High Vulnerabilities
Primary Vendor — Product |
Description8 | Published | CVSS Score | Source Info |
---|---|---|---|---|
SailPoint Technologies–IdentityIQ |
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected. | 2024-12-02 | 10 | CVE-2024-10905 |
ABB–ASPECT-Enterprise |
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 10 | CVE-2024-11317 |
ABB–ASPECT-Enterprise |
Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 10 | CVE-2024-48839 |
ABB–ASPECT-Enterprise |
Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 10 | CVE-2024-48840 |
ABB–ASPECT-Enterprise |
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 10 | CVE-2024-51545 |
ABB–ASPECT-Enterprise |
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 10 | CVE-2024-51549 |
ABB–ASPECT-Enterprise |
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 10 | CVE-2024-51550 |
ABB–ASPECT-Enterprise |
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT – Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 | 2024-12-05 | 10 | CVE-2024-51551 |
ABB–ASPECT-Enterprise |
Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT – Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 | 2024-12-05 | 10 | CVE-2024-51555 |
stefanbohacek–Fediverse Embeds |
Unrestricted Upload of File with Dangerous Type vulnerability in stefanbohacek Fediverse Embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through 1.5.3. | 2024-12-02 | 10 | CVE-2024-52476 |
NotFound–Revy |
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18. | 2024-12-06 | 10 | CVE-2024-54214 |
Google–Android |
In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-12-02 | 9.8 | CVE-2018-9430 |
SICK AG–SICK InspectorP61x |
The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device. | 2024-12-06 | 9 | CVE-2024-10773 |
matthias-reuter–SV100 Companion |
The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2024-12-06 | 9.8 | CVE-2024-12155 |
wphealth–WP Umbrella: Update Backup Restore & Monitoring |
The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the ‘filename’ parameter of the ‘umbrella-restore’ action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-12-08 | 9.8 | CVE-2024-12209 |
n/a–n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file. | 2024-12-05 | 9.8 | CVE-2024-37861 |
n/a–n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file. | 2024-12-05 | 9.8 | CVE-2024-37863 |
n/a–n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggerd via remotely sending a request for change the value of dynamic-parameter`/amcl max_beams` . | 2024-12-05 | 9.1 | CVE-2024-38920 |
tassos.gr–Convert Forms component for Joomla |
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. | 2024-12-04 | 9.8 | CVE-2024-40744 |
Progress Software Corporation–WhatsUp Gold |
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | 2024-12-02 | 9.8 | CVE-2024-46909 |
Ruijie–Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks. | 2024-12-06 | 9.4 | CVE-2024-47547 |
ABB–ASPECT-Enterprise |
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT – Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 | 2024-12-05 | 9.4 | CVE-2024-48845 |
Planet Technology–Planet WGS-804HPT |
The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution. | 2024-12-06 | 9.8 | CVE-2024-48871 |
Ruijie–Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie’s proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services. | 2024-12-06 | 9.8 | CVE-2024-48874 |
ABB–ASPECT-Enterprise |
Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 9.9 | CVE-2024-51548 |
ABB–ASPECT-Enterprise |
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 9.1 | CVE-2024-51554 |
Owen Cutajar & Hyder Jaffari–WordPress Auction Plugin |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7. | 2024-12-06 | 9.3 | CVE-2024-51615 |
WP Sharks–s2Member Pro |
Improper Control of Generation of Code (‘Code Injection’) vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114. | 2024-12-06 | 9 | CVE-2024-51815 |
Planet Technology–Planet WGS-804HPT |
The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution. | 2024-12-06 | 9.8 | CVE-2024-52320 |
Ruijie–Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands. | 2024-12-06 | 9.8 | CVE-2024-52324 |
Siemens–syngo.plaza VB30E |
A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database. | 2024-12-06 | 9.8 | CVE-2024-52335 |
Lorex–2K Indoor Wi-Fi Security Camera |
An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. | 2024-12-03 | 9.8 | CVE-2024-52544 |
n/a–n/a |
ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php. | 2024-12-02 | 9.8 | CVE-2024-52724 |
n/a–n/a |
Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of the zeqp system being reused. | 2024-12-02 | 9.1 | CVE-2024-52732 |
Najeeb Ahmad–Simple User Registration |
Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5. | 2024-12-06 | 9.1 | CVE-2024-53810 |
n/a–n/a |
Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. | 2024-12-02 | 9.1 | CVE-2024-53900 |
n/a–n/a |
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.) | 2024-12-06 | 9.8 | CVE-2024-53908 |
MacWarrior–clipbucket-v5 |
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photo_upload.php within the decode_key function. User inputs were supplied to this function without sanitization via collection GET parameter and photoIDS POST parameter respectively. The decode_key function invokes PHP unserialize function as defined in upload/includes/classes/photos.class.php. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200. | 2024-12-06 | 9.8 | CVE-2024-54135 |
