |
| CVE-2024-50921 | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and... |
| CVE-2024-50924 | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and... |
| CVE-2024-50928 | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and... |
| CVE-2024-50929 | 2024-12-10 | Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and... |
| CVE-2024-50930 | 2024-12-10 | An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows... |
| CVE-2024-50931 | 2024-12-10 | Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain... |
| CVE-2024-51165 | 2024-12-10 | SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal... |
| CVE-2024-53480 | 2024-12-10 | Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL... |
| CVE-2024-53481 | 2024-12-10 | A Cross Site Scripting (XSS) vulnerability in the profile.php of... |
| CVE-2024-53552 | 2024-12-10 | CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password... |
| CVE-2024-53919 | 2024-12-10 | An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare... |
| CVE-2024-54751 | 2024-12-10 | COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password... |
| CVE-2024-55500 | 2024-12-10 | Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before... |
| CVE-2024-55550 | 2024-12-10 | Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker... |
| CVE-2024-55586 | 2024-12-10 | Nette Database through 3.2.4 allows SQL injection in certain situations... |
| CVE-2024-46340 | 2024-12-10 | TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered to transmit user... |
| CVE-2024-32732 | 2024-12-10 | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence platform |
| CVE-2024-47576 | 2024-12-10 | DLL Hijacking vulnerability in SAP Product Lifecycle Costing |
| CVE-2024-47577 | 2024-12-10 | Information Disclosure vulnerability in SAP Commerce Cloud |
| CVE-2024-47578 | 2024-12-10 | Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services) |
| CVE-2024-47579 | 2024-12-10 | Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services) |
| CVE-2024-47580 | 2024-12-10 | Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services) |
| CVE-2024-47581 | 2024-12-10 | Missing Authorization check in SAP HCM (Approve Timesheets version 4) |
| CVE-2024-47582 | 2024-12-10 | XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA |
| CVE-2024-47585 | 2024-12-10 | Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform |
| CVE-2024-54197 | 2024-12-10 | Server-Side Request Forgery in SAP NetWeaver Administrator (System Overview) |
| CVE-2024-54198 | 2024-12-10 | Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP |
| CVE-2024-37144 | 2024-12-10 | Dell PowerFlex appliance versions prior to IC 46.381.00 and IC... |
| CVE-2024-37143 | 2024-12-10 | Dell PowerFlex appliance versions prior to IC 46.381.00 and IC... |
| CVE-2024-11205 | 2024-12-10 | WPForms 1.8.4 - 1.9.2.1 - Missing Authorization to Authenticated (Subscriber+) Payment Refund and Subscription Cancellation |
| CVE-2024-21542 | 2024-12-10 | Versions of the package luigi before 3.6.0 are vulnerable to... |
| CVE-2023-6947 | 2024-12-10 | Best WordPress Gallery Plugin – FooGallery <= 2.4.16 - Authenticated (Contributor+) Directory Traversal |
| CVE-2024-10708 | 2024-12-10 | System Dashboard < 2.8.15 - Admin+ Path Traversal |
| CVE-2024-11107 | 2024-12-10 | System Dashboard < 2.8.15 - Unauthenticated Stored XSS |
| CVE-2024-28138 | 2024-12-10 | OS Command Injection |
| CVE-2024-47946 | 2024-12-10 | OS Command Execution through Arbitrary File Upload |
| CVE-2024-45709 | 2024-12-10 | SolarWinds Web Help Desk Local File Read Vulnerability |
| CVE-2024-11940 | 2024-12-10 | Property Hive Mortgage Calculator <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via price Parameter |
| CVE-2024-8256 | 2024-12-10 | Incorrect Permission Assignment in RutOS based routers and TSWOS based managed switches |
| CVE-2024-11973 | 2024-12-10 | Quran multilanguage Text & Audio <= 2.3.21 - Reflected Cross-Site Scripting via sourate and lang Parameters |
| CVE-2024-11945 | 2024-12-10 | Email Reminders <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter |
| CVE-2024-52538 | 2024-12-10 | Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special... |
| CVE-2024-47484 | 2024-12-10 | Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special... |
| CVE-2024-47977 | 2024-12-10 | Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special... |
| CVE-2024-11928 | 2024-12-10 | iChart – Easy Charts and Graphs <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter |
| CVE-2024-11106 | 2024-12-10 | Simple Restrict <= 1.2.7 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure |
| CVE-2024-10959 | 2024-12-10 | Active Products Tables for WooCommerce. Use constructor to create tables <= 1.0.6.5 - Unauthenticated Arbitrary Shortcode Execution via woot_get_smth |
| CVE-2024-11868 | 2024-12-10 | LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API |
| CVE-2024-47117 | 2024-12-10 | IBM Carbon Design System cross-site scripting |
| CVE-2020-28398 | 2024-12-10 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All... |
| CVE-2024-49704 | 2024-12-10 | A vulnerability has been identified in COMOS V10.3 (All versions... |
| CVE-2024-49849 | 2024-12-10 | A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All... |
| CVE-2024-52051 | 2024-12-10 | A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All... |
| CVE-2024-53041 | 2024-12-10 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-53242 | 2024-12-10 | A vulnerability has been identified in Teamcenter Visualization V14.2 (All... |
| CVE-2024-53832 | 2024-12-10 | A vulnerability has been identified in CPCI85 Central Processing/Communication (All... |
| CVE-2024-54005 | 2024-12-10 | A vulnerability has been identified in COMOS V10.3 (All versions... |
| CVE-2024-54091 | 2024-12-10 | A vulnerability has been identified in Solid Edge SE2024 (All... |
| CVE-2024-54093 | 2024-12-10 | A vulnerability has been identified in Solid Edge SE2024 (All... |
| CVE-2024-54094 | 2024-12-10 | A vulnerability has been identified in Solid Edge SE2024 (All... |
| CVE-2024-54095 | 2024-12-10 | A vulnerability has been identified in Solid Edge SE2024 (All... |
| CVE-2024-5660 | 2024-12-10 | Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2... |
| CVE-2024-12323 | 2024-12-10 | turboSMTP <= 4.6 - Reflected Cross-Site Scripting via 'page' |
| CVE-2024-12236 | 2024-12-10 | Use of Custom URI for media inputs with VPC-SC enabled potentially leads to data exfiltration |
| CVE-2024-54152 | 2024-12-10 | Angular Expressions - Remote Code Execution when using locals |
| CVE-2024-10494 | 2024-12-10 | Out of bounds read in HeapObjMapImpl.cpp in NI LabVIEW |
| CVE-2024-10495 | 2024-12-10 | Out of bounds read when loading the font table in fontmgr.cpp in NI LabVIEW |