Vulnerability Summary for the Week of December 2, 2024

High Vulnerabilities

Primary
Vendor — Product
Description8 Published CVSS Score Source Info
SailPoint Technologies–IdentityIQ
 
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected. 2024-12-02 10 CVE-2024-10905
ABB–ASPECT-Enterprise
 
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 10 CVE-2024-11317
ABB–ASPECT-Enterprise
 
Improper Input Validation vulnerability allows Remote Code Execution.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 10 CVE-2024-48839
ABB–ASPECT-Enterprise
 
Unauthorized Access vulnerabilities allow Remote Code Execution.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 10 CVE-2024-48840
ABB–ASPECT-Enterprise
 
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 10 CVE-2024-51545
ABB–ASPECT-Enterprise
 
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 10 CVE-2024-51549
ABB–ASPECT-Enterprise
 
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 10 CVE-2024-51550
ABB–ASPECT-Enterprise
 
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT – Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 2024-12-05 10 CVE-2024-51551
ABB–ASPECT-Enterprise
 
Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials.  Affected products: ABB ASPECT – Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 2024-12-05 10 CVE-2024-51555
stefanbohacek–Fediverse Embeds
 
Unrestricted Upload of File with Dangerous Type vulnerability in stefanbohacek Fediverse Embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through 1.5.3. 2024-12-02 10 CVE-2024-52476
NotFound–Revy
 
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18. 2024-12-06 10 CVE-2024-54214
Google–Android
 
In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-12-02 9.8 CVE-2018-9430
SICK AG–SICK InspectorP61x
 
The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device. 2024-12-06 9 CVE-2024-10773
matthias-reuter–SV100 Companion
 
The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. 2024-12-06 9.8 CVE-2024-12155
wphealth–WP Umbrella: Update Backup Restore & Monitoring
 
The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the ‘filename’ parameter of the ‘umbrella-restore’ action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. 2024-12-08 9.8 CVE-2024-12209
n/a–n/a
 
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file. 2024-12-05 9.8 CVE-2024-37861
n/a–n/a
 
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file. 2024-12-05 9.8 CVE-2024-37863
n/a–n/a
 
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggerd via remotely sending a request for change the value of dynamic-parameter`/amcl max_beams` . 2024-12-05 9.1 CVE-2024-38920
tassos.gr–Convert Forms component for Joomla
 
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. 2024-12-04 9.8 CVE-2024-40744
Progress Software Corporation–WhatsUp Gold
 
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. 2024-12-02 9.8 CVE-2024-46909
Ruijie–Reyee OS
 
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks. 2024-12-06 9.4 CVE-2024-47547
ABB–ASPECT-Enterprise
 
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access.  Affected products: ABB ASPECT – Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 2024-12-05 9.4 CVE-2024-48845
Planet Technology–Planet WGS-804HPT
 
The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution. 2024-12-06 9.8 CVE-2024-48871
Ruijie–Reyee OS
 
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie’s proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services. 2024-12-06 9.8 CVE-2024-48874
ABB–ASPECT-Enterprise
 
Dangerous File Upload vulnerabilities allow upload of malicious scripts.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 9.9 CVE-2024-51548
ABB–ASPECT-Enterprise
 
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 9.1 CVE-2024-51554
Owen Cutajar & Hyder Jaffari–WordPress Auction Plugin
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7. 2024-12-06 9.3 CVE-2024-51615
WP Sharks–s2Member Pro
 
Improper Control of Generation of Code (‘Code Injection’) vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114. 2024-12-06 9 CVE-2024-51815
Planet Technology–Planet WGS-804HPT
 
The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution. 2024-12-06 9.8 CVE-2024-52320
Ruijie–Reyee OS
 
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands. 2024-12-06 9.8 CVE-2024-52324
Siemens–syngo.plaza VB30E
 
A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database. 2024-12-06 9.8 CVE-2024-52335
Lorex–2K Indoor Wi-Fi Security Camera
 
An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. 2024-12-03 9.8 CVE-2024-52544
n/a–n/a
 
ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php. 2024-12-02 9.8 CVE-2024-52724
n/a–n/a
 
Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of the zeqp system being reused. 2024-12-02 9.1 CVE-2024-52732
Najeeb Ahmad–Simple User Registration
 
Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5. 2024-12-06 9.1 CVE-2024-53810
n/a–n/a
 
Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. 2024-12-02 9.1 CVE-2024-53900
n/a–n/a
 
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.) 2024-12-06 9.8 CVE-2024-53908
MacWarrior–clipbucket-v5
 
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photo_upload.php within the decode_key function. User inputs were supplied to this function without sanitization via collection GET parameter and photoIDS POST parameter respectively. The decode_key function invokes PHP unserialize function as defined in upload/includes/classes/photos.class.php. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200. 2024-12-06 9.8 CVE-2024-54135
MacWarrior–clipbucket-v5
 
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to unserialize function. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200. 2024-12-06 9.8 CVE-2024-54136
Roninwp–FAT Services Booking
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Roninwp FAT Services Booking.This issue affects FAT Services Booking: from n/a through 5.6. 2024-12-05 9.3 CVE-2024-54221
n/a–n/a
 
readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. 2024-12-04 9.8 CVE-2024-54661
n/a–n/a
 
Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. 2024-12-06 9.8 CVE-2024-54750
ABB–ASPECT-Enterprise
 
Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 9.6 CVE-2024-6515
ABB–ASPECT-Enterprise
 
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 9 CVE-2024-6516
ABB–ASPECT-Enterprise
 
Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 9.9 CVE-2024-6784
Progress Software Corporation–WhatsUp Gold
 
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeIpswitch. 2024-12-02 9.8 CVE-2024-8785
Google–Android
 
In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. 2024-12-02 8.8 CVE-2018-9380
Google–Android
 
In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This could lead to escalation of privileges in the kernel. 2024-12-05 8.8 CVE-2018-9402
Google–Android
 
In handle_notification_response of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. 2024-12-02 8 CVE-2018-9413
Google–Android
 
In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-12-02 8.8 CVE-2018-9418
Apache Software Foundation–Apache Hive
 
Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments. 2024-12-05 8.3 CVE-2022-41137
NVIDIA–UFM Enterprise GA
 
NVIDIA UFM Enterprise, UFM Appliance, and UFM CyberAI contain a vulnerability where an attacker can cause an improper authentication issue by sending a malformed request through the Ethernet management interface. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, and information disclosure. 2024-12-06 8.8 CVE-2024-0130
OpenHarmony–OpenHarmony
 
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free. 2024-12-03 8.8 CVE-2024-10074
swte–Swift Performance Lite
 
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the ‘ajaxify’ function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. 2024-12-06 8.1 CVE-2024-10516
blazethemes–Pubnews
 
The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins that can be leveraged to exploit other vulnerabilities. 2024-12-06 8.8 CVE-2024-10578
funnelforms–Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor Funnelforms Free
 
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.4.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-12-04 8.8 CVE-2024-10587
SICK AG–SICK InspectorP61x
 
Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level “Service”, an attacker can execute arbitrary system commands in the root user’s contexts. 2024-12-06 8.8 CVE-2024-10771
SICK AG–SICK InspectorP61x
 
Since the firmware update is not validated, an attacker can install modified firmware on the device. This has a high impact on the availabilty, integrity and confidentiality up to the complete compromise of the device. 2024-12-06 8.8 CVE-2024-10772
SICK AG–SICK InspectorP61x
 
Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer. 2024-12-06 8.2 CVE-2024-10776
india-web-developer–Login With OTP
 
The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email. 2024-12-06 8.1 CVE-2024-11178
pencidesign–Soledad
 
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. This makes it possible for unauthenticated attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. The exploitability of this is limited to Windows. 2024-12-06 8.1 CVE-2024-11289
Genetech Solutions–Pie Register – Social Sites Login (Add on)
 
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.9. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. 2024-12-04 8.1 CVE-2024-11293
kekotron–AI Quiz | Quiz Maker
 
The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style() function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. 2024-12-06 8.8 CVE-2024-11323
Synology–Synology Router Manager (SRM)
 
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors. 2024-12-04 8.1 CVE-2024-11398
galdub–Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews Stars Testimonials
 
The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the ‘stars-testimonials-with-slider-and-masonry-grid’ shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. 2024-12-05 8.8 CVE-2024-11429
webdzier–Gallery
 
The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2024-12-07 8.8 CVE-2024-11501
allaccessible–Accessibility by AllAccessible
 
The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ‘AllAccessible_save_settings’ function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. 2024-12-04 8.8 CVE-2024-11643
Google–Chrome
 
Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) 2024-12-03 8.8 CVE-2024-12053
Devolutions–Remote Desktop Manager
 
Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested. 2024-12-04 8.1 CVE-2024-12149
Snyk–Code Agent
 
Snyk has identified a remote code execution (RCE) vulnerability in all versions of Code Agent. The vulnerability enables an attacker to execute arbitrary code within the Code Agent container. Exploiting this vulnerability would require an attacker to have network access to the Code Agent within the deployment environment. External exploitation of this vulnerability is unlikely and depends on both misconfigurations of the cluster and/or chaining with another vulnerability. However, internal exploitation (with a cluster misconfiguration) could still be possible. 2024-12-06 8.1 CVE-2024-21571
Qualcomm, Inc.–Snapdragon
 
Memory corruption while Configuring the SMR/S2CR register in Bypass mode. 2024-12-02 8.4 CVE-2024-33044
Qualcomm, Inc.–Snapdragon
 
Memory corruption when allocating and accessing an entry in an SMEM partition continuously. 2024-12-02 8.4 CVE-2024-33056
n/a–n/a
 
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300. The baseband software does not properly check the length specified by the CC (Call Control). This can lead to an Out-of-Bounds write. 2024-12-02 8.1 CVE-2024-39890
IBM–Cognos Controller
 
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. 2024-12-03 8 CVE-2024-40691
Dell–NetWorker
 
Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. 2024-12-03 8.3 CVE-2024-42422
Apache Software Foundation–Apache Ozone
 
Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: * ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is false. * The user configured in ozone.s3g.kerberos.principal is also configured in ozone.s3.administrators or ozone.administrators. Users are recommended to upgrade to Apache Ozone version 1.4.1 which disables the affected endpoint. 2024-12-03 8.1 CVE-2024-45106
SonicWall–SMA100
 
A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. 2024-12-05 8.1 CVE-2024-45318
n/a–n/a
 
An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users. 2024-12-03 8.8 CVE-2024-46624
Ruijie–Reyee OS
 
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie’s cloud. 2024-12-06 8.1 CVE-2024-46874
progress — whatsup_gold
 
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account. 2024-12-02 8.8 CVE-2024-46905
progress — whatsup_gold
 
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. 2024-12-02 8.8 CVE-2024-46906
Progress Software Corporation–WhatsUp Gold
 
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. 2024-12-02 8.8 CVE-2024-46907
Progress Software Corporation–WhatsUp Gold
 
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. 2024-12-02 8.8 CVE-2024-46908
ABB–ASPECT-Enterprise
 
MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes.  Affected products: ABB ASPECT – Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01 2024-12-05 8.2 CVE-2024-48847
Samsung Mobile–Samsung Mobile Devices
 
Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. 2024-12-03 8.1 CVE-2024-49415
n/a–n/a
 
An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file 2024-12-03 8.8 CVE-2024-51114
IBM–App Connect Enterprise Certified Container
 
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. 2024-12-04 8.8 CVE-2024-51465
ABB–ASPECT-Enterprise
 
Local File Inclusion vulnerabilities allow access to sensitive system information.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 8.2 CVE-2024-51541
ABB–ASPECT-Enterprise
 
Configuration Download vulnerabilities allow access to dependency configuration information.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 8.2 CVE-2024-51542
ABB–ASPECT-Enterprise
 
Information Disclosure vulnerabilities allow access to application configuration information.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 8.2 CVE-2024-51543
ABB–ASPECT-Enterprise
 
Service Control vulnerabilities allow access to service restart requests and vm configuration settings.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 8.2 CVE-2024-51544
simplesamlphp–saml2
 
SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it’s possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18. 2024-12-02 8.3 CVE-2024-52806
n/a–n/a
 
Authenticated remote code execution (RCE) vulnerabilities affect TP-Link Archer, Deco, and Tapo series routers. A vulnerability exists in the “tmp_get_sites” function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the installation or activation of the HomeShield functionality. 2024-12-02 8 CVE-2024-53375
n/a–n/a
 
Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key. 2024-12-02 8.8 CVE-2024-53484
n/a–n/a
 
A serious vulnerability was discovered in FreePBX 17.0.19.17. FreePBX does not verify the type of uploaded files and does not restrict user access paths, allowing attackers to remotely control the FreePBX server by uploading malicious files with malicious content and accessing the default directory where the files are uploaded. This will result in particularly serious consequences. 2024-12-02 8.8 CVE-2024-53564
SonicWall–SMA100
 
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. 2024-12-05 8.1 CVE-2024-53703
Kiboko Labs–Watu Quiz
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Kiboko Labs Watu Quiz allows SQL Injection.This issue affects Watu Quiz: from n/a through 3.4.2. 2024-12-02 8.5 CVE-2024-53792
eDoc Intelligence LLC–eDoc Easy Tables
 
Cross-Site Request Forgery (CSRF) vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows Blind SQL Injection.This issue affects eDoc Easy Tables: from n/a through 1.29. 2024-12-02 8.2 CVE-2024-53793
brandtoss–WP Mailster
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0. 2024-12-06 8.5 CVE-2024-53807
Basix–NEX-Forms Ultimate Form Builder
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8. 2024-12-06 8.5 CVE-2024-53808
PINPOINT.WORLD–Pinpoint Booking System
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1. 2024-12-06 8.5 CVE-2024-53815
n/a–n/a
 
An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.) 2024-12-02 8.8 CVE-2024-53937
n/a–n/a
 
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over the router remotely without any authentication. 2024-12-02 8.8 CVE-2024-53938
n/a–n/a
 
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on the device (with root-level permissions) via crafted input. 2024-12-02 8.8 CVE-2024-53939
n/a–n/a
 
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling arbitrary command execution with root-level permissions on the device. 2024-12-02 8.8 CVE-2024-53940
n/a–n/a
 
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID. 2024-12-02 8.8 CVE-2024-53941
MobSF–Mobile-Security-Framework-MobSF
 
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the “Diff or Compare” functionality, they are affected by a Stored Cross-Site Scripting vulnerability. This vulnerability is fixed in 4.2.9. 2024-12-03 8.1 CVE-2024-53999
thorsten–phpMyFAQ
 
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server’s credential when connection to DB fails. This vulnerability is fixed in 4.0.0. 2024-12-06 8.6 CVE-2024-54141
JetBrains–YouTrack
 
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox 2024-12-04 8 CVE-2024-54154
Google–Android
 
In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-02 7.8 CVE-2018-9376
Google–Android
 
In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-12-02 7.5 CVE-2018-9381
Google–Android
 
In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege. 2024-12-05 7.8 CVE-2018-9388
Google–Android
 
In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-04 7.8 CVE-2018-9392
Google–Android
 
In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-04 7.8 CVE-2018-9393
Google–Android
 
In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-04 7.8 CVE-2018-9394
Google–Android
 
In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-04 7.8 CVE-2018-9395
Google–Android
 
In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-04 7.8 CVE-2018-9396
Google–Android
 
In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 7.8 CVE-2018-9397
Google–Android
 
In fm_set_stat of mediatek FM radio driver, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 7.8 CVE-2018-9398
Google–Android
 
In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 7.8 CVE-2018-9399
Google–Android
 
In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touchscreen/mediatek/GT1151/gt1x_generic.c and gt1x_tools.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 7.8 CVE-2018-9400
Google–Android
 
In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege in a privileged process with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 7.8 CVE-2018-9403
Google–Android
 
In oemCallback of ril.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 7.8 CVE-2018-9404
Google–Android
 
In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. 2024-12-02 7.8 CVE-2018-9414
Google–Android
 
In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-12-02 7.8 CVE-2018-9431
Google–Android
 
In __unregister_prot_hook and packet_release of af_packet.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 7.8 CVE-2018-9439
Google–Android
 
In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 7.8 CVE-2018-9462
Google–Android
 
In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 7.8 CVE-2018-9463
totalsoft–Video Gallery YouTube Gallery and Vimeo Gallery
 
The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-12-06 7.2 CVE-2024-10247
templateinvaders–TI WooCommerce Wishlist
 
The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wizard’ function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates. 2024-12-04 7.5 CVE-2024-10567
SICK AG–SICK InspectorP61x
 
Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication. 2024-12-06 7.3 CVE-2024-10774
wpkube–Authors List
 
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. 2024-12-04 7.3 CVE-2024-10952
softaculous–FileOrganizer Manage WordPress and Website Files
 
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the ‘default_lang’ parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. 2024-12-07 7.2 CVE-2024-11010
OpenBSD–OpenBSD
 
In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request. 2024-12-05 7.5 CVE-2024-11148
OpenBSD–OpenBSD
 
In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs. 2024-12-06 7.9 CVE-2024-11149
Rockwell Automation–Arena
 
A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. 2024-12-05 7.8 CVE-2024-11155
Open Automation Software–Open Automation Software
 
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation. 2024-12-06 7.8 CVE-2024-11220
ABB–ASPECT-Enterprise
 
Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 7.5 CVE-2024-11316
modalweb–Advanced File Manager
 
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the ‘class_fma_connector.php’ file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2024-12-03 7.5 CVE-2024-11391
pictureplanet–Verowa Connect
 
The Verowa Connect plugin for WordPress is vulnerable to SQL Injection via the ‘search_string’ parameter in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-12-06 7.5 CVE-2024-11460
nsp-code–WP Hide & Security Enhancer
 
The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss. 2024-12-06 7.5 CVE-2024-11585
iqonicdesign–KiviCare Clinic & Patient Management System (EHR)
 