MacWarrior–clipbucket-v5 |
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to unserialize function. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200. | 2024-12-06 | 9.8 | CVE-2024-54136 |
Roninwp–FAT Services Booking |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Roninwp FAT Services Booking.This issue affects FAT Services Booking: from n/a through 5.6. | 2024-12-05 | 9.3 | CVE-2024-54221 |
n/a–n/a |
readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. | 2024-12-04 | 9.8 | CVE-2024-54661 |
n/a–n/a |
Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | 2024-12-06 | 9.8 | CVE-2024-54750 |
ABB–ASPECT-Enterprise |
Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 9.6 | CVE-2024-6515 |
ABB–ASPECT-Enterprise |
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 9 | CVE-2024-6516 |
ABB–ASPECT-Enterprise |
Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 9.9 | CVE-2024-6784 |
Progress Software Corporation–WhatsUp Gold |
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeIpswitch. | 2024-12-02 | 9.8 | CVE-2024-8785 |
Google–Android |
In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-12-02 | 8.8 | CVE-2018-9380 |
Google–Android |
In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This could lead to escalation of privileges in the kernel. | 2024-12-05 | 8.8 | CVE-2018-9402 |
Google–Android |
In handle_notification_response of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-12-02 | 8 | CVE-2018-9413 |
Google–Android |
In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-12-02 | 8.8 | CVE-2018-9418 |
Apache Software Foundation–Apache Hive |
Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments. | 2024-12-05 | 8.3 | CVE-2022-41137 |
NVIDIA–UFM Enterprise GA |
NVIDIA UFM Enterprise, UFM Appliance, and UFM CyberAI contain a vulnerability where an attacker can cause an improper authentication issue by sending a malformed request through the Ethernet management interface. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, and information disclosure. | 2024-12-06 | 8.8 | CVE-2024-0130 |
OpenHarmony–OpenHarmony |
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free. | 2024-12-03 | 8.8 | CVE-2024-10074 |
swte–Swift Performance Lite |
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the ‘ajaxify’ function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-12-06 | 8.1 | CVE-2024-10516 |
blazethemes–Pubnews |
The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins that can be leveraged to exploit other vulnerabilities. | 2024-12-06 | 8.8 | CVE-2024-10578 |
funnelforms–Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor Funnelforms Free |
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.4.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-12-04 | 8.8 | CVE-2024-10587 |
SICK AG–SICK InspectorP61x |
Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level “Service”, an attacker can execute arbitrary system commands in the root user’s contexts. | 2024-12-06 | 8.8 | CVE-2024-10771 |
SICK AG–SICK InspectorP61x |
Since the firmware update is not validated, an attacker can install modified firmware on the device. This has a high impact on the availabilty, integrity and confidentiality up to the complete compromise of the device. | 2024-12-06 | 8.8 | CVE-2024-10772 |
SICK AG–SICK InspectorP61x |
Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer. | 2024-12-06 | 8.2 | CVE-2024-10776 |
india-web-developer–Login With OTP |
The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there’s no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email. | 2024-12-06 | 8.1 | CVE-2024-11178 |
pencidesign–Soledad |
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. This makes it possible for unauthenticated attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. The exploitability of this is limited to Windows. | 2024-12-06 | 8.1 | CVE-2024-11289 |
Genetech Solutions–Pie Register – Social Sites Login (Add on) |
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.9. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | 2024-12-04 | 8.1 | CVE-2024-11293 |
kekotron–AI Quiz | Quiz Maker |
The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style() function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2024-12-06 | 8.8 | CVE-2024-11323 |
Synology–Synology Router Manager (SRM) |
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors. | 2024-12-04 | 8.1 | CVE-2024-11398 |
galdub–Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews Stars Testimonials |
The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the ‘stars-testimonials-with-slider-and-masonry-grid’ shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. | 2024-12-05 | 8.8 | CVE-2024-11429 |
webdzier–Gallery |
The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-12-07 | 8.8 | CVE-2024-11501 |
allaccessible–Accessibility by AllAccessible |
The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ‘AllAccessible_save_settings’ function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2024-12-04 | 8.8 | CVE-2024-11643 |
Google–Chrome |
Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | 2024-12-03 | 8.8 | CVE-2024-12053 |
Devolutions–Remote Desktop Manager |
Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested. | 2024-12-04 | 8.1 | CVE-2024-12149 |
Snyk–Code Agent |
Snyk has identified a remote code execution (RCE) vulnerability in all versions of Code Agent. The vulnerability enables an attacker to execute arbitrary code within the Code Agent container. Exploiting this vulnerability would require an attacker to have network access to the Code Agent within the deployment environment. External exploitation of this vulnerability is unlikely and depends on both misconfigurations of the cluster and/or chaining with another vulnerability. However, internal exploitation (with a cluster misconfiguration) could still be possible. | 2024-12-06 | 8.1 | CVE-2024-21571 |
Qualcomm, Inc.–Snapdragon |
Memory corruption while Configuring the SMR/S2CR register in Bypass mode. | 2024-12-02 | 8.4 | CVE-2024-33044 |
Qualcomm, Inc.–Snapdragon |
Memory corruption when allocating and accessing an entry in an SMEM partition continuously. | 2024-12-02 | 8.4 | CVE-2024-33056 |
n/a–n/a |
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300. The baseband software does not properly check the length specified by the CC (Call Control). This can lead to an Out-of-Bounds write. | 2024-12-02 | 8.1 | CVE-2024-39890 |
IBM–Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | 2024-12-03 | 8 | CVE-2024-40691 |
Dell–NetWorker |
Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | 2024-12-03 | 8.3 | CVE-2024-42422 |
Apache Software Foundation–Apache Ozone |
Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: * ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is false. * The user configured in ozone.s3g.kerberos.principal is also configured in ozone.s3.administrators or ozone.administrators. Users are recommended to upgrade to Apache Ozone version 1.4.1 which disables the affected endpoint. | 2024-12-03 | 8.1 | CVE-2024-45106 |
SonicWall–SMA100 |
A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. | 2024-12-05 | 8.1 | CVE-2024-45318 |
n/a–n/a |
An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users. | 2024-12-03 | 8.8 | CVE-2024-46624 |
Ruijie–Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie’s cloud. | 2024-12-06 | 8.1 | CVE-2024-46874 |
progress — whatsup_gold |
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account. | 2024-12-02 | 8.8 | CVE-2024-46905 |
progress — whatsup_gold |
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 2024-12-02 | 8.8 | CVE-2024-46906 |
Progress Software Corporation–WhatsUp Gold |
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 2024-12-02 | 8.8 | CVE-2024-46907 |
Progress Software Corporation–WhatsUp Gold |
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 2024-12-02 | 8.8 | CVE-2024-46908 |
ABB–ASPECT-Enterprise |
MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT – Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01 | 2024-12-05 | 8.2 | CVE-2024-48847 |
Samsung Mobile–Samsung Mobile Devices |
Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. | 2024-12-03 | 8.1 | CVE-2024-49415 |
n/a–n/a |
An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file | 2024-12-03 | 8.8 | CVE-2024-51114 |
IBM–App Connect Enterprise Certified Container |
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 2024-12-04 | 8.8 | CVE-2024-51465 |
ABB–ASPECT-Enterprise |
Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 8.2 | CVE-2024-51541 |
ABB–ASPECT-Enterprise |
Configuration Download vulnerabilities allow access to dependency configuration information. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 8.2 | CVE-2024-51542 |
ABB–ASPECT-Enterprise |
Information Disclosure vulnerabilities allow access to application configuration information. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 8.2 | CVE-2024-51543 |
ABB–ASPECT-Enterprise |
Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 8.2 | CVE-2024-51544 |
simplesamlphp–saml2 |
SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it’s possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18. | 2024-12-02 | 8.3 | CVE-2024-52806 |
n/a–n/a |
Authenticated remote code execution (RCE) vulnerabilities affect TP-Link Archer, Deco, and Tapo series routers. A vulnerability exists in the “tmp_get_sites” function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the installation or activation of the HomeShield functionality. | 2024-12-02 | 8 | CVE-2024-53375 |
n/a–n/a |
Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key. | 2024-12-02 | 8.8 | CVE-2024-53484 |
n/a–n/a |
A serious vulnerability was discovered in FreePBX 17.0.19.17. FreePBX does not verify the type of uploaded files and does not restrict user access paths, allowing attackers to remotely control the FreePBX server by uploading malicious files with malicious content and accessing the default directory where the files are uploaded. This will result in particularly serious consequences. | 2024-12-02 | 8.8 | CVE-2024-53564 |
SonicWall–SMA100 |
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. | 2024-12-05 | 8.1 | CVE-2024-53703 |
Kiboko Labs–Watu Quiz |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Kiboko Labs Watu Quiz allows SQL Injection.This issue affects Watu Quiz: from n/a through 3.4.2. | 2024-12-02 | 8.5 | CVE-2024-53792 |
eDoc Intelligence LLC–eDoc Easy Tables |
Cross-Site Request Forgery (CSRF) vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows Blind SQL Injection.This issue affects eDoc Easy Tables: from n/a through 1.29. | 2024-12-02 | 8.2 | CVE-2024-53793 |