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘visit_type[service_id]’ parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-12-06 7.5 CVE-2024-11728
Drupal–Drupal Core
 
A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8. 2024-12-05 7.5 CVE-2024-11941
webcodingplace–Classic Addons WPBakery Page Builder
 
The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the ‘style’ parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The vulnerability is limited to PHP files in a Windows environment. 2024-12-04 7.5 CVE-2024-11952
WeDevs–WP Project Manager
 
The ‘Project Manager’ WordPress Plugin is affected by an authenticated SQL injection vulnerability in the ‘orderby’ parameter in the ‘/pm/v2/activites’ route. 2024-12-02 7.7 CVE-2024-12015
D3TN GmbH–D3TN
 
Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint Identifier allows remote attacker to reliably cause DoS 2024-12-04 7.5 CVE-2024-12107
1000 Projects–Library Management System
 
A vulnerability was found in 1000 Projects Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /showbook.php. The manipulation of the argument q leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-05 7.3 CVE-2024-12187
1000 Projects–Library Management System
 
A vulnerability was found in 1000 Projects Library Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /brains/stu.php. The manipulation of the argument useri leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-12-05 7.3 CVE-2024-12188
PHPGurukul–Complaint Management System
 
A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Affected is an unknown function of the file /admin/user-search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-05 7.3 CVE-2024-12228
PHPGurukul–Complaint Management System
 
A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-12-05 7.3 CVE-2024-12229
PHPGurukul–Complaint Management System
 
A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/subcategory.php. The manipulation of the argument category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-12-05 7.3 CVE-2024-12230
CodeZips–Project Management System
 
A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-05 7.3 CVE-2024-12231
code-projects–Online Notice Board
 
A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-12-05 7.3 CVE-2024-12233
1000 Projects–Beauty Parlour Management System
 
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. 2024-12-05 7.3 CVE-2024-12234
jonathandejong–Beautiful taxonomy filters
 
The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the ‘selects[0][term]’ parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-12-07 7.5 CVE-2024-12270
MediaTek, Inc.–MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8321, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8797, MT8798, MT8863T
 
In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2023. 2024-12-02 7.5 CVE-2024-20127
MediaTek, Inc.–MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8321, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8797, MT8798, MT8863T
 
In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2024. 2024-12-02 7.5 CVE-2024-20128
MediaTek, Inc.–MT6890, MT7622, MT7915, MT7916, MT7981, MT7986
 
In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727. 2024-12-02 7.5 CVE-2024-20137
MediaTek, Inc.–MT3605, MT6985, MT6989, MT6990, MT7925, MT7927, MT8195, MT8370, MT8390
 
In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604. 2024-12-02 7.5 CVE-2024-20138
n/a–n/a
 
Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script. 2024-12-05 7.8 CVE-2024-30963
n/a–n/a
 
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial_pose_sub thread created by nav2_bt_navigator 2024-12-05 7.8 CVE-2024-30964
n/a–n/a
 
rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide. 2024-12-02 7.5 CVE-2024-31669
Qualcomm, Inc.–Snapdragon
 
Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present. 2024-12-02 7.5 CVE-2024-33063
element-hq–synapse
 
Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new “leaky bucket” rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user’s ability to request large amounts of data to be cached. 2024-12-03 7.5 CVE-2024-37302
n/a–n/a
 
Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_amcl process 2024-12-05 7.3 CVE-2024-37860
n/a–n/a
 
Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner process. 2024-12-05 7.3 CVE-2024-37862
n/a–n/a
 
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to change dynamic parameters. 2024-12-05 7.5 CVE-2024-38910
n/a–n/a
 
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not properly check the length specified by the MM (Mobility Management) module, which can lead to Denial of Service. 2024-12-02 7 CVE-2024-39343
SonicWall–SMA100
 
Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution. 2024-12-05 7.5 CVE-2024-40763
IBM–Cognos Controller
 
IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. 2024-12-03 7.5 CVE-2024-41777
Qualcomm, Inc.–Snapdragon
 
Memory corruption when invalid input is passed to invoke GPU Headroom API call. 2024-12-02 7.8 CVE-2024-43048
Qualcomm, Inc.–Snapdragon
 
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver. 2024-12-02 7.8 CVE-2024-43049
Qualcomm, Inc.–Snapdragon
 
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver. 2024-12-02 7.8 CVE-2024-43050
Qualcomm, Inc.–Snapdragon
 
Memory corruption while processing API calls to NPU with invalid input. 2024-12-02 7.8 CVE-2024-43052
Qualcomm, Inc.–Snapdragon
 
Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information. 2024-12-02 7.8 CVE-2024-43053
Hitachi–Hitachi Ops Center Common Services
 
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA. This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01. 2024-12-03 7.1 CVE-2024-45068
SolarWinds–SolarWinds Platform
 
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction. 2024-12-04 7 CVE-2024-45717
Ruijie–Reyee OS
 
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials. 2024-12-06 7.5 CVE-2024-45722
Ruijie–Reyee OS
 
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user’s phone number and part of the email address. 2024-12-06 7.5 CVE-2024-47043
IBM–AIX
 
IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. 2024-12-07 7.8 CVE-2024-47115
Dell–NetWorker Management Console
 
Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution. 2024-12-03 7.8 CVE-2024-47476
Ruijie–Reyee OS
 
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices. 2024-12-06 7.5 CVE-2024-47791
n/a–n/a
 
An issue in aedes v0.51.2 allows attackers to cause a Denial of Service(DoS) via a crafted request. 2024-12-03 7.5 CVE-2024-48080
ABB–ASPECT-Enterprise
 
Denial of Service vulnerabilities where found providing a potiential for device service disruptions.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 7.7 CVE-2024-48843
ABB–ASPECT-Enterprise
 
Denial of Service vulnerabilities where found providing a potiential for device service disruptions.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 7.7 CVE-2024-48844
ABB–ASPECT-Enterprise
 
Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 7.1 CVE-2024-48846
Samsung Mobile–Samsung Mobile Devices
 
Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications. 2024-12-03 7.1 CVE-2024-49413
Samsung Mobile–GamingHub
 
Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity. 2024-12-03 7.5 CVE-2024-49420
n/a–n/a
 
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. 2024-12-04 7.5 CVE-2024-50947
n/a–n/a
 
An issue in mochiMQTT v2.6.3 allows attackers to cause a Denial of Service (DoS) via a crafted request. 2024-12-03 7.5 CVE-2024-50948
ABB–ASPECT-Enterprise
 
Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.  Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 2024-12-05 7.5 CVE-2024-51546
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager
 
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system. 2024-12-03 7.2 CVE-2024-51771
eduNEXT–Open edX LMS
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1. 2024-12-02 7.1 CVE-2024-52452
Jon Lorang–Library Bookshelves
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jon Lorang Library Bookshelves allows Reflected XSS.This issue affects Library Bookshelves: from n/a through 5.8. 2024-12-02 7.1 CVE-2024-52453
GoQSystem Inc.–GoQMieruca
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GoQSystem Inc. GoQMieruca allows Reflected XSS.This issue affects GoQMieruca: from n/a through 1.0.0. 2024-12-02 7.1 CVE-2024-52454
GoQSystem Inc.–GoQSmile
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GoQSystem Inc. GoQSmile allows Reflected XSS.This issue affects GoQSmile: from n/a through 1.0.1. 2024-12-02 7.1 CVE-2024-52455
WPoets–Awesome Studio
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPoets Awesome Studio allows Reflected XSS.This issue affects Awesome Studio: from n/a through 2.4.4. 2024-12-02 7.1 CVE-2024-52456
Youneeq–Youneeq Recommendations
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Youneeq Youneeq Recommendations allows Reflected XSS.This issue affects Youneeq Recommendations: from n/a through 3.0.7. 2024-12-02 7.1 CVE-2024-52457
Templines–TM Islamic Helper
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Templines TM Islamic Helper allows Reflected XSS.This issue affects TM Islamic Helper: from n/a through 1.0.1. 2024-12-02 7.1 CVE-2024-52458
Chameleoni.com–Chameleoni Jobs
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chameleoni.com Chameleoni Jobs allows Reflected XSS.This issue affects Chameleoni Jobs: from n/a through 2.5.2. 2024-12-02 7.1 CVE-2024-52459
AtaraPay–AtaraPay WooCommerce Payment Gateway
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AtaraPay AtaraPay WooCommerce Payment Gateway allows Reflected XSS.This issue affects AtaraPay WooCommerce Payment Gateway: from n/a through 2.0.13. 2024-12-02 7.1 CVE-2024-52460
Kinsta WordPress Hosting–Infinite Slider
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kinsta WordPress Hosting Infinite Slider allows Reflected XSS.This issue affects Infinite Slider: from n/a through 2.0.1. 2024-12-02 7.1 CVE-2024-52461
Jacob Schwartz–WP e-Commerce Style Email
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jacob Schwartz WP e-Commerce Style Email allows Reflected XSS.This issue affects WP e-Commerce Style Email: from n/a through 0.6.2. 2024-12-02 7.1 CVE-2024-52462
Kat Hagan–Post By Email
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kat Hagan Post By Email allows Reflected XSS.This issue affects Post By Email: from n/a through 1.0.4b. 2024-12-02 7.1 CVE-2024-52463
anmari–amr shortcodes
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in anmari amr shortcodes allows Reflected XSS.This issue affects amr shortcodes: from n/a through 1.7. 2024-12-02 7.1 CVE-2024-52464
Data443–LGPD Framework
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Data443 LGPD Framework allows Reflected XSS.This issue affects LGPD Framework: from n/a through 2.0.2. 2024-12-02 7.1 CVE-2024-52465
Explara–Explara Events
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Explara Explara Events allows Reflected XSS.This issue affects Explara Events: from n/a through 0.1.3. 2024-12-02 7.1 CVE-2024-52466
August Infotech–AI Responsive Gallery Album
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in August Infotech AI Responsive Gallery Album allows Reflected XSS.This issue affects AI Responsive Gallery Album: from n/a through 1.4. 2024-12-02 7.1 CVE-2024-52467
LeadBoxer–LeadBoxer
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LeadBoxer LeadBoxer allows Reflected XSS.This issue affects LeadBoxer: from n/a through 1.2. 2024-12-02 7.1 CVE-2024-52468
Dhrubok Infotech–WooCommerce Price Alert
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Dhrubok Infotech WooCommerce Price Alert allows Reflected XSS.This issue affects WooCommerce Price Alert: from n/a through 1.0.4. 2024-12-02 7.1 CVE-2024-52469
No-nonsense Labs–Document & Data Automation
 
Cross-Site Request Forgery (CSRF) vulnerability in No-nonsense Labs Document & Data Automation allows Stored XSS.This issue affects Document & Data Automation: from n/a through 1.6.1. 2024-12-02 7.1 CVE-2024-52477
Ortto–Ortto
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ortto Ortto allows Reflected XSS.This issue affects Ortto: from n/a through 1.0.19. 2024-12-02 7.1 CVE-2024-52482
Igor Beni–LeanPress
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Igor Benić LeanPress allows Reflected XSS.This issue affects LeanPress: from n/a through 1.0.0. 2024-12-02 7.1 CVE-2024-52483
Subhasish Manna–Wc Recently viewed products
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Subhasish Manna Wc Recently viewed products allows Reflected XSS.This issue affects Wc Recently viewed products: from n/a through 1.0.1. 2024-12-02 7.1 CVE-2024-52484
Lorex–2K Indoor Wi-Fi Security Camera
 
An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. 2024-12-03 7.2 CVE-2024-52547
n/a–n/a
 
Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data. 2024-12-02 7.5 CVE-2024-53605
ITERAS–ITERAS
 
Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS allows Stored XSS.This issue affects ITERAS: from n/a through 1.7.0. 2024-12-02 7.1 CVE-2024-53710
Jean-Marc BIANCA–Hotlink2Watermark
 
Cross-Site Request Forgery (CSRF) vulnerability in Jean-Marc BIANCA Hotlink2Watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through 0.3.2. 2024-12-02 7.1 CVE-2024-53711
Kevin McCabe–Kevin’s
 
Cross-Site Request Forgery (CSRF) vulnerability in Kevin McCabe Kevin’s allows Stored XSS.This issue affects Kevin’s: from n/a through 2.0.0. 2024-12-02 7.1 CVE-2024-53712
Alain Diart for les-sushi-codeurs.fr & Eric Ambrosi for regart.net–Silverlight Video Player
 
Cross-Site Request Forgery (CSRF) vulnerability in Alain Diart for les-sushi-codeurs.fr & Eric Ambrosi for regart.net Silverlight Video Player allows Stored XSS.This issue affects Silverlight Video Player: from n/a through 1.0. 2024-12-02 7.1 CVE-2024-53713
Arrow Design–Continue Shopping From Cart
 
Cross-Site Request Forgery (CSRF) vulnerability in Arrow Design Continue Shopping From Cart allows Stored XSS.This issue affects Continue Shopping From Cart: from n/a through 1.3. 2024-12-02 7.1 CVE-2024-53714
Thomas Hoefter–Simple Travel Map
 
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simple Travel Map allows Stored XSS.This issue affects Simple Travel Map: from n/a through 0.1. 2024-12-02 7.1 CVE-2024-53715
overtrue–wp auto top
 
Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp auto top allows Stored XSS.This issue affects wp auto top: from n/a through 2.9.3. 2024-12-02 7.1 CVE-2024-53716
Yonatan Reinberg–yPHPlista
 
Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg yPHPlista allows Stored XSS.This issue affects yPHPlista: from n/a through 1.1.1. 2024-12-02 7.1 CVE-2024-53717
Eric Teubert–Multi Feed Reader
 
Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through 2.2.4. 2024-12-02 7.1 CVE-2024-53718
onigetoc–Zajax Ajax Navigation
 
Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Zajax – Ajax Navigation allows Stored XSS.This issue affects Zajax – Ajax Navigation: from n/a through 0.4. 2024-12-02 7.1 CVE-2024-53719
ole1986 , MachineITSvcs–WP-ISPConfig 3
 
Cross-Site Request Forgery (CSRF) vulnerability in ole1986 , MachineITSvcs WP-ISPConfig 3 allows Stored XSS.This issue affects WP-ISPConfig 3: from n/a through 1.5.6. 2024-12-02 7.1 CVE-2024-53720
Rockemmusic–Favicon My Blog
 
Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic Favicon My Blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through 1.0.2. 2024-12-02 7.1 CVE-2024-53722
A.Cihangir BALTACI–Google Plus Share and +1 Button
 
Cross-Site Request Forgery (CSRF) vulnerability in A.Cihangir BALTACI Google Plus Share and +1 Button allows Stored XSS.This issue affects Google Plus Share and +1 Button: from n/a through 1.0. 2024-12-02 7.1 CVE-2024-53723
Ronny L. Bull–IceStats
 
Cross-Site Request Forgery (CSRF) vulnerability in Ronny L. Bull IceStats allows Stored XSS.This issue affects IceStats: from n/a through 1.3. 2024-12-02 7.1 CVE-2024-53724
Script-Recipes–Post Hits Counter
 
Cross-Site Request Forgery (CSRF) vulnerability in Script-Recipes Post Hits Counter allows Reflected XSS.This issue affects Post Hits Counter: from n/a through 2.8.23. 2024-12-02 7.1 CVE-2024-53725
Realty Candy–RealtyCandy IDX Broker Extended
 
Cross-Site Request Forgery (CSRF) vulnerability in Realty Candy RealtyCandy IDX Broker Extended allows Stored XSS.This issue affects RealtyCandy IDX Broker Extended: from n/a through 1.5.1. 2024-12-02 7.1 CVE-2024-53726
LinkLaunder.com–LinkLaunder SEO
 
Cross-Site Request Forgery (CSRF) vulnerability in LinkLaunder.com LinkLaunder SEO allows Stored XSS.This issue affects LinkLaunder SEO: from n/a through 0.92.1. 2024-12-02 7.1 CVE-2024-53727
SEO-Kche Internet Marketing GmbH & Co. KG–Protect Your Content
 
Cross-Site Request Forgery (CSRF) vulnerability in SEO-Küche Internet Marketing GmbH & Co. KG Protect Your Content allows Stored XSS.This issue affects Protect Your Content: from n/a through 1.0.2. 2024-12-02 7.1 CVE-2024-53728
Plumeria Web Design–Blizzard Quotes
 
Cross-Site Request Forgery (CSRF) vulnerability in Plumeria Web Design Blizzard Quotes allows Stored XSS.This issue affects Blizzard Quotes: from n/a through 1.3. 2024-12-02 7.1 CVE-2024-53729
Aaron Hodge Silver–April’s Call Posts
 
Cross-Site Request Forgery (CSRF) vulnerability in Aaron Hodge Silver April’s Call Posts allows Stored XSS. This issue affects April’s Call Posts: from n/a through 2.1.1. 2024-12-02 7.1 CVE-2024-53730
NotFound–WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates allows Reflected XSS.This issue affects WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates: from n/a through n/a. 2024-12-02 7.1 CVE-2024-53740
CultBooking–CultBooking Hotel Booking Engine
 
Cross-Site Request Forgery (CSRF) vulnerability in CultBooking CultBooking Hotel Booking Engine allows Stored XSS.This issue affects CultBooking Hotel Booking Engine: from n/a through 2.1. 2024-12-02 7.1 CVE-2024-53753
Arrow Design–Out Of Stock Badge
 
Cross-Site Request Forgery (CSRF) vulnerability in Arrow Design Out Of Stock Badge allows Cross Site Request Forgery.This issue affects Out Of Stock Badge: from n/a through 1.3.1. 2024-12-02 7.1 CVE-2024-53754
Andrea Pernici–Third Party Cookie Eraser
 