brandtoss–WP Mailster |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0. | 2024-12-06 | 8.5 | CVE-2024-53807 |
Basix–NEX-Forms Ultimate Form Builder |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8. | 2024-12-06 | 8.5 | CVE-2024-53808 |
PINPOINT.WORLD–Pinpoint Booking System |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1. | 2024-12-06 | 8.5 | CVE-2024-53815 |
n/a–n/a |
An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.) | 2024-12-02 | 8.8 | CVE-2024-53937 |
n/a–n/a |
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over the router remotely without any authentication. | 2024-12-02 | 8.8 | CVE-2024-53938 |
n/a–n/a |
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on the device (with root-level permissions) via crafted input. | 2024-12-02 | 8.8 | CVE-2024-53939 |
n/a–n/a |
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling arbitrary command execution with root-level permissions on the device. | 2024-12-02 | 8.8 | CVE-2024-53940 |
n/a–n/a |
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID. | 2024-12-02 | 8.8 | CVE-2024-53941 |
MobSF–Mobile-Security-Framework-MobSF |
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the “Diff or Compare” functionality, they are affected by a Stored Cross-Site Scripting vulnerability. This vulnerability is fixed in 4.2.9. | 2024-12-03 | 8.1 | CVE-2024-53999 |
thorsten–phpMyFAQ |
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server’s credential when connection to DB fails. This vulnerability is fixed in 4.0.0. | 2024-12-06 | 8.6 | CVE-2024-54141 |
JetBrains–YouTrack |
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox | 2024-12-04 | 8 | CVE-2024-54154 |
Google–Android |
In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-02 | 7.8 | CVE-2018-9376 |
Google–Android |
In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-12-02 | 7.5 | CVE-2018-9381 |
Google–Android |
In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege. | 2024-12-05 | 7.8 | CVE-2018-9388 |
Google–Android |
In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-04 | 7.8 | CVE-2018-9392 |
Google–Android |
In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-04 | 7.8 | CVE-2018-9393 |
Google–Android |
In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-04 | 7.8 | CVE-2018-9394 |
Google–Android |
In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-04 | 7.8 | CVE-2018-9395 |
Google–Android |
In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-04 | 7.8 | CVE-2018-9396 |
Google–Android |
In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9397 |
Google–Android |
In fm_set_stat of mediatek FM radio driver, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9398 |
Google–Android |
In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9399 |
Google–Android |
In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touchscreen/mediatek/GT1151/gt1x_generic.c and gt1x_tools.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9400 |
Google–Android |
In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege in a privileged process with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9403 |
Google–Android |
In oemCallback of ril.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9404 |
Google–Android |
In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | 2024-12-02 | 7.8 | CVE-2018-9414 |
Google–Android |
In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-12-02 | 7.8 | CVE-2018-9431 |
Google–Android |
In __unregister_prot_hook and packet_release of af_packet.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9439 |
Google–Android |
In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9462 |
Google–Android |
In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9463 |
totalsoft–Video Gallery YouTube Gallery and Vimeo Gallery |
The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-06 | 7.2 | CVE-2024-10247 |
templateinvaders–TI WooCommerce Wishlist |
The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘wizard’ function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates. | 2024-12-04 | 7.5 | CVE-2024-10567 |
SICK AG–SICK InspectorP61x |
Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication. | 2024-12-06 | 7.3 | CVE-2024-10774 |
wpkube–Authors List |
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-12-04 | 7.3 | CVE-2024-10952 |
softaculous–FileOrganizer Manage WordPress and Website Files |
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the ‘default_lang’ parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2024-12-07 | 7.2 | CVE-2024-11010 |
OpenBSD–OpenBSD |
In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request. | 2024-12-05 | 7.5 | CVE-2024-11148 |
OpenBSD–OpenBSD |
In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs. | 2024-12-06 | 7.9 | CVE-2024-11149 |
Rockwell Automation–Arena |
A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | 2024-12-05 | 7.8 | CVE-2024-11155 |
Open Automation Software–Open Automation Software |
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation. | 2024-12-06 | 7.8 | CVE-2024-11220 |
ABB–ASPECT-Enterprise |
Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 7.5 | CVE-2024-11316 |
modalweb–Advanced File Manager |
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the ‘class_fma_connector.php’ file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary files on the affected site’s server which may make remote code execution possible. | 2024-12-03 | 7.5 | CVE-2024-11391 |
pictureplanet–Verowa Connect |
The Verowa Connect plugin for WordPress is vulnerable to SQL Injection via the ‘search_string’ parameter in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-06 | 7.5 | CVE-2024-11460 |
nsp-code–WP Hide & Security Enhancer |
The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss. | 2024-12-06 | 7.5 | CVE-2024-11585 |
iqonicdesign–KiviCare Clinic & Patient Management System (EHR) |
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘visit_type[service_id]’ parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-06 | 7.5 | CVE-2024-11728 |
Drupal–Drupal Core |
A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8. | 2024-12-05 | 7.5 | CVE-2024-11941 |
webcodingplace–Classic Addons WPBakery Page Builder |
The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the ‘style’ parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The vulnerability is limited to PHP files in a Windows environment. | 2024-12-04 | 7.5 | CVE-2024-11952 |
WeDevs–WP Project Manager |
The ‘Project Manager’ WordPress Plugin is affected by an authenticated SQL injection vulnerability in the ‘orderby’ parameter in the ‘/pm/v2/activites’ route. | 2024-12-02 | 7.7 | CVE-2024-12015 |
D3TN GmbH–D3TN |
Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint Identifier allows remote attacker to reliably cause DoS | 2024-12-04 | 7.5 | CVE-2024-12107 |
1000 Projects–Library Management System |
A vulnerability was found in 1000 Projects Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /showbook.php. The manipulation of the argument q leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 7.3 | CVE-2024-12187 |
1000 Projects–Library Management System |
A vulnerability was found in 1000 Projects Library Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /brains/stu.php. The manipulation of the argument useri leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 7.3 | CVE-2024-12188 |
PHPGurukul–Complaint Management System |
A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Affected is an unknown function of the file /admin/user-search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 7.3 | CVE-2024-12228 |
PHPGurukul–Complaint Management System |
A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 7.3 | CVE-2024-12229 |
PHPGurukul–Complaint Management System |
A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/subcategory.php. The manipulation of the argument category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 7.3 | CVE-2024-12230 |
CodeZips–Project Management System |
A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 7.3 | CVE-2024-12231 |
code-projects–Online Notice Board |
A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 7.3 | CVE-2024-12233 |
1000 Projects–Beauty Parlour Management System |
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-05 | 7.3 | CVE-2024-12234 |
jonathandejong–Beautiful taxonomy filters |
The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the ‘selects[0][term]’ parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-07 | 7.5 | CVE-2024-12270 |
MediaTek, Inc.–MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8321, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8797, MT8798, MT8863T |
In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2023. | 2024-12-02 | 7.5 | CVE-2024-20127 |
MediaTek, Inc.–MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8321, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8797, MT8798, MT8863T |
In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2024. | 2024-12-02 | 7.5 | CVE-2024-20128 |
MediaTek, Inc.–MT6890, MT7622, MT7915, MT7916, MT7981, MT7986 |
In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727. | 2024-12-02 | 7.5 | CVE-2024-20137 |
MediaTek, Inc.–MT3605, MT6985, MT6989, MT6990, MT7925, MT7927, MT8195, MT8370, MT8390 |
In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604. | 2024-12-02 | 7.5 | CVE-2024-20138 |
n/a–n/a |
Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script. | 2024-12-05 | 7.8 | CVE-2024-30963 |
n/a–n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial_pose_sub thread created by nav2_bt_navigator | 2024-12-05 | 7.8 | CVE-2024-30964 |
n/a–n/a |
rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide. | 2024-12-02 | 7.5 | CVE-2024-31669 |
Qualcomm, Inc.–Snapdragon |
Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present. | 2024-12-02 | 7.5 | CVE-2024-33063 |
element-hq–synapse |
Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new “leaky bucket” rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user’s ability to request large amounts of data to be cached. | 2024-12-03 | 7.5 | CVE-2024-37302 |
n/a–n/a |
Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_amcl process | 2024-12-05 | 7.3 | CVE-2024-37860 |
n/a–n/a |
Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner process. | 2024-12-05 | 7.3 | CVE-2024-37862 |
n/a–n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to change dynamic parameters. | 2024-12-05 | 7.5 | CVE-2024-38910 |
n/a–n/a |
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not properly check the length specified by the MM (Mobility Management) module, which can lead to Denial of Service. | 2024-12-02 | 7 | CVE-2024-39343 |
SonicWall–SMA100 |
Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution. | 2024-12-05 | 7.5 | CVE-2024-40763 |