Cross-Site Request Forgery (CSRF) vulnerability in Andrea Pernici Third Party Cookie Eraser allows Stored XSS.This issue affects Third Party Cookie Eraser: from n/a through 1.0.2. 2024-12-02 7.1 CVE-2024-53755
Planet Studio team–ArCa Payment Gateway
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Planet Studio team ArCa Payment Gateway allows Stored XSS.This issue affects ArCa Payment Gateway: from n/a through 1.3.1. 2024-12-02 7.1 CVE-2024-53759
Faster Themes–FastBook Responsive Appointment Booking and Scheduling System
 
Cross-Site Request Forgery (CSRF) vulnerability in Faster Themes FastBook – Responsive Appointment Booking and Scheduling System allows Stored XSS.This issue affects FastBook – Responsive Appointment Booking and Scheduling System: from n/a through 1.1. 2024-12-02 7.1 CVE-2024-53762
Think201–Mins To Read
 
Cross-Site Request Forgery (CSRF) vulnerability in Think201 Mins To Read allows Stored XSS.This issue affects Mins To Read: from n/a through 1.2.2. 2024-12-02 7.1 CVE-2024-53765
Ludovic RIAUDEL–Custom Post Type to Map Store
 
Cross-Site Request Forgery (CSRF) vulnerability in Ludovic RIAUDEL Custom Post Type to Map Store allows Stored XSS.This issue affects Custom Post Type to Map Store: from n/a through 1.1.0. 2024-12-02 7.1 CVE-2024-53769
Peter MacIntyre–RingCentral Communications
 
Cross-Site Request Forgery (CSRF) vulnerability in Peter MacIntyre RingCentral Communications allows Stored XSS.This issue affects RingCentral Communications: from n/a through 1.6.1. 2024-12-02 7.1 CVE-2024-53770
Raphael Heide–Donate Me
 
Cross-Site Request Forgery (CSRF) vulnerability in Raphael Heide Donate Me allows Stored XSS.This issue affects Donate Me: from n/a through 1.2.5. 2024-12-02 7.1 CVE-2024-53776
Alberto Reineri–Simple Header and Footer
 
Cross-Site Request Forgery (CSRF) vulnerability in Alberto Reineri Simple Header and Footer allows Stored XSS.This issue affects Simple Header and Footer: from n/a through 1.0.0. 2024-12-02 7.1 CVE-2024-53777
Max Engel–Yahoo! WebPlayer
 
Cross-Site Request Forgery (CSRF) vulnerability in Max Engel Yahoo! WebPlayer allows Stored XSS.This issue affects Yahoo! WebPlayer: from n/a through 2.0.6. 2024-12-02 7.1 CVE-2024-53779
Rajeev Chauhan–Load More Posts
 
Cross-Site Request Forgery (CSRF) vulnerability in Rajeev Chauhan Load More Posts allows Stored XSS.This issue affects Load More Posts: from n/a through 1.4.0. 2024-12-02 7.1 CVE-2024-53780
Home Junction–SpatialMatch IDX
 
Cross-Site Request Forgery (CSRF) vulnerability in Home Junction SpatialMatch IDX allows Stored XSS.This issue affects SpatialMatch IDX: from n/a through 3.0.9. 2024-12-02 7.1 CVE-2024-53781
CMSaccount–Photo Video Store
 
Cross-Site Request Forgery (CSRF) vulnerability in CMSaccount Photo Video Store allows Cross-Site Scripting (XSS).This issue affects Photo Video Store: from n/a through 21.07. 2024-12-02 7.1 CVE-2024-53782
Ritesh Sanap–Advanced What should we write next about
 
Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanced What should we write next about allows Stored XSS.This issue affects Advanced What should we write next about: from n/a through 1.0.3. 2024-12-02 7.1 CVE-2024-53789
brandtoss–WP Mailster
 
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0. 2024-12-06 7.5 CVE-2024-53804
brandtoss–WP Mailster
 
Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. 2024-12-06 7.5 CVE-2024-53805
Jacques Malgrange–WP GeoNames
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jacques Malgrange WP GeoNames allows Reflected XSS.This issue affects WP GeoNames: from n/a through 1.8. 2024-12-06 7.1 CVE-2024-53812
Acowebs–Product Labels For Woocommerce
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Acowebs Product Labels For Woocommerce allows Blind SQL Injection.This issue affects Product Labels For Woocommerce: from n/a through 1.5.8. 2024-12-06 7.6 CVE-2024-53817
NotFound–Pie Register Premium
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Pie Register Premium allows Reflected XSS.This issue affects Pie Register Premium: from n/a through n/a. 2024-12-06 7.1 CVE-2024-53821
AREOI–All Bootstrap Blocks
 
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects All Bootstrap Blocks: from n/a through 1.3.19. 2024-12-06 7.5 CVE-2024-53824
rpgp–rpgp
 
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1. 2024-12-05 7.5 CVE-2024-53856
rpgp–rpgp
 
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys. 2024-12-05 7.5 CVE-2024-53857
n/a–n/a
 
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. 2024-12-06 7.5 CVE-2024-53907
Kludex–python-multipart
 
python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR r or LF n) in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause excessive logging for certain inputs. An attacker could abuse this by sending a malicious request with lots of data before the first or after the last boundary, causing high CPU load and stalling the processing thread for a significant amount of time. In case of ASGI application, this could stall the event loop and prevent other requests from being processed, resulting in a denial of service (DoS). This vulnerability is fixed in 0.0.18. 2024-12-02 7.5 CVE-2024-53981
MobSF–Mobile-Security-Framework-MobSF
 
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side request forgery when a request to .well-known/assetlinks.json” returns a 302 redirect. This is a bypass of the fix for CVE-2024-29190 and is fixed in 3.9.7. 2024-12-03 7.5 CVE-2024-54000
open-quantum-safe–liboqs
 
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0. 2024-12-06 7.4 CVE-2024-54137
Paloma–Paloma Widget
 
Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through 1.14. 2024-12-06 7.1 CVE-2024-54205
Joni Halabi–Block Controller
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Joni Halabi Block Controller allows Reflected XSS.This issue affects Block Controller: from n/a through 1.4.2. 2024-12-06 7.1 CVE-2024-54208
WPFactory–Awesome Shortcodes
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Awesome Shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a through 1.7.2. 2024-12-06 7.1 CVE-2024-54209
NotFound–ARForms
 
Path Traversal vulnerability in NotFound ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1. 2024-12-06 7.7 CVE-2024-54216
n/a–n/a
 
An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker’s code in the user’s security context, a different vulnerability than CVE-2024-52945. 2024-12-04 7.8 CVE-2024-54664
Zyxel–VMG8825-T50K firmware
 
A buffer overflow vulnerability in the packet parser of the third-party library “libclinkc” in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device. 2024-12-03 7.5 CVE-2024-8748
Zyxel–VMG4005-B50A firmware
 
A post-authentication command injection vulnerability in the “host” parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. 2024-12-03 7.2 CVE-2024-9200

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source Info
Google–Android
 
In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 6.7 CVE-2017-13308
Google–Android
 
In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 6.7 CVE-2018-9386
Google–Android
 
In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 6.7 CVE-2018-9390
Google–Android
 
In update_gps_sv and output_vzw_debug of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor ker.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 6.7 CVE-2018-9391
Google–Android
 
In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data. 2024-12-05 6.5 CVE-2018-9407
Google–Android
 
In  RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard. 2024-12-02 6.5 CVE-2018-9426
Google–Android
 
In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. 2024-12-02 6.5 CVE-2018-9429
Google–Android
 
In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-12-02 6.2 CVE-2018-9435
astoundify–WP Job Manager Company Profiles
 
The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘company’ parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-04 6.1 CVE-2023-6978
persianscript– Persian WooCommerce SMS
 
The افزونه پیامک ووکامرس Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-10046
eyale-vc–Contact Form Builder by vcita
 
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-05 6.4 CVE-2024-10056
gutentor–Gutentor Gutenberg Blocks Page Builder for Gutenberg Editor
 
The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-05 6.4 CVE-2024-10178
iamjonasmarlo–Cookielay
 
The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.4 CVE-2024-10320
brainstormforce–Spectra WordPress Gutenberg Blocks
 
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘Team’ widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-10484
reputeinfosystems–ARMember Membership Plugin, Content Restriction, Member Levels, User Profile & User signup
 
The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes. 2024-12-06 6.3 CVE-2024-10681
jooseposti–Posti Shipping
 
The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. This is due to missing or incorrect nonce validation on the generate_notices_html() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-04 6.1 CVE-2024-10832
themesdaddy–Flixita
 
The Flixita theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.82 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-10836
desertthemes–NewsMunch
 
The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-05 6.4 CVE-2024-10848
desertthemes–NewsMash
 
The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.4 CVE-2024-10849
ultimatemember–ForumWP Forum & Discussion Board
 
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-10879
sodah–LUNA RADIO PLAYER
 
The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘lunaradio’ shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-05 6.4 CVE-2024-10881
searchiq–SearchIQ The Search Solution
 
The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘siq_searchbox’ shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-10885
kingyes–Pojo Forms
 
The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. This was partially fixed in version 1.4.8. 2024-12-06 6.3 CVE-2024-10909
Rockwell Automation–Arena
 
An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. 2024-12-05 6.7 CVE-2024-11158
GoodLayers–Goodlayers Core
 
The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘font-family’ parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-03 6.1 CVE-2024-11200
wpexpertsio–myCred Exclusive Platform for Loyalty Points and Rewards Create Leaderboards, Ranks, Badges, Cashback Coupons, Referral Programs, WooCommerce & eCommerce wallet, Gamification Awards, and Achievements.
 
The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s mycred_send shortcode in all versions up to, and including, 2.7.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.4 CVE-2024-11201
ultimatemember–ForumWP Forum & Discussion Board
 
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-11204
edgarrojas–PDF Builder for WooCommerce. Create invoices,packing slips and more
 
The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.2.136 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-11276
bastho–Accounting for WooCommerce
 
The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-05 6.1 CVE-2024-11324
fatcatapps–Campaign Monitor Forms by Optin Cat
 
The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-03 6.1 CVE-2024-11326
comfino–Comfino Payment Gateway
 
The Comfino Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-11329
dactum–Clickbank WordPress Plugin (Storefront)
 
The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing or incorrect nonce validation via the cs_menu page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-11336
devnethr–Smart PopUp Blaster
 
The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘spb-button’ shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.4 CVE-2024-11339
cs123–TwentyTwenty
 
The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘twentytwenty’ shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.4 CVE-2024-11352
matansmoove–Smoove connector for Elementor forms
 
The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-11367
nanard33–Splash Sync
 
The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-11368
rezaplus–TWChat Send or receive messages from users
 
The TWChat – Send or receive messages from users plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.4. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-11374
edward_plainview–Broadcast
 
The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘do_check’ parameter in all versions up to, and including, 51.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations. 2024-12-06 6.1 CVE-2024-11379
imahui–Mini Program API
 
The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘qvideo’ shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-07 6.4 CVE-2024-11380
creativethemeshq–Blocksy
 
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-05 6.4 CVE-2024-11420
genetechproducts–Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more!
 
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-11436
onlyoffice–ONLYOFFICE Docs
 
The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘onlyoffice’ shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.4 CVE-2024-11450
harshitpeer–Zooom
 
The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘zooom’ shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-07 6.4 CVE-2024-11451
samdani–WordPress Pinterest Plugin Make a Popup, User Profile, Masonry and Gallery Layout
 
The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘gs_pin_widget’ shortcode in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-11453
spartac–Feedpress Generator External RSS Frontend Customizer
 
The Feedpress Generator – External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-11457
taunoh–Form Data Collector
 
The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-03 6.1 CVE-2024-11461
alphabposervice–Easy Code Snippets
 
The Easy Code Snippets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-11464
tomasgroulik–Intro Tour Tutorial DeepPresentation
 
The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-04 6.1 CVE-2024-11466
martinnguyen1990–Next-Cart Store to WooCommerce Migration
 
The Next-Cart Store to WooCommerce Migration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-11687
wphocus–My auctions allegro
 
The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 3.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-03 6.1 CVE-2024-11707
iqonicdesign–KiviCare Clinic & Patient Management System (EHR)
 
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘service_list[0][service_id]’ parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-12-06 6.5 CVE-2024-11729
iqonicdesign–KiviCare Clinic & Patient Management System (EHR)
 
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘sort[]’ parameter of the static_data_list AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with doctor/receptionist-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-12-06 6.5 CVE-2024-11730
venutius–BP Profile Shortcodes Extra
 
The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tab’ parameter in all versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-12-03 6.5 CVE-2024-11732
wpenhanced–Responsive Videos
 
The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘somryv’ shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-11747
floristone–Flower Delivery by Florist One
 
The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘flower-delivery’ shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-11769
alexvtn–WIP WooCarousel Lite
 
The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wip_woocarousel_products_carousel’ shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-05 6.4 CVE-2024-11779
brandtoss–WP Mailster
 
The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘mst_subscribe’ shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-11782
soraco–Quick License Manager WooCommerce Plugin
 
The Quick License Manager – WooCommerce Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘submit_qlm_products’ parameter in all versions up to, and including, 2.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-03 6.1 CVE-2024-11805
calliko–NPS computy
 
The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘data1’ and ‘data2’ parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-04 6.1 CVE-2024-11807
aminshah74–Pulsating Chat Button
 
The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on the amin_chat_button_settings_page() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-04 6.1 CVE-2024-11813
algoritmika–Additional Custom Order Status for WooCommerce
 
The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_fallback_status parameters in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-04 6.1 CVE-2024-11814
vjalby–Folder Gallery
 
The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘foldergallery’ shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.1 CVE-2024-11823
mlaza–jAlbum Bridge
 
The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ar’ parameter in all versions up to, and including, 2.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-11853
webilia–Listdom Business Directory and Classified Ads Listings WordPress Plugin
 
The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-11854
paulnagle–BMLT Tabbed Map
 
The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘bmlt_tabbed_map’ shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-11866
bplugins–B Testimonial Testimonial plugin for WP
 
The B Testimonial – testimonial plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘b_testimonial’ shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-11880
mightyforms–Contact Form, Survey & Form Builder MightyForms
 
The Contact Form, Survey & Form Builder – MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘mightyforms’ shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-11897
akashmalik–Scratch & Win Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more
 
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘swin-campaign’ shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-11898
timsayshey–WP eCards
 
The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ecard’ shortcode in all versions up to, and including, 1.3.904 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-11903
codemstory– 
 
The 코드엠샵 소셜톡 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘msntt_add_plus_talk’ shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-07 6.4 CVE-2024-11904
neotrendy–Email Address Obfuscation
 
The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-11935
codemstory– 
 
The 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.2.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-11943
mikeyott–WP System
 
The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the generate_wp_system_page_content() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-12003
francescosganga–WP Media Optimizer (.webp)
 
The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpmowebp-css-resources’ and ‘wpmowebp-js-resources’ parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-06 6.1 CVE-2024-12060
nshowketgmailcom–Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal
 
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘monthly_sales_current_year’ parameter in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-12128
n/a–horilla
 
A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-04 6.3 CVE-2024-12138
Netgear–R6900
 
A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2024-12-04 6.5 CVE-2024-12147
tsjippy–Mollie for Contact Form 7
 
The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-12165
cmorillas1–Shortcodes Blocks Creator Ultimate
 
The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-12166
cmorillas1–Shortcodes Blocks Creator Ultimate
 
The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-12167
Devolutions–Server
 
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission. 2024-12-04 6.5 CVE-2024-12196
Shenzhen Dashi Tongzhou Information Technology–AgileBPM
 
A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. It has been declared as critical. Affected by this vulnerability is the function doFilter of the file agile-bpm-basic-masterab-authab-auth-spring-security-oauth2srcmainjavacomdstzauthfilterAuthorizationTokenCheckFilter.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-12-05 6.3 CVE-2024-12235
cardgate–CardGate Payments for WooCommerce
 
The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-07 6.1 CVE-2024-12257
Jirafeau project–Jirafeau
 
Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in CVE-2022-30110. However, it was still possible to do a browser preview of a SVG file by sending a manipulated MIME type during the upload, where the case of any letter in image/svg+xml had been changed (like image/svg+XML). The check for image/svg+xml has been changed to be case insensitive. 2024-12-06 6.1 CVE-2024-12326
TP-Link–VN020 F3v(T)
 
A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has been rated as critical. This issue affects some unknown processing of the file /control/WANIPConnection of the component Incomplete SOAP Request Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. 2024-12-08 6.5 CVE-2024-12342
TP-Link–VN020 F3v(T)
 
A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. 2024-12-08 6.5 CVE-2024-12343
TP-Link–VN020 F3v(T)
 
A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-08 6.3 CVE-2024-12344
MediaTek, Inc.–MT6580, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8175, MT8195, MT8321, MT8365, MT8370, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8791T, MT8797, MT8798
 
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728. 2024-12-02 6.7 CVE-2024-20125
MediaTek, Inc.–MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8195, MT8676, MT8678, MT8696, MT8796
 
In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982. 2024-12-02 6.7 CVE-2024-20130
MediaTek, Inc.–MT2737, MT2739, MT6789, MT6813, MT6815, MT6835, MT6835T, MT6855, MT6878, MT6878T, MT6879, MT6886, MT6895, MT6895T, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6985, MT6986, MT6986D, MT6988, MT6989, MT6990, MT6991, MT8673, MT8676, MT8795T, MT8798
 
In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1873. 2024-12-02 6.7 CVE-2024-20131
MediaTek, Inc.–MT2737, MT6298, MT6879, MT6886, MT6895, MT6895T, MT6896, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990, MT8673, MT8676, MT8795T, MT8798
 
In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00957388; Issue ID: MSV-1872. 2024-12-02 6.7 CVE-2024-20132
MediaTek, Inc.–MT6879, MT6886, MT6895, MT6895T, MT6896, MT6980, MT6983, MT8673, MT8676, MT8795T, MT8798
 