IBM–Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 2024-12-03 | 7.5 | CVE-2024-41777 |
Qualcomm, Inc.–Snapdragon |
Memory corruption when invalid input is passed to invoke GPU Headroom API call. | 2024-12-02 | 7.8 | CVE-2024-43048 |
Qualcomm, Inc.–Snapdragon |
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver. | 2024-12-02 | 7.8 | CVE-2024-43049 |
Qualcomm, Inc.–Snapdragon |
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver. | 2024-12-02 | 7.8 | CVE-2024-43050 |
Qualcomm, Inc.–Snapdragon |
Memory corruption while processing API calls to NPU with invalid input. | 2024-12-02 | 7.8 | CVE-2024-43052 |
Qualcomm, Inc.–Snapdragon |
Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information. | 2024-12-02 | 7.8 | CVE-2024-43053 |
Hitachi–Hitachi Ops Center Common Services |
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA. This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01. | 2024-12-03 | 7.1 | CVE-2024-45068 |
SolarWinds–SolarWinds Platform |
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction. | 2024-12-04 | 7 | CVE-2024-45717 |
Ruijie–Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials. | 2024-12-06 | 7.5 | CVE-2024-45722 |
Ruijie–Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user’s phone number and part of the email address. | 2024-12-06 | 7.5 | CVE-2024-47043 |
IBM–AIX |
IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. | 2024-12-07 | 7.8 | CVE-2024-47115 |
Dell–NetWorker Management Console |
Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution. | 2024-12-03 | 7.8 | CVE-2024-47476 |
Ruijie–Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices. | 2024-12-06 | 7.5 | CVE-2024-47791 |
n/a–n/a |
An issue in aedes v0.51.2 allows attackers to cause a Denial of Service(DoS) via a crafted request. | 2024-12-03 | 7.5 | CVE-2024-48080 |
ABB–ASPECT-Enterprise |
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 7.7 | CVE-2024-48843 |
ABB–ASPECT-Enterprise |
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 7.7 | CVE-2024-48844 |
ABB–ASPECT-Enterprise |
Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 7.1 | CVE-2024-48846 |
Samsung Mobile–Samsung Mobile Devices |
Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications. | 2024-12-03 | 7.1 | CVE-2024-49413 |
Samsung Mobile–GamingHub |
Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity. | 2024-12-03 | 7.5 | CVE-2024-49420 |
n/a–n/a |
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. | 2024-12-04 | 7.5 | CVE-2024-50947 |
n/a–n/a |
An issue in mochiMQTT v2.6.3 allows attackers to cause a Denial of Service (DoS) via a crafted request. | 2024-12-03 | 7.5 | CVE-2024-50948 |
ABB–ASPECT-Enterprise |
Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT – Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 7.5 | CVE-2024-51546 |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager |
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system. | 2024-12-03 | 7.2 | CVE-2024-51771 |
eduNEXT–Open edX LMS |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1. | 2024-12-02 | 7.1 | CVE-2024-52452 |
Jon Lorang–Library Bookshelves |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jon Lorang Library Bookshelves allows Reflected XSS.This issue affects Library Bookshelves: from n/a through 5.8. | 2024-12-02 | 7.1 | CVE-2024-52453 |
GoQSystem Inc.–GoQMieruca |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GoQSystem Inc. GoQMieruca allows Reflected XSS.This issue affects GoQMieruca: from n/a through 1.0.0. | 2024-12-02 | 7.1 | CVE-2024-52454 |
GoQSystem Inc.–GoQSmile |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in GoQSystem Inc. GoQSmile allows Reflected XSS.This issue affects GoQSmile: from n/a through 1.0.1. | 2024-12-02 | 7.1 | CVE-2024-52455 |
WPoets–Awesome Studio |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPoets Awesome Studio allows Reflected XSS.This issue affects Awesome Studio: from n/a through 2.4.4. | 2024-12-02 | 7.1 | CVE-2024-52456 |
Youneeq–Youneeq Recommendations |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Youneeq Youneeq Recommendations allows Reflected XSS.This issue affects Youneeq Recommendations: from n/a through 3.0.7. | 2024-12-02 | 7.1 | CVE-2024-52457 |
Templines–TM Islamic Helper |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Templines TM Islamic Helper allows Reflected XSS.This issue affects TM Islamic Helper: from n/a through 1.0.1. | 2024-12-02 | 7.1 | CVE-2024-52458 |
Chameleoni.com–Chameleoni Jobs |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Chameleoni.com Chameleoni Jobs allows Reflected XSS.This issue affects Chameleoni Jobs: from n/a through 2.5.2. | 2024-12-02 | 7.1 | CVE-2024-52459 |
AtaraPay–AtaraPay WooCommerce Payment Gateway |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AtaraPay AtaraPay WooCommerce Payment Gateway allows Reflected XSS.This issue affects AtaraPay WooCommerce Payment Gateway: from n/a through 2.0.13. | 2024-12-02 | 7.1 | CVE-2024-52460 |
Kinsta WordPress Hosting–Infinite Slider |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kinsta WordPress Hosting Infinite Slider allows Reflected XSS.This issue affects Infinite Slider: from n/a through 2.0.1. | 2024-12-02 | 7.1 | CVE-2024-52461 |
Jacob Schwartz–WP e-Commerce Style Email |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jacob Schwartz WP e-Commerce Style Email allows Reflected XSS.This issue affects WP e-Commerce Style Email: from n/a through 0.6.2. | 2024-12-02 | 7.1 | CVE-2024-52462 |