In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1871. 2024-12-02 6.7 CVE-2024-20133
MediaTek, Inc.–MT6835, MT6878, MT6879, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8755, MT8775, MT8796, MT8798
 
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09154589; Issue ID: MSV-1866. 2024-12-02 6.7 CVE-2024-20134
MediaTek, Inc.–MT6768, MT6781, MT6833, MT6853, MT6877, MT6878, MT6893, MT6897, MT6989, MT8775, MT8796, MT9687
 
In soundtrigger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09142526; Issue ID: MSV-1841. 2024-12-02 6.7 CVE-2024-20135
MediaTek, Inc.–MT2737, MT6781, MT6789, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8195, MT8370, MT8390, MT8673, MT8676, MT8678, MT8755, MT8775, MT8781, MT8795T, MT8796, MT8798, MT8893
 
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821. 2024-12-02 6.2 CVE-2024-20136
MediaTek, Inc.–MT2737, MT3605, MT6985, MT6989, MT6990, MT7925, MT7927, MT8518S, MT8532, MT8678
 
In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600. 2024-12-02 6.5 CVE-2024-20139
Qualcomm, Inc.–Snapdragon
 
Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. 2024-12-02 6.7 CVE-2024-33036
Qualcomm, Inc.–Snapdragon
 
Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. 2024-12-02 6.1 CVE-2024-33037
Qualcomm, Inc.–Snapdragon
 
Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service. 2024-12-02 6.7 CVE-2024-33039
Qualcomm, Inc.–Snapdragon
 
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access. 2024-12-02 6.7 CVE-2024-33040
Qualcomm, Inc.–Snapdragon
 
Memory corruption when multiple threads try to unregister the CVP buffer at the same time. 2024-12-02 6.7 CVE-2024-33053
IBM–Cognos Controller
 
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. 2024-12-03 6.5 CVE-2024-41776
HCL Software–Launch
 
HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. 2024-12-06 6.2 CVE-2024-42196
Ruijie–Reyee OS
 
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie’s services 2024-12-06 6.5 CVE-2024-42494
SonicWall–SMA100
 
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication. 2024-12-05 6.3 CVE-2024-45319
averta–Slider & Popup Builder by Depicter Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
 
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-06 6.4 CVE-2024-4633
IBM–QRadar SIEM
 
IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. 2024-12-07 6.4 CVE-2024-47107
Ruijie–Reyee OS
 
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. 2024-12-06 6.5 CVE-2024-47146
Samsung Mobile–GamingHub
 
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview. 2024-12-03 6.5 CVE-2024-49418
Palantir–com.palantir.gotham:external-artifacts
 
Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn’t have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users. The affected service have been patched and automatically deployed to all Apollo-managed Foundry instances. 2024-12-02 6.5 CVE-2024-49581
extendthemes–Colibri Page Builder
 
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin’s bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-04 6.4 CVE-2024-5020
n/a–n/a
 
A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. 2024-12-06 6.1 CVE-2024-50677
Ruijie–Reyee OS
 
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user’s session and cause a denial-of-service attack on a user’s account. 2024-12-06 6.5 CVE-2024-51727
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager
 
An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. 2024-12-03 6.4 CVE-2024-51772
Ben Marshall–Jobify – Job Board WordPress Theme
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ben Marshall Jobify – Job Board WordPress Theme allows Stored XSS.This issue affects Jobify – Job Board WordPress Theme: from n/a through 4.2.3. 2024-12-02 6.5 CVE-2024-52478
SolverWP–Elementor Portfolio Builder
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SolverWP Elementor Portfolio Builder allows DOM-Based XSS.This issue affects Elementor Portfolio Builder: from n/a through 1.0.0. 2024-12-02 6.5 CVE-2024-52486
WebCodingPlace–Ultimate Classified Listings
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebCodingPlace Ultimate Classified Listings allows Stored XSS.This issue affects Ultimate Classified Listings: from n/a through 1.4. 2024-12-02 6.5 CVE-2024-52487
Imbasynergy–ImbaChat
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Imbasynergy ImbaChat allows DOM-Based XSS.This issue affects ImbaChat: from n/a through 3.1.4. 2024-12-02 6.5 CVE-2024-52502
Tailored Web Services–Tailored Tools
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tailored Web Services Tailored Tools allows Stored XSS.This issue affects Tailored Tools: from n/a through 1.8.4. 2024-12-02 6.5 CVE-2024-52503
Lorex–2K Indoor Wi-Fi Security Camera
 
An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. 2024-12-03 6.5 CVE-2024-52545
Lorex–2K Indoor Wi-Fi Security Camera
 
An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. 2024-12-03 6.7 CVE-2024-52548
quic-go–quic-go
 
quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a “message too large” error on sendmsg, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet. By setting this value to smaller than 1200 bytes (the minimum MTU for QUIC), the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake, thereby circumventing any TCP fallback that might be implemented on the application layer (for example, many browsers fall back to HTTP over TCP if they’re unable to establish a QUIC connection). The attacker needs to at least know the client’s IP and port tuple to mount an attack. This vulnerability is fixed in 0.48.2. 2024-12-02 6.5 CVE-2024-53259
n/a–n/a
 
A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges. 2024-12-04 6.5 CVE-2024-53614
bdevs–Generic Elements
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bdevs Generic Elements allows DOM-Based XSS.This issue affects Generic Elements: from n/a through 1.2.3. 2024-12-02 6.5 CVE-2024-53709
Stachethemes–Advanced Event Manager
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stachethemes Advanced Event Manager allows Stored XSS.This issue affects Advanced Event Manager: from n/a through 1.1.6. 2024-12-02 6.5 CVE-2024-53721
Garrett Grimm–Simple Popup
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Garrett Grimm Simple Popup allows DOM-Based XSS.This issue affects Simple Popup: from n/a through 4.6. 2024-12-02 6.5 CVE-2024-53741
LOOS,Inc.–Arkhe Blocks
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.27.0. 2024-12-06 6.5 CVE-2024-53794
Themesflat–Themesflat Addons For Elementor
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.2. 2024-12-06 6.5 CVE-2024-53796
The Beaver Builder Team–Beaver Builder
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.4.3. 2024-12-06 6.5 CVE-2024-53797
BoldThemes–Bold Page Builder
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.2.1. 2024-12-06 6.5 CVE-2024-53801
FuturioWP–Futurio Extra
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.14. 2024-12-06 6.5 CVE-2024-53802
brandtoss–WP Mailster
 
Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. 2024-12-06 6.5 CVE-2024-53803
POSIMYTH–WDesignkit
 
Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through 1.0.40. 2024-12-06 6.6 CVE-2024-53811
WP Travel–WP Travel
 
Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0. 2024-12-06 6.5 CVE-2024-53813
Captivate Audio Ltd–Captivate Sync
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Captivate Audio Ltd Captivate Sync allows Stored XSS.This issue affects Captivate Sync: from n/a through 2.0.22. 2024-12-06 6.5 CVE-2024-53820
POSIMYTH–The Plus Addons for Elementor Page Builder Lite
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.14. 2024-12-06 6.5 CVE-2024-53823
CodexShaper–Advanced Element Bucket Addons for Elementor
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodexShaper Advanced Element Bucket Addons for Elementor allows Stored XSS.This issue affects Advanced Element Bucket Addons for Elementor: from n/a through 1.0.2. 2024-12-06 6.5 CVE-2024-54210
Noor alam–Magical Addons For Elementor
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.2.6. 2024-12-06 6.5 CVE-2024-54212
zionbuilder.io–WordPress Page Builder Zion Builder
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in zionbuilder.io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.12. 2024-12-06 6.5 CVE-2024-54213
n/a–n/a
 
app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format. 2024-12-04 6.1 CVE-2024-54674
n/a–n/a
 
app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow. 2024-12-04 6.1 CVE-2024-54675
owthub–Library Management System Manage e-Digital Books Library
 
The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value’ parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 2024-12-07 6.8 CVE-2024-8679
wpbits–WPBITS Addons For Elementor Page Builder
 
The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-12-04 6.4 CVE-2024-8962
bdthemes–Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows)
 
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-9058
CMSMasters–CMSMasters Elementor Addon
 
The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2024-12-03 6.4 CVE-2024-9694
Google–Android
 
In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of Bounds Read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 5.5 CVE-2018-9408
Google–Android
 
In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation. 2024-12-02 5.5 CVE-2018-9423
Google–Android
 
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. 2024-12-03 5.5 CVE-2018-9441
Google–Android
 
In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. 2024-12-03 5.5 CVE-2018-9449
IBM–Cognos Controller
 
IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. 2024-12-03 5.9 CVE-2021-29892
Pegasystems–Pega Infinity
 
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. 2024-12-05 5.9 CVE-2024-10716
OpenBSD–OpenBSD
 
In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any ‘/’ in readdir name validation to avoid unexpected directory traversal on untrusted file systems. 2024-12-05 5 CVE-2024-10933
pickplugins–Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins
 
The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status. 2024-12-05 5.3 CVE-2024-10937
SICK AG–SICK InspectorP61x
 
The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore vulnerable for a replay attack. 2024-12-06 5.6 CVE-2024-11022
burgthaleratsirconic–SG Helper
 
The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 2024-12-04 5.5 CVE-2024-11093
nimeshrmr–WP Private Content Plus
 
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. 2024-12-06 5.3 CVE-2024-11292
Hi e-learning–Learning Management System (LMS)
 
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS.This issue affects Learning Management System (LMS): before 06.12.2024. 2024-12-06 5.4 CVE-2024-11321
fatcatapps–AWeber Forms by Optin Cat
 
The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2024-12-03 5.2 CVE-2024-11325
Red Hat–Red Hat Trusted Artifact Signer
 
A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message. 2024-12-06 5.3 CVE-2024-11738
Drupal–Drupal Core
 
A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10. 2024-12-05 5.9 CVE-2024-11942
akirk–Friends
 
The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website, accept the friend request for the targeted website, and then communicate with the site as an accepted friend. 2024-12-06 5.3 CVE-2024-12028
OpenHarmony–OpenHarmony
 
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. 2024-12-03 5.5 CVE-2024-12082
Devolutions–Server
 
Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. 2024-12-04 5 CVE-2024-12151
code-projects–Hotel Management System
 
A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Administrator Login Password Handler. The manipulation of the argument Str2 leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. 2024-12-05 5.3 CVE-2024-12185
code-projects–Hotel Management System
 
A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argument admin_entry leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. 2024-12-05 5.3 CVE-2024-12186
MSI–Dragon Center
 
A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. Upgrading to version 2.0.148.0 is able to address this issue. It is recommended to upgrade the affected component. 2024-12-05 5.5 CVE-2024-12227
nshowketgmailcom–Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal
 
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ‘save_settings’, ‘export_csv’, and ‘simpleecommcart-action’ actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users). 2024-12-07 5.4 CVE-2024-12253
Cisco–Cisco NX-OS Software
 
A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software. 2024-12-04 5.2 CVE-2024-20397
IBM–Cognos Controller
 
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. 2024-12-03 5.5 CVE-2024-25019
IBM–Cognos Controller
 
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further attacks. 2024-12-03 5.5 CVE-2024-25020
IBM–Cognos Controller
 
IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks. 2024-12-03 5.3 CVE-2024-25035
HCL Software–Nomad server on Domino
 
The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address. 2024-12-06 5.3 CVE-2024-30129
IBM–Db2 for Linux, UNIX and Windows
 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. 2024-12-07 5.3 CVE-2024-37071
element-hq–synapse
 
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. Synapse 1.106 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector. 2024-12-03 5.3 CVE-2024-37303
tassos.gr–Convert Forms component for Joomla
 
Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8. 2024-12-04 5.4 CVE-2024-40745
IBM–Db2 for Linux, UNIX and Windows
 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. 2024-12-07 5.3 CVE-2024-41762
IBM–Cognos Controller
 
IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. 2024-12-03 5.9 CVE-2024-41775
Samsung Mobile–Samsung Mobile Devices
 
Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. 2024-12-03 5.9 CVE-2024-49410
Samsung Mobile–Samsung Mobile Devices
 
Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch. 2024-12-03 5.5 CVE-2024-49412
n/a–n/a
 
Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2024-12-04 5.3 CVE-2024-51210
Richard K Miller–What Would Seth Godin Do
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Richard K Miller What Would Seth Godin Do allows Stored XSS.This issue affects What Would Seth Godin Do: from n/a through 2.1.1. 2024-12-02 5.9 CVE-2024-51900
Udi Dollberg–Add Chat App Button
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Udi Dollberg Add Chat App Button allows Stored XSS.This issue affects Add Chat App Button: from n/a through 2.1.5. 2024-12-02 5.9 CVE-2024-52489
Sanil Shakya–Sticky Social Icons
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Sanil Shakya Sticky Social Icons allows Stored XSS.This issue affects Sticky Social Icons: from n/a through 1.2.1. 2024-12-02 5.9 CVE-2024-52491
Gopi Ramasamy–Image horizontal reel scroll slideshow
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gopi Ramasamy Image horizontal reel scroll slideshow allows Stored XSS.This issue affects Image horizontal reel scroll slideshow: from n/a through 13.4. 2024-12-02 5.9 CVE-2024-52492
Josh Leuze–Meteor Slides
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Josh Leuze Meteor Slides allows Stored XSS.This issue affects Meteor Slides: from n/a through 1.5.7. 2024-12-02 5.9 CVE-2024-52493
Matt Varone, Tim Berneman–Dynamic “To Top”
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matt Varone, Tim Berneman Dynamic “To Top” allows Stored XSS.This issue affects Dynamic “To Top”: from 3.5.2 through n/a. 2024-12-02 5.9 CVE-2024-52494
Lorex–2K Indoor Wi-Fi Security Camera
 
An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. 2024-12-03 5.3 CVE-2024-52546
Planet Technology–Planet WGS-804HPT
 
The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program. 2024-12-06 5.3 CVE-2024-52558
n/a–n/a
 
Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php. 2024-12-04 5.4 CVE-2024-52676
n/a–n/a
 
A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious SQL queries. 2024-12-02 5.4 CVE-2024-53364
n/a–n/a
 
Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter. 2024-12-02 5.4 CVE-2024-53459
n/a–n/a
 
An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal. 2024-12-02 5.5 CVE-2024-53566
SonicWall–SMA100
 
Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret. 2024-12-05 5.3 CVE-2024-53702
AutoQuiz–AI Quiz
 
Missing Authorization vulnerability in AutoQuiz AI Quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through 1.1. 2024-12-02 5.3 CVE-2024-53708
Abdul Hakeem–Build App Online
 
Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22. 2024-12-02 5.4 CVE-2024-53751
P. Roy–WP Revisions Manager
 
Cross-Site Request Forgery (CSRF) vulnerability in P. Roy WP Revisions Manager allows Cross Site Request Forgery.This issue affects WP Revisions Manager: from n/a through 1.0.2. 2024-12-02 5.4 CVE-2024-53761
Andy Moyle–Church Admin
 
Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8. 2024-12-06 5.3 CVE-2024-53795
WpMaspik–Maspik Spam blacklist
 
Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through 2.2.7. 2024-12-06 5.4 CVE-2024-53806
WPSight–WPCasa
 
Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13. 2024-12-06 5.3 CVE-2024-53826
erlang–otp
 
OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa). 2024-12-05 5.5 CVE-2024-53846
kanboard–kanboard
 
Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41. 2024-12-05 5.5 CVE-2024-54001
DependencyTrack–dependency-track
 
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes significantly longer than performing the same action with a username that is not known by the system. The observable difference in request duration can be leveraged by actors to enumerate valid names of managed users. LDAP and OpenID Connect users are not affected. The issue has been fixed in Dependency-Track 4.12.2. 2024-12-04 5.3 CVE-2024-54002
directus–directus
 
Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0. 2024-12-05 5.7 CVE-2024-54128
URBAN BASE–Z-Downloads
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in URBAN BASE Z-Downloads allows Stored XSS.This issue affects Z-Downloads: from n/a through 1.11.7. 2024-12-06 5.9 CVE-2024-54206
Owen Cutajar & Hyder Jaffari–WordPress Auction Plugin
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPress Auction Plugin: from n/a through 3.7. 2024-12-06 5.9 CVE-2024-54207
Visualmodo–Borderless
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Visualmodo Borderless allows Cross-Site Scripting (XSS).This issue affects Borderless: from n/a through 1.5.8. 2024-12-06 5.9 CVE-2024-54211
RestApp Inc.–Online Ordering System
 
Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: 8.2.1.  NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1. 2024-12-04 5.3 CVE-2024-7488
andreiigna–If Menu Visibility control for Menus
 
The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin’s license key due to a missing capability check on the ‘actions’ function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key. 2024-12-07 5.3 CVE-2024-7894
Moxa–VPort 07-3 Series
 
Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment. Because of insufficient input validation, this service may be manipulated to trigger a denial-of-service. This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent potential exploitation. 2024-12-04 5.3 CVE-2024-9404
rstheme2017–Ultimate Coming Soon & Maintenance
 
The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon / maintenance page. 2024-12-06 5.3 CVE-2024-9706
sasonikolov–Event Tickets with Ticket Scanner
 
The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorization on the functionality to manage tickets. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This missing authorization aspect of this was patched in 2.4.1, while the Cross-Site Scripting was fully patched in 2.4.4. 2024-12-06 5.4 CVE-2024-9866
vcita–Online Booking & Scheduling Calendar for WordPress by vcita
 
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_user_data_callback() function in all versions up to, and including, 4.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts and update settings. 2024-12-06 5.4 CVE-2024-9872
OpenHarmony–OpenHarmony
 
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read. 2024-12-03 5.5 CVE-2024-9978
Synology–Surveillance Station
 
Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors. 2024-12-04 4.3 CVE-2023-52943
Synology–Surveillance Station
 
Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors. 2024-12-04 4.3 CVE-2023-52944
NVIDIA–Base Command Manager
 
NVIDIA Base Command Manager and Bright Cluster Manager for Linux contain an insecure temporary file vulnerability. A successful exploit of this vulnerability might lead to denial of service. 2024-12-06 4.4 CVE-2024-0139
Unknown–3DPrint Lite
 
The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. 2024-12-06 4.3 CVE-2024-10480
Unknown–Sticky Social Icons
 
The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-12-06 4.8 CVE-2024-10551
smarettheme–Eleblog Elementor Blog And Magazine Addons
 
The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason. 2024-12-04 4.3 CVE-2024-10663
codesavory–Knowledge Base documentation & wiki plugin BasePress Docs
 
The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.16.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the database. 2024-12-04 4.3 CVE-2024-10664
webangon–XLTab Accordions and Tabs for Elementor Page Builder
 
The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the ‘XLTAB_INSERT_TPL’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. 2024-12-06 4.3 CVE-2024-10689
ideaboxcreations–PowerPack Elementor Addons (Free Widgets, Extensions and Templates)
 
The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. 2024-12-06 4.3 CVE-2024-10692
wpvibes–AnyWhere Elementor
 
The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the ‘INSERT_ELEMENTOR’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. 2024-12-05 4.3 CVE-2024-10777
choijun–LA-Studio Element Kit for Elementor
 
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the ‘elementor-template’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created by Elementor that they should not have access to. 2024-12-04 4.3 CVE-2024-10787
Unknown–WP Booking Calendar
 
The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-12-03 4.8 CVE-2024-10893
ecolosites–Simple Redirection
 
The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin’s settings and redirect all site visitors via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-05 4.3 CVE-2024-11341
clicksend–SMS for Lead Capture Forms
 
The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary messages. 2024-12-07 4.3 CVE-2024-11353
cluevo–CLUEVO LMS, E-Learning Platform
 
The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevo_render_module_ui() function. This makes it possible for unauthenticated attackers to delete modules via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-06 4.3 CVE-2024-11444
northernbeacheswebsites–IdeaPush
 
The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete terms for the “boards” taxonomy. 2024-12-03 4.3 CVE-2024-11844
ASUS–RT-AX55
 
An improper input validation vulnerability leads to device crashes in certain ASUS router models. Refer to the ’12/03/2024 ASUS Router Improper Input Validation’ section on the ASUS Security Advisory for more information. 2024-12-04 4.4 CVE-2024-11985
kofimokome–Message Filter for Contact Form 7
 
The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters. 2024-12-07 4.3 CVE-2024-12026
kofimokome–Message Filter for Contact Form 7
 
The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update and delete filters. 2024-12-06 4.3 CVE-2024-12027
nicheaddons–Charity Addon for Elementor
 
The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the ‘nacharity_elementor_template’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. 2024-12-03 4.3 CVE-2024-12062
getdollie–Dollie Hub Build Your Own WordPress Cloud Platform
 
The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the ‘elementor-template’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. 2024-12-04 4.3 CVE-2024-12099
jerryscg–Gold Addons for Elementor
 
The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate and deactivate licenses. 2024-12-06 4.3 CVE-2024-12110
ays-pro–Poll Maker Versus Polls, Anonymous Polls, Image Polls
 
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2024-12-07 4.3 CVE-2024-12115
Devolutions–Server
 
Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints. 2024-12-04 4.3 CVE-2024-12148
Mattermost–Mattermost
 
Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated. 2024-12-05 4.6 CVE-2024-12247
MediaTek, Inc.–MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798
 
In cmdq, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09057438; Issue ID: MSV-1696. 2024-12-02 4.4 CVE-2024-20116
IBM–Cognos Controller
 
IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields. 2024-12-03 4.3 CVE-2024-25036
Spring by VMware Tanzu–Spring Security
 
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly. 2024-12-02 4.8 CVE-2024-38827
IBM–Cognos Controller
 
IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction. 2024-12-03 4.3 CVE-2024-45676
Microsoft–Microsoft Edge (Chromium-based)
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability 2024-12-06 4.3 CVE-2024-49041
Samsung Mobile–Samsung Mobile Devices
 
Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. 2024-12-03 4.3 CVE-2024-49411
Samsung Mobile–SmartThings
 
Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information. 2024-12-03 4 CVE-2024-49416
Samsung Mobile–GamingHub
 
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview. 2024-12-03 4.3 CVE-2024-49419
Samsung Mobile–Quick Share Agent
 
Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location. 2024-12-03 4.3 CVE-2024-49421
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager
 
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user’s data and altering information within the user’s permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user’s session. 2024-12-03 4.8 CVE-2024-51773
Ben Marshall–Jobify – Job Board WordPress Theme
 
Cross-Site Request Forgery (CSRF) vulnerability in Ben Marshall Jobify – Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify – Job Board WordPress Theme: from n/a through 4.2.3. 2024-12-02 4.3 CVE-2024-52479
vitessio–vitess
 
Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered using text/template instead of rendering with a proper HTML templating engine. This vulnerability is fixed in 21.0.1, 20.0.4, and 19.0.8. 2024-12-03 4.9 CVE-2024-53257
n/a–n/a
 
A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload. 2024-12-02 4.8 CVE-2024-53617
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager
 
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system. 2024-12-03 4.7 CVE-2024-53672
Ahmet mamolu–Ahmeti Wp Gzel Szler
 
Cross-Site Request Forgery (CSRF) vulnerability in Ahmet İmamoğlu Ahmeti Wp Güzel Sözler allows Cross Site Request Forgery.This issue affects Ahmeti Wp Güzel Sözler: from n/a through 4.0. 2024-12-02 4.3 CVE-2024-53707
TannerRitchie Web Applications/DancePress–DancePress (TRWA)
 
Cross-Site Request Forgery (CSRF) vulnerability in TannerRitchie Web Applications/DancePress DancePress (TRWA) allows Cross Site Request Forgery.This issue affects DancePress (TRWA): from n/a through 3.1.11. 2024-12-02 4.3 CVE-2024-53775
E-goi–Smart Marketing SMS and Newsletters Forms
 
Missing Authorization vulnerability in E-goi Smart Marketing SMS and Newsletters Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Marketing SMS and Newsletters Forms: from n/a through 5.0.9. 2024-12-02 4.3 CVE-2024-53784
BAKKBONE Australia–FloristPress
 
Missing Authorization vulnerability in BAKKBONE Australia FloristPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FloristPress: from n/a through 7.3.0. 2024-12-06 4.3 CVE-2024-53799
Kiboko Labs–Namaste! LMS
 
Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste! LMS allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through 2.6.4.1. 2024-12-06 4.3 CVE-2024-53809
Ninja Team–Filebird
 
Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2. 2024-12-06 4.7 CVE-2024-53825
element-hq–synapse
 
Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1. 2024-12-03 4.3 CVE-2024-53867
nanopb–nanopb
 
Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB_DECODE_DELIMITED, then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1. 2024-12-02 4.3 CVE-2024-53984
JetBrains–YouTrack
 
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack 2024-12-04 4.2 CVE-2024-54156
JetBrains–YouTrack
 
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector 2024-12-04 4.3 CVE-2024-54157
n/a–n/a
 
CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. 2024-12-05 4.3 CVE-2024-54679
ServiceNow–Now Platform
 
ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance(s) as soon as possible. 2024-12-02 4.3 CVE-2024-5890
Zyxel–VMG3625-T50B firmware
 
A post-authentication buffer overflow vulnerability in the parameter “action” of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled. 2024-12-03 4.9 CVE-2024-9197
rstheme2017–Ultimate Coming Soon & Maintenance
 
The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘ucsm_update_template_name_lite’ function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the name of the plugin’s templates. 2024-12-06 4.3 CVE-2024-9705
totalsoft–Video Gallery YouTube Gallery and Vimeo Gallery
 
The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2024-12-06 4.4 CVE-2024-9769

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source Info
Hewlett Packard Enterprise–HPE IceWall
 
A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification. 2024-12-02 3.7 CVE-2024-11856
n/a–DedeCMS
 
A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-04 3.5 CVE-2024-12180
n/a–DedeCMS
 
A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 2024-12-04 3.5 CVE-2024-12181
n/a–DedeCMS
 
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 2024-12-04 3.5 CVE-2024-12182
n/a–DedeCMS
 
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 2024-12-04 3.5 CVE-2024-12183
code-projects–Simple CRUD Functionality
 
A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument newtitle/newdescr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 2024-12-05 3.5 CVE-2024-12232
VMware Tanzu–Spring LDAP
 
A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820 2024-12-04 3.7 CVE-2024-38829
HCL Software–DevOps Deploy / Launch
 
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. 2024-12-05 3.1 CVE-2024-42195
n/a–n/a
 
Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page. 2024-12-03 3.8 CVE-2024-53502
JetBrains–YouTrack
 
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter 2024-12-04 3.1 CVE-2024-54153
JetBrains–YouTrack
 
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication 2024-12-04 3.7 CVE-2024-54155
JetBrains–YouTrack
 
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding 2024-12-04 3.5 CVE-2024-54158
Canonical Ltd.–LXD
 
Mark Laing discovered that LXD’s PKI mode, until version 5.21.2, could be bypassed if the client’s certificate was present in the trust store. 2024-12-06 3.8 CVE-2024-6156
Canonical Ltd.–LXD
 
Mark Laing discovered in LXD’s PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. 2024-12-06 3.8 CVE-2024-6219
Samsung Mobile–Samsung Mobile Devices
 
Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. 2024-12-03 2.4 CVE-2024-49414
Samsung Mobile–Smart Touch Call
 
Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability. 2024-12-03 2 CVE-2024-49417
n/a–n/a
 
An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process. 2024-12-03 2.8 CVE-2024-53921

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source Info
Google–Android
 
In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. 2024-12-05 not yet calculated CVE-2018-9416
n/a–n/a
 
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets. 2024-12-05 not yet calculated CVE-2023-48010
n/a–n/a
 
Oxide control plane software before 5 allows SSRF. 2024-12-05 not yet calculated CVE-2023-50913
B&R Industrial Automation GmbH–B&R mapp Cockpit
 
An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions. B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project. 2024-12-02 not yet calculated CVE-2024-10490
Infinix Mobile–com.transsion.agingfunction
 
Infinix devices contain a pre-loaded “com.transsion.agingfunction” application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions.  After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices. 2024-12-04 not yet calculated CVE-2024-10576
Rockwell Automation–Arena
 
An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. 2024-12-05 not yet calculated CVE-2024-11156
Unknown–Simple Side Tab
 
The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2024-12-07 not yet calculated CVE-2024-11183
Issuetrak–Issuetrak
 
A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket. 2024-12-04 not yet calculated CVE-2024-11479
arcinfo–PcVue
 
The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit the attacker to bypass user privileges. 2024-12-04 not yet calculated CVE-2024-12056
Mogify Infotech–Tinxy
 
This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number. 2024-12-05 not yet calculated CVE-2024-12094
Issuetrak–Issuetrak
 
A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user.  When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy.  The ticket requester can be changed from the original requester to another user in the same application, which the application then accepts. 2024-12-04 not yet calculated CVE-2024-12123
Rockwell Automation–Arena
 
An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. 2024-12-05 not yet calculated CVE-2024-12130
Python Software Foundation–CPython
 
Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not “pause” writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the “high-water mark”. Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected. 2024-12-06 not yet calculated CVE-2024-12254
MediaTek, Inc.–MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8321, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8797, MT8798, MT8863T
 
In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2025. 2024-12-02 not yet calculated CVE-2024-20129
n/a–n/a
 
An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component. 2024-12-03 not yet calculated CVE-2024-29404
n/a–n/a
 
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function. 2024-12-02 not yet calculated CVE-2024-29645
n/a–n/a
 
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. 2024-12-05 not yet calculated CVE-2024-30961
n/a–n/a
 
Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process 2024-12-05 not yet calculated CVE-2024-30962
n/a–n/a
 
The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity. 2024-12-04 not yet calculated CVE-2024-37574
n/a–n/a
 
The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.default_dialer.DefaultDialerActivity component. 2024-12-04 not yet calculated CVE-2024-37575
n/a–n/a
 
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_rand ` . 2024-12-06 not yet calculated CVE-2024-38921
n/a–n/a
 
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose. 2024-12-06 not yet calculated CVE-2024-38922
n/a–n/a
 
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl odom_frame_id` . 2024-12-06 not yet calculated CVE-2024-38923
n/a–n/a
 
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl laser_model_type` . 2024-12-06 not yet calculated CVE-2024-38924
n/a–n/a
 
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_max` . 2024-12-06 not yet calculated CVE-2024-38925
n/a–n/a
 
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`. 2024-12-06 not yet calculated CVE-2024-38926
n/a–n/a
 
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl do_beamskip`. 2024-12-06 not yet calculated CVE-2024-38927
n/a–n/a
 
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints. 2024-12-04 not yet calculated CVE-2024-39163
n/a–n/a
 
An issue in Aginode GigaSwitch V5 before version 7.06G allows authenticated attackers with Administrator privileges to upload an earlier firmware version, exposing the device to previously patched vulnerabilities. 2024-12-04 not yet calculated CVE-2024-39219
Veeam–Backup & Replication
 
A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privileges by default. The user can update a job and schedule it to run almost immediately, allowing arbitrary code execution on the server. 2024-12-04 not yet calculated CVE-2024-40717
n/a–n/a
 
DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability 2024-12-05 not yet calculated CVE-2024-41579
n/a–n/a
 
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. 2024-12-06 not yet calculated CVE-2024-41644
n/a–n/a
 
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. 2024-12-06 not yet calculated CVE-2024-41645
n/a–n/a
 
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. 2024-12-06 not yet calculated CVE-2024-41646
n/a–n/a
 
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. 2024-12-06 not yet calculated CVE-2024-41647
n/a–n/a
 
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller. 2024-12-06 not yet calculated CVE-2024-41648
n/a–n/a
 
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. 2024-12-06 not yet calculated CVE-2024-41649
n/a–n/a
 
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. 2024-12-06 not yet calculated CVE-2024-41650
Veeam–Service Provider Console
 
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine. 2024-12-04 not yet calculated CVE-2024-42449
Veeam–Backup & Replication
 
A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker’s side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform. 2024-12-04 not yet calculated CVE-2024-42451
Veeam–Backup & Replication
 
A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, leading to full system compromise. 2024-12-04 not yet calculated CVE-2024-42452
Veeam–Backup & Replication
 
A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services. 2024-12-04 not yet calculated CVE-2024-42453
Veeam–Backup & Replication
 
A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process. 2024-12-04 not yet calculated CVE-2024-42455
Veeam–Backup & Replication
 
A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions. 2024-12-04 not yet calculated CVE-2024-42456
Veeam–Backup & Replication
 
A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext. 2024-12-04 not yet calculated CVE-2024-42457
n/a–n/a
 
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). 2024-12-06 not yet calculated CVE-2024-44852
n/a–n/a
 
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl(). 2024-12-06 not yet calculated CVE-2024-44853
n/a–n/a
 
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan(). 2024-12-06 not yet calculated CVE-2024-44854
n/a–n/a
 
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner(). 2024-12-06 not yet calculated CVE-2024-44855
n/a–n/a
 
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner(). 2024-12-06 not yet calculated CVE-2024-44856
Veeam–Backup & Replication
 
A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities. 2024-12-04 not yet calculated CVE-2024-45204
Ubiquiti–UniFi iOS App
 
An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App (Version 10.17.7 and earlier) Mitigation: UniFi iOS App (Version 10.18.0 or later). 2024-12-04 not yet calculated CVE-2024-45205
Veeam–Service Provider Console
 
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. 2024-12-04 not yet calculated CVE-2024-45206
Veeam–Agent for Windows
 
DLL injection in Veeam Agent for Windows can occur if the system’s PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services 2024-12-04 not yet calculated CVE-2024-45207
n/a–n/a
 
An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access. 2024-12-03 not yet calculated CVE-2024-45757
I-O DATA DEVICE, INC.–UD-LT1
 
Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained. 2024-12-05 not yet calculated CVE-2024-45841
n/a–n/a
 
An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file. 2024-12-03 not yet calculated CVE-2024-46625
I-O DATA DEVICE, INC.–UD-LT1
 
UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands. 2024-12-05 not yet calculated CVE-2024-47133
n/a–n/a
 
An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function 2024-12-04 not yet calculated CVE-2024-48453
n/a–n/a
 
PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter. 2024-12-06 not yet calculated CVE-2024-48703
QNAP Systems Inc.–QTS
 
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later 2024-12-06 not yet calculated CVE-2024-48859
QNAP Systems Inc.–License Center
 
A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9.43 and later 2024-12-06 not yet calculated CVE-2024-48863
QNAP Systems Inc.–QTS
 
An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later 2024-12-06 not yet calculated CVE-2024-48865
QNAP Systems Inc.–QTS
 
An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later 2024-12-06 not yet calculated CVE-2024-48866
QNAP Systems Inc.–QTS
 
An improper neutralization of CRLF sequences (‘CRLF Injection’) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later 2024-12-06 not yet calculated CVE-2024-48867
QNAP Systems Inc.–QTS
 
An improper neutralization of CRLF sequences (‘CRLF Injection’) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later 2024-12-06 not yet calculated CVE-2024-48868
PlexRipper–PlexRipper
 
PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s Plex login. This vulnerability is fixed in 0.24.0. 2024-12-02 not yet calculated CVE-2024-49763
Snap One–OVRC cloud
 
Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device. 2024-12-02 not yet calculated CVE-2024-50380
Snap One–OVRC cloud
 
A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a request to claim it. 2024-12-02 not yet calculated CVE-2024-50381
QNAP Systems Inc.–SMB Service
 
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later 2024-12-06 not yet calculated CVE-2024-50387
QNAP Systems Inc.–HBS 3 Hybrid Backup Sync
 
An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later 2024-12-06 not yet calculated CVE-2024-50388
QNAP Systems Inc.–QuRouter
 
A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later 2024-12-06 not yet calculated CVE-2024-50389
QNAP Systems Inc.–QTS
 
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later 2024-12-06 not yet calculated CVE-2024-50393
QNAP Systems Inc.–QTS
 
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later 2024-12-06 not yet calculated CVE-2024-50402
QNAP Systems Inc.–QTS
 
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.2.2.2952 build 20241116 and later 2024-12-06 not yet calculated CVE-2024-50403
QNAP Systems Inc.–Qsync Central
 
A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later 2024-12-06 not yet calculated CVE-2024-50404
n/a–n/a
 
Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code. 2024-12-03 not yet calculated CVE-2024-51363
DocuSign–DocuSign
 
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue affects DocuSign: through 2024-12-04. 2024-12-04 not yet calculated CVE-2024-52269
DropBox(HelloSign)–DropBox Sign
 
User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DropBox Sign(HelloSign): through 2024-12-04. 2024-12-05 not yet calculated CVE-2024-52270
Documenso–Documenso
 
User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects Documenso: through 1.8.0, >1.8.0 and Documenso SaaS (Hosted) as of 2024-12-05. 2024-12-05 not yet calculated CVE-2024-52271
Shenzhen Tenda Technology Co–Tenda AC6V2
 
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 2024-12-04 not yet calculated CVE-2024-52272
Shenzhen Tenda Technology Co–Tenda AC6V2
 
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 2024-12-04 not yet calculated CVE-2024-52273
Shenzhen Tenda Technology Co–Tenda AC6V2
 
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 2024-12-04 not yet calculated CVE-2024-52274
Shenzhen Tenda Technology Co–Tenda AC6V2
 
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50. 2024-12-04 not yet calculated CVE-2024-52275
DocuSign–DocuSign
 
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the “Print” option is used. 2. Displayed version does not show the layer flattened version, which is provided when the combined download option is used. 3. Displayed version does not show the layer flattened version, which is also the provided version when downloading the result in the uncombined option. Once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSign: through 2024-12-04. 2024-12-04 not yet calculated CVE-2024-52276
DocuSeal–DocuSeal
 
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSeal: through 1.8.1, >1.8.1. 2024-12-04 not yet calculated CVE-2024-52277
I-O DATA DEVICE, INC.–UD-LT1
 
Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. 2024-12-05 not yet calculated CVE-2024-52564
simplesamlphp–xml-common
 
SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it’s possible to induce an XXE. This vulnerability is fixed in 1.19.0. 2024-12-02 not yet calculated CVE-2024-52596
pillarjs–path-to-regexp
 
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296. 2024-12-05 not yet calculated CVE-2024-52798
element-hq–synapse
 
Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type. 2024-12-03 not yet calculated CVE-2024-52805
element-hq–synapse
 
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user’s /sync functionality. Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users. 2024-12-03 not yet calculated CVE-2024-52815
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL. 2024-12-02 not yet calculated CVE-2024-53103
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming. 2024-12-02 not yet calculated CVE-2024-53104
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() Syzbot reported a bad page state problem caused by a page being freed using free_page() still having a mlocked flag at free_pages_prepare() stage: BUG: Bad page state in process syz.5.504 pfn:61f45 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61f45 flags: 0xfff00000080204(referenced|workingset|mlocked|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000080204 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), pid 8443, tgid 8442 (syz.5.504), ts 201884660643, free_ts 201499827394 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x303f/0x3190 mm/page_alloc.c:3457 __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4733 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 kvm_coalesced_mmio_init+0x1f/0xf0 virt/kvm/coalesced_mmio.c:99 kvm_create_vm virt/kvm/kvm_main.c:1235 [inline] kvm_dev_ioctl_create_vm virt/kvm/kvm_main.c:5488 [inline] kvm_dev_ioctl+0x12dc/0x2240 virt/kvm/kvm_main.c:5530 __do_compat_sys_ioctl fs/ioctl.c:1007 [inline] __se_compat_sys_ioctl+0x510/0xc90 fs/ioctl.c:950 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411 entry_SYSENTER_compat_after_hwframe+0x84/0x8e page last free pid 8399 tgid 8399 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_folios+0xf12/0x18d0 mm/page_alloc.c:2686 folios_put_refs+0x76c/0x860 mm/swap.c:1007 free_pages_and_swap_cache+0x5c8/0x690 mm/swap_state.c:335 __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline] tlb_batch_pages_flush mm/mmu_gather.c:149 [inline] tlb_flush_mmu_free mm/mmu_gather.c:366 [inline] tlb_flush_mmu+0x3a3/0x680 mm/mmu_gather.c:373 tlb_finish_mmu+0xd4/0x200 mm/mmu_gather.c:465 exit_mmap+0x496/0xc40 mm/mmap.c:1926 __mmput+0x115/0x390 kernel/fork.c:1348 exit_mm+0x220/0x310 kernel/exit.c:571 do_exit+0x9b2/0x28e0 kernel/exit.c:926 do_group_exit+0x207/0x2c0 kernel/exit.c:1088 __do_sys_exit_group kernel/exit.c:1099 [inline] __se_sys_exit_group kernel/exit.c:1097 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097 x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 8442 Comm: syz.5.504 Not tainted 6.12.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0xed0/0xf20 mm/page_alloc.c:2638 kvm_destroy_vm virt/kvm/kvm_main.c:1327 [inline] kvm_put_kvm+0xc75/0x1350 virt/kvm/kvm_main.c:1386 kvm_vcpu_release+0x54/0x60 virt/kvm/kvm_main.c:4143 __fput+0x23f/0x880 fs/file_table.c:431 task_work_run+0x24f/0x310 kernel/task_work.c:239 exit_task_work include/linux/task_work.h:43 [inline] do_exit+0xa2f/0x28e0 kernel/exit.c:939 do_group_exit+0x207/0x2c0 kernel/exit.c:1088 __do_sys_exit_group kernel/exit.c:1099 [in —truncated— 2024-12-02 not yet calculated CVE-2024-53105
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in ima_eventdigest_init_common Function ima_eventdigest_init() calls ima_eventdigest_init_common() with HASH_ALGO__LAST which is then used to access the array hash_digest_size[] leading to buffer overrun. Have a conditional statement to handle this. 2024-12-02 not yet calculated CVE-2024-53106
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args() The “arg->vec_len” variable is a u64 that comes from the user at the start of the function. The “arg->vec_len * sizeof(struct page_region))” multiplication can lead to integer wrapping. Use size_mul() to avoid that. Also the size_add/mul() functions work on unsigned long so for 32bit systems we need to ensure that “arg->vec_len” fits in an unsigned long. 2024-12-02 not yet calculated CVE-2024-53107
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust VSDB parser for replay feature At some point, the IEEE ID identification for the replay check in the AMD EDID was added. However, this check causes the following out-of-bounds issues when using KASAN: [ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu] [ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383 … [ 27.821207] Memory state around the buggy address: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ================================================================== This is caused because the ID extraction happens outside of the range of the edid lenght. This commit addresses this issue by considering the amd_vsdb_block size. (cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8) 2024-12-02 not yet calculated CVE-2024-53108
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: nommu: pass NULL argument to vma_iter_prealloc() When deleting a vma entry from a maple tree, it has to pass NULL to vma_iter_prealloc() in order to calculate internal state of the tree, but it passed a wrong argument. As a result, nommu kernels crashed upon accessing a vma iterator, such as acct_collect() reading the size of vma entries after do_munmap(). This commit fixes this issue by passing a right argument to the preallocation call. 2024-12-02 not yet calculated CVE-2024-53109
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and visit undefined memory. 2024-12-02 not yet calculated CVE-2024-53110
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix address wraparound in move_page_tables() On 32-bit platforms, it is possible for the expression `len + old_addr < old_end` to be false-positive if `len + old_addr` wraps around. `old_addr` is the cursor in the old range up to which page table entries have been moved; so if the operation succeeded, `old_addr` is the *end* of the old region, and adding `len` to it can wrap. The overflow causes mremap() to mistakenly believe that PTEs have been copied; the consequence is that mremap() bails out, but doesn’t move the PTEs back before the new VMA is unmapped, causing anonymous pages in the region to be lost. So basically if userspace tries to mremap() a private-anon region and hits this bug, mremap() will return an error and the private-anon region’s contents appear to have been zeroed. The idea of this check is that `old_end – len` is the original start address, and writing the check that way also makes it easier to read; so fix the check by rearranging the comparison accordingly. (An alternate fix would be to refactor this function by introducing an “orig_old_start” variable or such.) Tested in a VM with a 32-bit X86 kernel; without the patch: “` user@horn:~/big_mremap$ cat test.c #define _GNU_SOURCE #include <stdlib.h> #include <stdio.h> #include <err.h> #include <sys/mman.h> #define ADDR1 ((void*)0x60000000) #define ADDR2 ((void*)0x10000000) #define SIZE 0x50000000uL int main(void) { unsigned char *p1 = mmap(ADDR1, SIZE, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0); if (p1 == MAP_FAILED) err(1, “mmap 1”); unsigned char *p2 = mmap(ADDR2, SIZE, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0); if (p2 == MAP_FAILED) err(1, “mmap 2”); *p1 = 0x41; printf(“first char is 0x%02hhxn”, *p1); unsigned char *p3 = mremap(p1, SIZE, SIZE, MREMAP_MAYMOVE|MREMAP_FIXED, p2); if (p3 == MAP_FAILED) { printf(“mremap() failed; first char is 0x%02hhxn”, *p1); } else { printf(“mremap() succeeded; first char is 0x%02hhxn”, *p3); } } user@horn:~/big_mremap$ gcc -static -o test test.c user@horn:~/big_mremap$ setarch -R ./test first char is 0x41 mremap() failed; first char is 0x00 “` With the patch: “` user@horn:~/big_mremap$ setarch -R ./test first char is 0x41 mremap() succeeded; first char is 0x41 “` 2024-12-02 not yet calculated CVE-2024-53111
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! … Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? __pfx_do_error_trap+0x10/0x10 ? handle_invalid_op+0x34/0x40 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160 ? ocfs2_set_new_buffer_uptodate+0x144/0x160 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ocfs2_group_add+0x39f/0x15a0 ? __pfx_ocfs2_group_add+0x10/0x10 ? __pfx_lock_acquire+0x10/0x10 ? mnt_get_write_access+0x68/0x2b0 ? __pfx_lock_release+0x10/0x10 ? rcu_read_lock_any_held+0xb7/0x160 ? __pfx_rcu_read_lock_any_held+0x10/0x10 ? smack_log+0x123/0x540 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x226/0x2b0 ocfs2_ioctl+0x65e/0x7d0 ? __pfx_ocfs2_ioctl+0x10/0x10 ? smack_file_ioctl+0x29e/0x3a0 ? __pfx_smack_file_ioctl+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? __pfx_ocfs2_ioctl+0x10/0x10 __se_sys_ioctl+0xfb/0x170 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f … </TASK> When ‘ioctl(OCFS2_IOC_GROUP_ADD, …)’ has failed for the particular inode in ‘ocfs2_verify_group_and_input()’, corresponding buffer head remains cached and subsequent call to the same ‘ioctl()’ for the same inode issues the BUG() in ‘ocfs2_set_new_buffer_uptodate()’ (trying to cache the same buffer head of that inode). Fix this by uncaching the buffer head with ‘ocfs2_remove_from_cache()’ on error path in ‘ocfs2_group_add()’. 2024-12-02 not yet calculated CVE-2024-53112
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is migrated between cpusets. When cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be &current->mems_allowed. when first_zones_zonelist() is called to find preferred_zoneref, the ac->nodemask may be modified concurrently if the task is migrated between different cpusets. Assuming we have 2 NUMA Node, when traversing Node1 in ac->zonelist, the nodemask is 2, and when traversing Node2 in ac->zonelist, the nodemask is 1. As a result, the ac->preferred_zoneref points to NULL zone. In alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a allowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading to NULL pointer dereference. __alloc_pages_noprof() fixes this issue by checking NULL pointer in commit ea57485af8f4 (“mm, page_alloc: fix check for NULL preferred_zone”) and commit df76cee6bbeb (“mm, page_alloc: remove redundant checks from alloc fastpath”). To fix it, check NULL pointer for preferred_zoneref->zone. 2024-12-02 not yet calculated CVE-2024-53113
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client A number of Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE, but using these instructions is reported to be a cause of a random host reboot. These instructions aren’t intended to be advertised on Zen4 client so clear the capability. 2024-12-02 not yet calculated CVE-2024-53114
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle The ‘vmw_user_object_buffer’ function may return NULL with incorrect inputs. To avoid possible null pointer dereference, add a check whether the ‘bo’ is NULL in the vmw_framebuffer_surface_create_handle. 2024-12-02 not yet calculated CVE-2024-53115
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnings. Panthor didn’t correctly handle the case where the partial mapping spanned multiple scatterlists and the mapping offset didn’t point to the 1st page of starting scatterlist. The offset variable was not cleared after reaching the starting scatterlist. Following warning messages were seen. WARNING: CPU: 1 PID: 650 at drivers/iommu/io-pgtable-arm.c:659 __arm_lpae_unmap+0x254/0x5a0 <snip> pc : __arm_lpae_unmap+0x254/0x5a0 lr : __arm_lpae_unmap+0x2cc/0x5a0 <snip> Call trace: __arm_lpae_unmap+0x254/0x5a0 __arm_lpae_unmap+0x108/0x5a0 __arm_lpae_unmap+0x108/0x5a0 __arm_lpae_unmap+0x108/0x5a0 arm_lpae_unmap_pages+0x80/0xa0 panthor_vm_unmap_pages+0xac/0x1c8 [panthor] panthor_gpuva_sm_step_unmap+0x4c/0xc8 [panthor] op_unmap_cb.isra.23.constprop.30+0x54/0x80 __drm_gpuvm_sm_unmap+0x184/0x1c8 drm_gpuvm_sm_unmap+0x40/0x60 panthor_vm_exec_op+0xa8/0x120 [panthor] panthor_vm_bind_exec_sync_op+0xc4/0xe8 [panthor] panthor_ioctl_vm_bind+0x10c/0x170 [panthor] drm_ioctl_kernel+0xbc/0x138 drm_ioctl+0x210/0x4b0 __arm64_sys_ioctl+0xb0/0xf8 invoke_syscall+0x4c/0x110 el0_svc_common.constprop.1+0x98/0xf8 do_el0_svc+0x24/0x38 el0_svc+0x34/0xc8 el0t_64_sync_handler+0xa0/0xc8 el0t_64_sync+0x174/0x178 <snip> panthor : [drm] drm_WARN_ON(unmapped_sz != pgsize * pgcount) WARNING: CPU: 1 PID: 650 at drivers/gpu/drm/panthor/panthor_mmu.c:922 panthor_vm_unmap_pages+0x124/0x1c8 [panthor] <snip> pc : panthor_vm_unmap_pages+0x124/0x1c8 [panthor] lr : panthor_vm_unmap_pages+0x124/0x1c8 [panthor] <snip> panthor : [drm] *ERROR* failed to unmap range ffffa388f000-ffffa3890000 (requested range ffffa388c000-ffffa3890000) 2024-12-02 not yet calculated CVE-2024-53116
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Improve MSG_ZEROCOPY error handling Add a missing kfree_skb() to prevent memory leaks. 2024-12-02 not yet calculated CVE-2024-53117
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix sk_error_queue memory leak Kernel queues MSG_ZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recv()ed. To prevent memory leaks, clean up the queue when the socket is destroyed. unreferenced object 0xffff8881028beb00 (size 224): comm “vsock_test”, pid 1218, jiffies 4294694897 hex dump (first 32 bytes): 90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff ..!…….!….. 00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff ……….!….. backtrace (crc 6c7031ca): [<ffffffff81418ef7>] kmem_cache_alloc_node_noprof+0x2f7/0x370 [<ffffffff81d35882>] __alloc_skb+0x132/0x180 [<ffffffff81d2d32b>] sock_omalloc+0x4b/0x80 [<ffffffff81d3a8ae>] msg_zerocopy_realloc+0x9e/0x240 [<ffffffff81fe5cb2>] virtio_transport_send_pkt_info+0x412/0x4c0 [<ffffffff81fe6183>] virtio_transport_stream_enqueue+0x43/0x50 [<ffffffff81fe0813>] vsock_connectible_sendmsg+0x373/0x450 [<ffffffff81d233d5>] ____sys_sendmsg+0x365/0x3a0 [<ffffffff81d246f4>] ___sys_sendmsg+0x84/0xd0 [<ffffffff81d26f47>] __sys_sendmsg+0x47/0x80 [<ffffffff820d3df3>] do_syscall_64+0x93/0x180 [<ffffffff8220012b>] entry_SYSCALL_64_after_hwframe+0x76/0x7e 2024-12-02 not yet calculated CVE-2024-53118
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix accept_queue memory leak As the final stages of socket destruction may be delayed, it is possible that virtio_transport_recv_listen() will be called after the accept_queue has been flushed, but before the SOCK_DONE flag has been set. As a result, sockets enqueued after the flush would remain unremoved, leading to a memory leak. vsock_release __vsock_release lock virtio_transport_release virtio_transport_close schedule_delayed_work(close_work) sk_shutdown = SHUTDOWN_MASK (!) flush accept_queue release virtio_transport_recv_pkt vsock_find_bound_socket lock if flag(SOCK_DONE) return virtio_transport_recv_listen child = vsock_create_connected (!) vsock_enqueue_accept(child) release close_work lock virtio_transport_do_close set_flag(SOCK_DONE) virtio_transport_remove_sock vsock_remove_sock vsock_remove_bound release Introduce a sk_shutdown check to disallow vsock_enqueue_accept() during socket destruction. unreferenced object 0xffff888109e3f800 (size 2040): comm “kworker/5:2”, pid 371, jiffies 4294940105 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………. 28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@………… backtrace (crc 9e5f4e84): [<ffffffff81418ff1>] kmem_cache_alloc_noprof+0x2c1/0x360 [<ffffffff81d27aa0>] sk_prot_alloc+0x30/0x120 [<ffffffff81d2b54c>] sk_alloc+0x2c/0x4b0 [<ffffffff81fe049a>] __vsock_create.constprop.0+0x2a/0x310 [<ffffffff81fe6d6c>] virtio_transport_recv_pkt+0x4dc/0x9a0 [<ffffffff81fe745d>] vsock_loopback_work+0xfd/0x140 [<ffffffff810fc6ac>] process_one_work+0x20c/0x570 [<ffffffff810fce3f>] worker_thread+0x1bf/0x3a0 [<ffffffff811070dd>] kthread+0xdd/0x110 [<ffffffff81044fdd>] ret_from_fork+0x2d/0x50 [<ffffffff8100785a>] ret_from_fork_asm+0x1a/0x30 2024-12-02 not yet calculated CVE-2024-53119
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninitiated. Fix it to use attr which has the needed pointer value. Kernel log: BUG: kernel NULL pointer dereference, address: 0000000000000110 RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] … Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x150/0x3e0 ? exc_page_fault+0x74/0x140 ? asm_exc_page_fault+0x22/0x30 ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core] mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core] ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] flow_offload_work_handler+0x142/0x320 [nf_flow_table] ? finish_task_switch.isra.0+0x15b/0x2b0 process_one_work+0x16c/0x320 worker_thread+0x28c/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xb8/0xf0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> 2024-12-02 not yet calculated CVE-2024-53120
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: – Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and unlock the FTE. – Lock the parent flow group, delete the software copy of the FTE, and remove it from the xarray. However, this approach encounters a race condition if a rule with the same match value is added simultaneously. In this scenario, fs_core may set the hardware deletion function to NULL prematurely, causing a panic during subsequent rule deletions. To prevent this, ensure the active flag of the FTE is checked under a lock, which will prevent the fs_core layer from attaching a new steering rule to an FTE that is in the process of deletion. [ 438.967589] MOSHE: 2496 mlx5_del_flow_rules del_hw_func [ 438.968205] ————[ cut here ]———— [ 438.968654] refcount_t: decrement hit 0; leaking memory. [ 438.969249] WARNING: CPU: 0 PID: 8957 at lib/refcount.c:31 refcount_warn_saturate+0xfb/0x110 [ 438.970054] Modules linked in: act_mirred cls_flower act_gact sch_ingress openvswitch nsh mlx5_vdpa vringh vhost_iotlb vdpa mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core zram zsmalloc fuse [last unloaded: cls_flower] [ 438.973288] CPU: 0 UID: 0 PID: 8957 Comm: tc Not tainted 6.12.0-rc1+ #8 [ 438.973888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 438.974874] RIP: 0010:refcount_warn_saturate+0xfb/0x110 [ 438.975363] Code: 40 66 3b 82 c6 05 16 e9 4d 01 01 e8 1f 7c a0 ff 0f 0b c3 cc cc cc cc 48 c7 c7 10 66 3b 82 c6 05 fd e8 4d 01 01 e8 05 7c a0 ff <0f> 0b c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 [ 438.976947] RSP: 0018:ffff888124a53610 EFLAGS: 00010286 [ 438.977446] RAX: 0000000000000000 RBX: ffff888119d56de0 RCX: 0000000000000000 [ 438.978090] RDX: ffff88852c828700 RSI: ffff88852c81b3c0 RDI: ffff88852c81b3c0 [ 438.978721] RBP: ffff888120fa0e88 R08: 0000000000000000 R09: ffff888124a534b0 [ 438.979353] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888119d56de0 [ 438.979979] R13: ffff888120fa0ec0 R14: ffff888120fa0ee8 R15: ffff888119d56de0 [ 438.980607] FS: 00007fe6dcc0f800(0000) GS:ffff88852c800000(0000) knlGS:0000000000000000 [ 438.983984] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 438.984544] CR2: 00000000004275e0 CR3: 0000000186982001 CR4: 0000000000372eb0 [ 438.985205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 438.985842] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 438.986507] Call Trace: [ 438.986799] <TASK> [ 438.987070] ? __warn+0x7d/0x110 [ 438.987426] ? refcount_warn_saturate+0xfb/0x110 [ 438.987877] ? report_bug+0x17d/0x190 [ 438.988261] ? prb_read_valid+0x17/0x20 [ 438.988659] ? handle_bug+0x53/0x90 [ 438.989054] ? exc_invalid_op+0x14/0x70 [ 438.989458] ? asm_exc_invalid_op+0x16/0x20 [ 438.989883] ? refcount_warn_saturate+0xfb/0x110 [ 438.990348] mlx5_del_flow_rules+0x2f7/0x340 [mlx5_core] [ 438.990932] __mlx5_eswitch_del_rule+0x49/0x170 [mlx5_core] [ 438.991519] ? mlx5_lag_is_sriov+0x3c/0x50 [mlx5_core] [ 438.992054] ? xas_load+0x9/0xb0 [ 438.992407] mlx5e_tc_rule_unoffload+0x45/0xe0 [mlx5_core] [ 438.993037] mlx5e_tc_del_fdb_flow+0x2a6/0x2e0 [mlx5_core] [ 438.993623] mlx5e_flow_put+0x29/0x60 [mlx5_core] [ 438.994161] mlx5e_delete_flower+0x261/0x390 [mlx5_core] [ 438.994728] tc_setup_cb_destroy+0xb9/0x190 [ 438.995150] fl_hw_destroy_filter+0x94/0xc0 [cls_flower] [ 438.995650] fl_change+0x11a4/0x13c0 [cls_flower] [ 438.996105] tc_new_tfilter+0x347/0xbc0 [ 438.996503] ? __ —truncated— 2024-12-02 not yet calculated CVE-2024-53121
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows – i.e. created by the in kernel path manager – are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that the subflow is in a suitable state before invoking tcp_cleanup_rbuf(). 2024-12-02 not yet calculated CVE-2024-53122
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero splat in the MPTCP protocol: Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted 6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163 Code: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8 0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 <f7> 7c 24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89 RSP: 0018:ffffc900041f7930 EFLAGS: 00010293 RAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b RDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004 RBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67 R10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80 R13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000 FS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493 mptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline] mptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289 inet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885 sock_recvmsg_nosec net/socket.c:1051 [inline] sock_recvmsg+0x1b2/0x250 net/socket.c:1073 __sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265 __do_sys_recvfrom net/socket.c:2283 [inline] __se_sys_recvfrom net/socket.c:2279 [inline] __x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7feb5d857559 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d RAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559 RDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000 R10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c R13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef and provided a nice reproducer. The root cause is the current bad handling of racing disconnect. After the blamed commit below, sk_wait_data() can return (with error) with the underlying socket disconnected and a zero rcv_mss. Catch the error and return without performing any additional operations on the current socket. 2024-12-02 not yet calculated CVE-2024-53123
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning: ————[ cut here ]———— WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:inet_sock_destruct+0x1c5/0x1e0 Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 <0f> 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00 RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206 RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007 RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00 RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007 R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00 R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __warn+0x88/0x130 ? inet_sock_destruct+0x1c5/0x1e0 ? report_bug+0x18e/0x1a0 ? handle_bug+0x53/0x90 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? inet_sock_destruct+0x1c5/0x1e0 __sk_destruct+0x2a/0x200 rcu_do_batch+0x1aa/0x530 ? rcu_do_batch+0x13b/0x530 rcu_core+0x159/0x2f0 handle_softirqs+0xd3/0x2b0 ? __pfx_smpboot_thread_fn+0x10/0x10 run_ksoftirqd+0x25/0x30 smpboot_thread_fn+0xdd/0x1d0 kthread+0xd3/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> —[ end trace 0000000000000000 ]— Its possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add() concurrently when sk->sk_state == TCP_LISTEN with sk->sk_lock unlocked, which triggers a data-race around sk->sk_forward_alloc: tcp_v6_rcv tcp_v6_do_rcv skb_clone_and_charge_r sk_rmem_schedule __sk_mem_schedule sk_forward_alloc_add() skb_set_owner_r sk_mem_charge sk_forward_alloc_add() __kfree_skb skb_release_all skb_release_head_state sock_rfree sk_mem_uncharge sk_forward_alloc_add() sk_mem_reclaim // set local var reclaimable __sk_mem_reclaim sk_forward_alloc_add() In this syzkaller testcase, two threads call tcp_v6_do_rcv() with skb->truesize=768, the sk_forward_alloc changes like this: (cpu 1) | (cpu 2) | sk_forward_alloc … | … | 0 __sk_mem_schedule() | | +4096 = 4096 | __sk_mem_schedule() | +4096 = 8192 sk_mem_charge() | | -768 = 7424 | sk_mem_charge() | -768 = 6656 … | … | sk_mem_uncharge() | | +768 = 7424 reclaimable=7424 | | | sk_mem_uncharge() | +768 = 8192 | reclaimable=8192 | __sk_mem_reclaim() | | -4096 = 4096 | __sk_mem_reclaim() | -8192 = -4096 != 0 The skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when sk->sk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock(). Fix the same issue in dccp_v6_do_rcv(). 2024-12-02 not yet calculated CVE-2024-53124
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: bpf: sync_linked_regs() must preserve subreg_def Range propagation must not affect subreg_def marks, otherwise the following example is rewritten by verifier incorrectly when BPF_F_TEST_RND_HI32 flag is set: 0: call bpf_ktime_get_ns call bpf_ktime_get_ns 1: r0 &= 0x7fffffff after verifier r0 &= 0x7fffffff 2: w1 = w0 rewrites w1 = w0 3: if w0 < 10 goto +0 ————–> r11 = 0x2f5674a6 (r) 4: r1 >>= 32 r11 <<= 32 (r) 5: r0 = r1 r1 |= r11 (r) 6: exit; if w0 < 0xa goto pc+0 r1 >>= 32 r0 = r1 exit (or zero extension of w1 at (2) is missing for architectures that require zero extension for upper register half). The following happens w/o this patch: – r0 is marked as not a subreg at (0); – w1 is marked as subreg at (2); – w1 subreg_def is overridden at (3) by copy_register_state(); – w1 is read at (5) but mark_insn_zext() does not mark (2) for zero extension, because w1 subreg_def is not set; – because of BPF_F_TEST_RND_HI32 flag verifier inserts random value for hi32 bits of (2) (marked (r)); – this random value is read at (5). 2024-12-04 not yet calculated CVE-2024-53125
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: vdpa: solidrun: Fix UB bug with devres In psnet_open_pf_bar() and snet_open_vf_bar() a string later passed to pcim_iomap_regions() is placed on the stack. Neither pcim_iomap_regions() nor the functions it calls copy that string. Should the string later ever be used, this, consequently, causes undefined behavior since the stack frame will by then have disappeared. Fix the bug by allocating the strings on the heap through devm_kasprintf(). 2024-12-04 not yet calculated CVE-2024-53126
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: Revert “mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K” The commit 8396c793ffdf (“mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K”) increased the max_req_size, even for 4K pages, causing various issues: – Panic booting the kernel/rootfs from an SD card on Rockchip RK3566 – Panic booting the kernel/rootfs from an SD card on StarFive JH7100 – “swiotlb buffer is full” and data corruption on StarFive JH7110 At this stage no fix have been found, so it’s probably better to just revert the change. This reverts commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890. 2024-12-04 not yet calculated CVE-2024-53127
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers When CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, the object_is_on_stack() function may produce incorrect results due to the presence of tags in the obj pointer, while the stack pointer does not have tags. This discrepancy can lead to incorrect stack object detection and subsequently trigger warnings if CONFIG_DEBUG_OBJECTS is also enabled. Example of the warning: ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated. ————[ cut here ]———— WARNING: CPU: 0 PID: 1 at lib/debugobjects.c:557 __debug_object_init+0x330/0x364 Modules linked in: CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc5 #4 Hardware name: linux,dummy-virt (DT) pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=–) pc : __debug_object_init+0x330/0x364 lr : __debug_object_init+0x330/0x364 sp : ffff800082ea7b40 x29: ffff800082ea7b40 x28: 98ff0000c0164518 x27: 98ff0000c0164534 x26: ffff800082d93ec8 x25: 0000000000000001 x24: 1cff0000c00172a0 x23: 0000000000000000 x22: ffff800082d93ed0 x21: ffff800081a24418 x20: 3eff800082ea7bb0 x19: efff800000000000 x18: 0000000000000000 x17: 00000000000000ff x16: 0000000000000047 x15: 206b63617473206e x14: 0000000000000018 x13: ffff800082ea7780 x12: 0ffff800082ea78e x11: 0ffff800082ea790 x10: 0ffff800082ea79d x9 : 34d77febe173e800 x8 : 34d77febe173e800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : feff800082ea74b8 x4 : ffff800082870a90 x3 : ffff80008018d3c4 x2 : 0000000000000001 x1 : ffff800082858810 x0 : 0000000000000050 Call trace: __debug_object_init+0x330/0x364 debug_object_init_on_stack+0x30/0x3c schedule_hrtimeout_range_clock+0xac/0x26c schedule_hrtimeout+0x1c/0x30 wait_task_inactive+0x1d4/0x25c kthread_bind_mask+0x28/0x98 init_rescuer+0x1e8/0x280 workqueue_init+0x1a0/0x3cc kernel_init_freeable+0x118/0x200 kernel_init+0x28/0x1f0 ret_from_fork+0x10/0x20 —[ end trace 0000000000000000 ]— ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated. ————[ cut here ]———— 2024-12-04 not yet calculated CVE-2024-53128
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The ‘state’ can’t be NULL, we should check crtc_state. Fix warning: drivers/gpu/drm/rockchip/rockchip_drm_vop.c:1096 vop_plane_atomic_async_check() warn: variable dereferenced before check ‘state’ (see line 1077) 2024-12-04 not yet calculated CVE-2024-53129
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint When using the “block:block_dirty_buffer” tracepoint, mark_buffer_dirty() may cause a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because, since the tracepoint was added in mark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, nilfs_grab_buffer(), which grabs a buffer to read (or create) a block of metadata, including b-tree node blocks, does not set the block device, but instead does so only if the buffer is not in the “uptodate” state for each of its caller block reading functions. However, if the uptodate flag is set on a folio/page, and the buffer heads are detached from it by try_to_free_buffers(), and new buffer heads are then attached by create_empty_buffers(), the uptodate flag may be restored to each buffer without the block device being set to bh->b_bdev, and mark_buffer_dirty() may be called later in that state, resulting in the bug mentioned above. Fix this issue by making nilfs_grab_buffer() always set the block device of the super block structure to the buffer head, regardless of the state of the buffer’s uptodate flag. 2024-12-04 not yet calculated CVE-2024-53130
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Patch series “nilfs2: fix null-ptr-deref bugs on block tracepoints”. This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints. This patch (of 2): It has been reported that when using “block:block_touch_buffer” tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because since the tracepoint was added in touch_buffer(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, the block_device structure is set after the function returns to the caller. Here, touch_buffer() is used to mark the folio/page that owns the buffer head as accessed, but the common search helper for folio/page used by the caller function was optimized to mark the folio/page as accessed when it was reimplemented a long time ago, eliminating the need to call touch_buffer() here in the first place. So this solves the issue by eliminating the touch_buffer() call itself. 2024-12-04 not yet calculated CVE-2024-53131
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix “Missing outer runtime PM protection” warning Fix the following drm_WARN: [953.586396] xe 0000:00:02.0: [drm] Missing outer runtime PM protection … <4> [953.587090] ? xe_pm_runtime_get_noresume+0x8d/0xa0 [xe] <4> [953.587208] guc_exec_queue_add_msg+0x28/0x130 [xe] <4> [953.587319] guc_exec_queue_fini+0x3a/0x40 [xe] <4> [953.587425] xe_exec_queue_destroy+0xb3/0xf0 [xe] <4> [953.587515] xe_oa_release+0x9c/0xc0 [xe] (cherry picked from commit b107c63d2953907908fd0cafb0e543b3c3167b75) 2024-12-04 not yet calculated CVE-2024-53132
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle dml allocation failure to avoid crash [Why] In the case where a dml allocation fails for any reason, the current state’s dml contexts would no longer be valid. Then subsequent calls dc_state_copy_internal would shallow copy invalid memory and if the new state was released, a double free would occur. [How] Reset dml pointers in new_state to NULL and avoid invalid pointer (cherry picked from commit bcafdc61529a48f6f06355d78eb41b3aeda5296c) 2024-12-04 not yet calculated CVE-2024-53133
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx93-blk-ctrl: correct remove path The check condition should be ‘i < bc->onecell_data.num_domains’, not ‘bc->onecell_data.num_domains’ which will make the look never finish and cause kernel panic. Also disable runtime to address “imx93-blk-ctrl 4ac10000.system-controller: Unbalanced pm_runtime_enable!” 2024-12-04 not yet calculated CVE-2024-53134
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM’s pt_mode module param behind CONFIG_BROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad bugs in the implementation, some of which are fatal to the guest, and others which put the stability and health of the host at risk. For guest fatalities, the most glaring issue is that KVM fails to ensure tracing is disabled, and *stays* disabled prior to VM-Enter, which is necessary as hardware disallows loading (the guest’s) RTIT_CTL if tracing is enabled (enforced via a VMX consistency check). Per the SDM: If the logical processor is operating with Intel PT enabled (if IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the “load IA32_RTIT_CTL” VM-entry control must be 0. On the host side, KVM doesn’t validate the guest CPUID configuration provided by userspace, and even worse, uses the guest configuration to decide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring guest CPUID to enumerate more address ranges than are supported in hardware will result in KVM trying to passthrough, save, and load non-existent MSRs, which generates a variety of WARNs, ToPA ERRORs in the host, a potential deadlock, etc. 2024-12-04 not yet calculated CVE-2024-53135
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: mm: revert “mm: shmem: fix data-race in shmem_getattr()” Revert d949d1d14fa2 (“mm: shmem: fix data-race in shmem_getattr()”) as suggested by Chuck [1]. It is causing deadlocks when accessing tmpfs over NFS. As Hugh commented, “added just to silence a syzbot sanitizer splat: added where there has never been any practical problem”. 2024-12-04 not yet calculated CVE-2024-53136
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: ARM: fix cacheflush with PAN It seems that the cacheflush syscall got broken when PAN for LPAE was implemented. User access was not enabled around the cache maintenance instructions, causing them to fault. 2024-12-04 not yet calculated CVE-2024-53137
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of get_page() and page_ref_inc() APIs to increment the page reference. But on the release path (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used. This is an issue when using pages from large folios: the get_page() references are stored on the folio page while the page_ref_inc() references are stored directly in the given page. On release the folio page will be dereferenced too many times. This was found while doing kTLS testing with sendfile() + ZC when the served file was read from NFS on a kernel with NFS large folios support (commit 49b29a573da8 (“nfs: add support for large folios”)). 2024-12-04 not yet calculated CVE-2024-53138
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctp_v6_available() A lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints that sctp_v6_available() is calling dev_get_by_index_rcu() and ipv6_chk_addr() without holding rcu. [1] ============================= WARNING: suspicious RCU usage 6.12.0-rc5-virtme #1216 Tainted: G W —————————– net/core/dev.c:876 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by sctp_hello/31495: #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp stack backtrace: CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216 Tainted: [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:123) lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822) dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7)) sctp_v6_available (net/sctp/ipv6.c:701) sctp sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp sctp_bind (net/sctp/socket.c:320) sctp inet6_bind_sk (net/ipv6/af_inet6.c:465) ? security_socket_bind (security/security.c:4581 (discriminator 1)) __sys_bind (net/socket.c:1848 net/socket.c:1869) ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13)) __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1)) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) RIP: 0033:0x7f59b934a1e7 Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48 All code ======== 0: 44 00 00 add %r8b,(%rax) 3: 48 8b 15 39 8c 0c 00 mov 0xc8c39(%rip),%rdx # 0xc8c43 a: f7 d8 neg %eax c: 64 89 02 mov %eax,%fs:(%rdx) f: b8 ff ff ff ff mov $0xffffffff,%eax 14: eb bd jmp 0xffffffffffffffd3 16: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 1d: 00 00 00 20: 0f 1f 00 nopl (%rax) 23: b8 31 00 00 00 mov $0x31,%eax 28: 0f 05 syscall 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <– trapping instruction 30: 73 01 jae 0x33 32: c3 ret 33: 48 8b 0d 09 8c 0c 00 mov 0xc8c09(%rip),%rcx # 0xc8c43 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax 6: 73 01 jae 0x9 8: c3 ret 9: 48 8b 0d 09 8c 0c 00 mov 0xc8c09(%rip),%rcx # 0xc8c19 10: f7 d8 neg %eax 12: 64 89 01 mov %eax,%fs:(%rcx) 15: 48 rex.W RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7 RDX: 000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005 RBP: 0000000000000005 R08: 1999999999999999 R09: 0000000000000000 R10: 00007f59b9253298 R11: 000000000000 —truncated— 2024-12-04 not yet calculated CVE-2024-53139
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: – start – (optional) kicks off the dumping process – dump – actual dump helper, keeps getting called until it returns 0 – done – (optional) pairs with .start, can be used for cleanup The whole process is asynchronous and the repeated calls to .dump don’t actually happen in a tight loop, but rather are triggered in response to recvmsg() on the socket. This gives the user full control over the dump, but also means that the user can close the socket without getting to the end of the dump. To make sure .start is always paired with .done we check if there is an ongoing dump before freeing the socket, and if so call .done. The complication is that sockets can get freed from BH and .done is allowed to sleep. So we use a workqueue to defer the call, when needed. Unfortunately this does not work correctly. What we defer is not the cleanup but rather releasing a reference on the socket. We have no guarantee that we own the last reference, if someone else holds the socket they may release it in BH and we’re back to square one. The whole dance, however, appears to be unnecessary. Only the user can interact with dumps, so we can clean up when socket is closed. And close always happens in process context. Some async code may still access the socket after close, queue notification skbs to it etc. but no dumps can start, end or otherwise make progress. Delete the workqueue and flush the dump state directly from the release handler. Note that further cleanup is possible in -next, for instance we now always call .done before releasing the main module reference, so dump doesn’t have to take a reference of its own. 2024-12-04 not yet calculated CVE-2024-53140
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks. 2024-12-06 not yet calculated CVE-2024-53141
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + “” + ALGN(4) + data … 55 ============= ================== ========================= 56 Field name Field size Meaning 57 ============= ================== ========================= … 70 c_namesize 8 bytes Length of filename, including final When extracting an initramfs cpio archive, the kernel’s do_name() path handler assumes a zero-terminated path at @collected, passing it directly to filp_open() / init_mkdir() / init_mknod(). If a specially crafted cpio entry carries a non-zero-terminated filename and is followed by uninitialized memory, then a file may be created with trailing characters that represent the uninitialized memory. The ability to create an initramfs entry would imply already having full control of the system, so the buffer overrun shouldn’t be considered a security vulnerability. Append the output of the following bash script to an existing initramfs and observe any created /initramfs_test_fname_overrunAA* path. E.g. ./reproducer.sh | gzip >> /myinitramfs It’s easiest to observe non-zero uninitialized memory when the output is gzipped, as it’ll overflow the heap allocated @out_buf in __gunzip(), rather than the initrd_start+initrd_size block. —- reproducer.sh —- nilchar=”A” # change to “” to properly zero terminate / pad magic=”070701″ ino=1 mode=$(( 0100777 )) uid=0 gid=0 nlink=1 mtime=1 filesize=0 devmajor=0 devminor=1 rdevmajor=0 rdevminor=0 csum=0 fname=”initramfs_test_fname_overrun” namelen=$(( ${#fname} + 1 )) # plus one to account for terminator printf “%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s” $magic $ino $mode $uid $gid $nlink $mtime $filesize $devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname termpadlen=$(( 1 + ((4 – ((110 + $namelen) & 3)) % 4) )) printf “%.s${nilchar}” $(seq 1 $termpadlen) —- reproducer.sh —- Symlink filename fields handled in do_symlink() won’t overrun past the data segment, due to the explicit zero-termination of the symlink target. Fix filename buffer overrun by aborting the initramfs FSM if any cpio entry doesn’t carry a zero-terminator at the expected (name_len – 1) offset. 2024-12-06 not yet calculated CVE-2024-53142
Linux–Linux
 
In the Linux kernel, the following vulnerability has been resolved: fsnotify: Fix ordering of iput() and watched_objects decrement Ensure the superblock is kept alive until we’re done with iput(). Holding a reference to an inode is not allowed unless we ensure the superblock stays alive, which fsnotify does by keeping the watched_objects count elevated, so iput() must happen before the watched_objects decrement. This can lead to a UAF of something like sb->s_fs_info in tmpfs, but the UAF is hard to hit because race orderings that oops are more likely, thanks to the CHECK_DATA_CORRUPTION() block in generic_shutdown_super(). Also, ensure that fsnotify_put_sb_watched_objects() doesn’t call fsnotify_sb_watched_objects() on a superblock that may have already been freed, which would cause a UAF read of sb->s_fsnotify_info. 2024-12-07 not yet calculated CVE-2024-53143
n/a–n/a
 
whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. 2024-12-05 not yet calculated CVE-2024-53442
n/a–n/a
 
A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter. 2024-12-05 not yet calculated CVE-2024-53457
n/a–n/a
 
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/gateway_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter. 2024-12-05 not yet calculated CVE-2024-53470
n/a–n/a
 
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/meio_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter. 2024-12-05 not yet calculated CVE-2024-53471
n/a–n/a
 
WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (CSRF). 2024-12-05 not yet calculated CVE-2024-53472
n/a–n/a
 
WeGIA 3.2.0 before 3998672 does not verify permission to change a password. 2024-12-07 not yet calculated CVE-2024-53473
n/a–n/a
 
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java 2024-12-02 not yet calculated CVE-2024-53477
n/a–n/a
 
Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java. 2024-12-05 not yet calculated CVE-2024-53490
n/a–n/a
 
JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function. 2024-12-05 not yet calculated CVE-2024-53523
n/a–n/a
 
GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library’s handling of tekhex format files. 2024-12-05 not yet calculated CVE-2024-53589
QNAP Systems Inc.–QTS
 
A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later 2024-12-06 not yet calculated CVE-2024-53691
argoproj–argo-workflows
 
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using `–auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: `/api/v1/workflows/{namespace}/{name}` or when using `–auth-mode=sso`, all Archived Workflows can be retrieved with a valid token via the GET Workflow endpoint: `/api/v1/workflows/{namespace}/{name}`. No authentication is performed by the Server itself on `client` tokens. Authentication & authorization is instead delegated to the k8s API server. However, the Workflow Archive does not interact with k8s, and so any token that looks valid will be considered authenticated, even if it is not a k8s token or even if the token has no RBAC for Argo. To handle the lack of pass-through k8s authN/authZ, the Workflow Archive specifically does the equivalent of a `kubectl auth can-i` check for respective methods. In 3.5.7 and 3.5.8, the auth check was accidentally removed on the GET Workflow endpoint’s fallback to archived workflows on these lines, allowing archived workflows to be retrieved with a fake token. This vulnerability is fixed in 3.6.2 and 3.5.13. 2024-12-02 not yet calculated CVE-2024-53862
element-hq–synapse
 
Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands the attack surface in a historically vulnerable area, presenting a risk that far outweighs the benefit, particularly since these formats are rarely used on the open web or within the Matrix ecosystem. Synapse 1.120.1 addresses the issue by restricting thumbnail generation to images in the following widely used formats: PNG, JPEG, GIF, and WebP. This vulnerability is fixed in 1.120.1. 2024-12-03 not yet calculated CVE-2024-53863
ZOO-Project–ZOO-Project
 
ZOO-Project is a C-based WPS (Web Processing Service) implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is performed in this parameter, which allows an attacker to fully control the file which is returned in the response. Patch was committed in November 22nd, 2024. 2024-12-04 not yet calculated CVE-2024-53982
rails–rails-html-sanitizer
 
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer’s allowed tags with both “math” and “style” elements or both both “svg” and “style” elements. This vulnerability is fixed in 1.6.1. 2024-12-02 not yet calculated CVE-2024-53985
rails–rails-html-sanitizer
 
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer’s allowed tags where the “math” and “style” elements are both explicitly allowed. This vulnerability is fixed in 1.6.1. 2024-12-02 not yet calculated CVE-2024-53986
rails–rails-html-sanitizer
 
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer’s allowed tags where the “style” element is explicitly allowed and the “svg” or “math” element is not allowed. This vulnerability is fixed in 1.6.1. 2024-12-02 not yet calculated CVE-2024-53987
rails–rails-html-sanitizer
 
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer’s allowed tags where the “math”, “mtext”, “table”, and “style” elements are allowed and either either “mglyph” or “malignmark” are allowed. This vulnerability is fixed in 1.6.1. 2024-12-02 not yet calculated CVE-2024-53988
rails–rails-html-sanitizer
 
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer’s allowed tags for the the “noscript” element. This vulnerability is fixed in 1.6.1. 2024-12-02 not yet calculated CVE-2024-53989
AsyncHttpClient–async-http-client
 
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user’s Cookie being used for another user’s requests. 2024-12-02 not yet calculated CVE-2024-53990
EDM115–unzip-bot
 
unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This vulnerability is fixed in 7.0.3a. 2024-12-02 not yet calculated CVE-2024-53992
SKYLARK HOLDINGS CO., LTD.–‘Skylark’ App for Android
 
Improper authorization in handler for custom URL scheme issue in ‘Skylark’ App for Android 6.2.13 and earlier and ‘Skylark’ App for iOS 6.2.13 and earlier allows an attacker to lead the application to access an arbitrary web site via another application installed on the user’s device. 2024-12-05 not yet calculated CVE-2024-54014
TP-Link–Archer C50 Wireless Router
 
This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router’s Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device. 2024-12-05 not yet calculated CVE-2024-54126
TP-Link–Archer C50 Wireless Router
 
This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system. 2024-12-05 not yet calculated CVE-2024-54127
nasa-jpl–ION-DTN
 
The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A vulnerability exists in the version ION-DTN BPv7 implementation version 4.1.3 when receiving a bundle with an improper reference to the imc scheme with valid Service-Specific Part (SSP) in their Previous Node Block. The vulnerability can cause ION to become unresponsive. This vulnerability is fixed in 4.1.3s. 2024-12-05 not yet calculated CVE-2024-54129
nasa-jpl–ION-DTN
 
The NASA’s Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A segmentation fault occurs with ION-DTN BPv7 software version 4.1.3 when a bundle with a Destination Endpoint ID (EID) set to dtn:none is received. This causes the node to become unresponsive to incoming bundles, leading to a Denial of Service (DoS) condition. This vulnerability is fixed in 4.1.3s. 2024-12-05 not yet calculated CVE-2024-54130
kolide–launcher
 
The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide’s service. An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced in version 1.5.3 when launcher started storing upgraded binaries in the ProgramData directory. This move to the new directory meant the launcher root directory inherited default permissions that are not as strict as the previous location. These incorrect default permissions in conjunction with an omitted SystemDrive environmental variable (when launcher starts osqueryd), allows a malicious actor with access to the local Windows device to successfully place an arbitrary DLL into the osqueryd process’s search path. Under some circumstances, this DLL will be executed when osqueryd performs a WMI query. This combination of events could then allow the attacker to escalate their privileges to SYSTEM. Impacted versions include versions >= 1.5.3 and the fix has been released in 1.12.3. 2024-12-03 not yet calculated CVE-2024-54131
cli–cli
 
The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from a GitHub Actions workflow artifact named .. when downloaded using gh run download. The artifact name and –dir flag are used to determine the artifact’s download path. When the artifact is named .., the resulting files within the artifact are extracted exactly 1 directory higher than the specified –dir flag value. This vulnerability is fixed in 2.63.1. 2024-12-04 not yet calculated CVE-2024-54132
solana-labs–solana-web3.js
 
A publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly. This issue should not affect non-custodial wallets, as they generally do not expose private keys during transactions. This is not an issue with the Solana protocol itself, but with a specific JavaScript client library and only appears to affect projects that directly handle private keys and that updated within the window of 3:20pm UTC and 8:25pm UTC on Tuesday, December 3, 2024. These two unauthorized versions (1.95.6 and 1.95.7) were caught within hours and have since been unpublished. All Solana app developers should upgrade to version 1.95.8. Developers that suspect they might be compromised should rotate any suspect authority keys, including multisigs, program authorities, server keypairs, and so on. 2024-12-04 not yet calculated CVE-2024-54134
NuGet–NuGetGallery
 
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks. This vulnerability is fixed in 2024.12.06. 2024-12-06 not yet calculated CVE-2024-54138
sigstore–sigstore-java
 
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify(). Currently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn’t actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients. There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients that are not monitors/witnesses is very low. This vulnerability is fixed in 1.2.0. 2024-12-05 not yet calculated CVE-2024-54140
openwrt–asu
 
openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious image can be served in place of a legitimate one, allowing the attacker to “poison” the artifact cache and deliver compromised images to unsuspecting users. This can be combined with other attacks, such as a command injection in Imagebuilder that allows malicious users to inject arbitrary commands into the build process, resulting in the production of malicious firmware images signed with the legitimate build key. This has been patched with 920c8a1. 2024-12-06 not yet calculated CVE-2024-54143
n/a–n/a
 
WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. 2024-12-06 not yet calculated CVE-2024-54745
n/a–n/a
 
WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. 2024-12-06 not yet calculated CVE-2024-54747
n/a–n/a
 
Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the observation only established that a password is present in a firmware image; however, the device cannot be deployed without setting a new password during installation. 2024-12-06 not yet calculated CVE-2024-54749
n/a–n/a
 
A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter. 2024-12-06 not yet calculated CVE-2024-55268
n/a–n/a
 
MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation. 2024-12-08 not yet calculated CVE-2024-55560
Tungsten Automation–TotalAgility
 
Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpConnectionId parameter manipulation in a form sent to endpoints “/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx” and “/TotalAgility/Kofax/BrowserDevice/ScanFrontDebug.aspx” This allows for injection of a malicious JavaScript code, leading to a possible information leak.  Exploitation is possible only while using POST requests and also requires retrieving/generating a proper VIEWSTATE parameter, which limits the risk of a successful attack. 2024-12-06 not yet calculated CVE-2024-7874
Tungsten Automation–TotalAgility
 
Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpScreenResolutionWidth parameter manipulation in a form sent to an endpoint /TotalAgility/Kofax/BrowserDevice/ScanFront.aspx This allows for injection of a malicious JavaScript code, leading to a possible information leak.  Exploitation is possible only while using POST requests and also requires retrieving/generating a proper VIEWSTATE parameter, which limits the risk of a successful attack. 2024-12-06 not yet calculated CVE-2024-7875
Open Design Alliance–ODA Drawings SDK – All Versions < 2025.10
 
Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution. 2024-12-04 not yet calculated CVE-2024-8894

Back to top