Kat Hagan–Post By Email |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Kat Hagan Post By Email allows Reflected XSS.This issue affects Post By Email: from n/a through 1.0.4b. | 2024-12-02 | 7.1 | CVE-2024-52463 |
anmari–amr shortcodes |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in anmari amr shortcodes allows Reflected XSS.This issue affects amr shortcodes: from n/a through 1.7. | 2024-12-02 | 7.1 | CVE-2024-52464 |
Data443–LGPD Framework |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Data443 LGPD Framework allows Reflected XSS.This issue affects LGPD Framework: from n/a through 2.0.2. | 2024-12-02 | 7.1 | CVE-2024-52465 |
Explara–Explara Events |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Explara Explara Events allows Reflected XSS.This issue affects Explara Events: from n/a through 0.1.3. | 2024-12-02 | 7.1 | CVE-2024-52466 |
August Infotech–AI Responsive Gallery Album |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in August Infotech AI Responsive Gallery Album allows Reflected XSS.This issue affects AI Responsive Gallery Album: from n/a through 1.4. | 2024-12-02 | 7.1 | CVE-2024-52467 |
LeadBoxer–LeadBoxer |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LeadBoxer LeadBoxer allows Reflected XSS.This issue affects LeadBoxer: from n/a through 1.2. | 2024-12-02 | 7.1 | CVE-2024-52468 |
Dhrubok Infotech–WooCommerce Price Alert |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Dhrubok Infotech WooCommerce Price Alert allows Reflected XSS.This issue affects WooCommerce Price Alert: from n/a through 1.0.4. | 2024-12-02 | 7.1 | CVE-2024-52469 |
No-nonsense Labs–Document & Data Automation |
Cross-Site Request Forgery (CSRF) vulnerability in No-nonsense Labs Document & Data Automation allows Stored XSS.This issue affects Document & Data Automation: from n/a through 1.6.1. | 2024-12-02 | 7.1 | CVE-2024-52477 |
Ortto–Ortto |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ortto Ortto allows Reflected XSS.This issue affects Ortto: from n/a through 1.0.19. | 2024-12-02 | 7.1 | CVE-2024-52482 |
Igor Beni–LeanPress |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Igor Benić LeanPress allows Reflected XSS.This issue affects LeanPress: from n/a through 1.0.0. | 2024-12-02 | 7.1 | CVE-2024-52483 |
Subhasish Manna–Wc Recently viewed products |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Subhasish Manna Wc Recently viewed products allows Reflected XSS.This issue affects Wc Recently viewed products: from n/a through 1.0.1. | 2024-12-02 | 7.1 | CVE-2024-52484 |
Lorex–2K Indoor Wi-Fi Security Camera |
An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. | 2024-12-03 | 7.2 | CVE-2024-52547 |
n/a–n/a |
Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data. | 2024-12-02 | 7.5 | CVE-2024-53605 |
ITERAS–ITERAS |
Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS allows Stored XSS.This issue affects ITERAS: from n/a through 1.7.0. | 2024-12-02 | 7.1 | CVE-2024-53710 |
Jean-Marc BIANCA–Hotlink2Watermark |
Cross-Site Request Forgery (CSRF) vulnerability in Jean-Marc BIANCA Hotlink2Watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through 0.3.2. | 2024-12-02 | 7.1 | CVE-2024-53711 |
Kevin McCabe–Kevin’s |
Cross-Site Request Forgery (CSRF) vulnerability in Kevin McCabe Kevin’s allows Stored XSS.This issue affects Kevin’s: from n/a through 2.0.0. | 2024-12-02 | 7.1 | CVE-2024-53712 |
Alain Diart for les-sushi-codeurs.fr & Eric Ambrosi for regart.net–Silverlight Video Player |
Cross-Site Request Forgery (CSRF) vulnerability in Alain Diart for les-sushi-codeurs.fr & Eric Ambrosi for regart.net Silverlight Video Player allows Stored XSS.This issue affects Silverlight Video Player: from n/a through 1.0. | 2024-12-02 | 7.1 | CVE-2024-53713 |
Arrow Design–Continue Shopping From Cart |
Cross-Site Request Forgery (CSRF) vulnerability in Arrow Design Continue Shopping From Cart allows Stored XSS.This issue affects Continue Shopping From Cart: from n/a through 1.3. | 2024-12-02 | 7.1 | CVE-2024-53714 |
Thomas Hoefter–Simple Travel Map |
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simple Travel Map allows Stored XSS.This issue affects Simple Travel Map: from n/a through 0.1. | 2024-12-02 | 7.1 | CVE-2024-53715 |
overtrue–wp auto top |
Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp auto top allows Stored XSS.This issue affects wp auto top: from n/a through 2.9.3. | 2024-12-02 | 7.1 | CVE-2024-53716 |
Yonatan Reinberg–yPHPlista |
Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg yPHPlista allows Stored XSS.This issue affects yPHPlista: from n/a through 1.1.1. | 2024-12-02 | 7.1 | CVE-2024-53717 |
Eric Teubert–Multi Feed Reader |
Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through 2.2.4. | 2024-12-02 | 7.1 | CVE-2024-53718 |
onigetoc–Zajax Ajax Navigation |
Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Zajax – Ajax Navigation allows Stored XSS.This issue affects Zajax – Ajax Navigation: from n/a through 0.4. | 2024-12-02 | 7.1 | CVE-2024-53719 |
ole1986 , MachineITSvcs–WP-ISPConfig 3 |
Cross-Site Request Forgery (CSRF) vulnerability in ole1986 , MachineITSvcs WP-ISPConfig 3 allows Stored XSS.This issue affects WP-ISPConfig 3: from n/a through 1.5.6. | 2024-12-02 | 7.1 | CVE-2024-53720 |
Rockemmusic–Favicon My Blog |
Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic Favicon My Blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through 1.0.2. | 2024-12-02 | 7.1 | CVE-2024-53722 |
A.Cihangir BALTACI–Google Plus Share and +1 Button |
Cross-Site Request Forgery (CSRF) vulnerability in A.Cihangir BALTACI Google Plus Share and +1 Button allows Stored XSS.This issue affects Google Plus Share and +1 Button: from n/a through 1.0. | 2024-12-02 | 7.1 | CVE-2024-53723 |
Ronny L. Bull–IceStats |
Cross-Site Request Forgery (CSRF) vulnerability in Ronny L. Bull IceStats allows Stored XSS.This issue affects IceStats: from n/a through 1.3. | 2024-12-02 | 7.1 | CVE-2024-53724 |
Script-Recipes–Post Hits Counter |
Cross-Site Request Forgery (CSRF) vulnerability in Script-Recipes Post Hits Counter allows Reflected XSS.This issue affects Post Hits Counter: from n/a through 2.8.23. | 2024-12-02 | 7.1 | CVE-2024-53725 |
Realty Candy–RealtyCandy IDX Broker Extended |
Cross-Site Request Forgery (CSRF) vulnerability in Realty Candy RealtyCandy IDX Broker Extended allows Stored XSS.This issue affects RealtyCandy IDX Broker Extended: from n/a through 1.5.1. | 2024-12-02 | 7.1 | CVE-2024-53726 |
LinkLaunder.com–LinkLaunder SEO |
Cross-Site Request Forgery (CSRF) vulnerability in LinkLaunder.com LinkLaunder SEO allows Stored XSS.This issue affects LinkLaunder SEO: from n/a through 0.92.1. | 2024-12-02 | 7.1 | CVE-2024-53727 |
SEO-Kche Internet Marketing GmbH & Co. KG–Protect Your Content |
Cross-Site Request Forgery (CSRF) vulnerability in SEO-Küche Internet Marketing GmbH & Co. KG Protect Your Content allows Stored XSS.This issue affects Protect Your Content: from n/a through 1.0.2. | 2024-12-02 | 7.1 | CVE-2024-53728 |
Plumeria Web Design–Blizzard Quotes |
Cross-Site Request Forgery (CSRF) vulnerability in Plumeria Web Design Blizzard Quotes allows Stored XSS.This issue affects Blizzard Quotes: from n/a through 1.3. | 2024-12-02 | 7.1 | CVE-2024-53729 |
Aaron Hodge Silver–April’s Call Posts |
Cross-Site Request Forgery (CSRF) vulnerability in Aaron Hodge Silver April’s Call Posts allows Stored XSS. This issue affects April’s Call Posts: from n/a through 2.1.1. | 2024-12-02 | 7.1 | CVE-2024-53730 |
NotFound–WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates allows Reflected XSS.This issue affects WooCommerce Ultimate Gift Card – Create, Sell and Manage Gift Cards with Customized Email Templates: from n/a through n/a. | 2024-12-02 | 7.1 | CVE-2024-53740 |
CultBooking–CultBooking Hotel Booking Engine |
Cross-Site Request Forgery (CSRF) vulnerability in CultBooking CultBooking Hotel Booking Engine allows Stored XSS.This issue affects CultBooking Hotel Booking Engine: from n/a through 2.1. | 2024-12-02 | 7.1 | CVE-2024-53753 |
Arrow Design–Out Of Stock Badge |
Cross-Site Request Forgery (CSRF) vulnerability in Arrow Design Out Of Stock Badge allows Cross Site Request Forgery.This issue affects Out Of Stock Badge: from n/a through 1.3.1. | 2024-12-02 | 7.1 | CVE-2024-53754 |
Andrea Pernici–Third Party Cookie Eraser |
Cross-Site Request Forgery (CSRF) vulnerability in Andrea Pernici Third Party Cookie Eraser allows Stored XSS.This issue affects Third Party Cookie Eraser: from n/a through 1.0.2. | 2024-12-02 | 7.1 | CVE-2024-53755 |
Planet Studio team–ArCa Payment Gateway |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Planet Studio team ArCa Payment Gateway allows Stored XSS.This issue affects ArCa Payment Gateway: from n/a through 1.3.1. | 2024-12-02 | 7.1 | CVE-2024-53759 |
Faster Themes–FastBook Responsive Appointment Booking and Scheduling System |
Cross-Site Request Forgery (CSRF) vulnerability in Faster Themes FastBook – Responsive Appointment Booking and Scheduling System allows Stored XSS.This issue affects FastBook – Responsive Appointment Booking and Scheduling System: from n/a through 1.1. | 2024-12-02 | 7.1 | CVE-2024-53762 |
Think201–Mins To Read |
Cross-Site Request Forgery (CSRF) vulnerability in Think201 Mins To Read allows Stored XSS.This issue affects Mins To Read: from n/a through 1.2.2. | 2024-12-02 | 7.1 | CVE-2024-53765 |
Ludovic RIAUDEL–Custom Post Type to Map Store |
Cross-Site Request Forgery (CSRF) vulnerability in Ludovic RIAUDEL Custom Post Type to Map Store allows Stored XSS.This issue affects Custom Post Type to Map Store: from n/a through 1.1.0. | 2024-12-02 | 7.1 | CVE-2024-53769 |
Peter MacIntyre–RingCentral Communications |
Cross-Site Request Forgery (CSRF) vulnerability in Peter MacIntyre RingCentral Communications allows Stored XSS.This issue affects RingCentral Communications: from n/a through 1.6.1. | 2024-12-02 | 7.1 | CVE-2024-53770 |
Raphael Heide–Donate Me |
Cross-Site Request Forgery (CSRF) vulnerability in Raphael Heide Donate Me allows Stored XSS.This issue affects Donate Me: from n/a through 1.2.5. | 2024-12-02 | 7.1 | CVE-2024-53776 |
Alberto Reineri–Simple Header and Footer |
Cross-Site Request Forgery (CSRF) vulnerability in Alberto Reineri Simple Header and Footer allows Stored XSS.This issue affects Simple Header and Footer: from n/a through 1.0.0. | 2024-12-02 | 7.1 | CVE-2024-53777 |
Max Engel–Yahoo! WebPlayer |
Cross-Site Request Forgery (CSRF) vulnerability in Max Engel Yahoo! WebPlayer allows Stored XSS.This issue affects Yahoo! WebPlayer: from n/a through 2.0.6. | 2024-12-02 | 7.1 | CVE-2024-53779 |
Rajeev Chauhan–Load More Posts |
Cross-Site Request Forgery (CSRF) vulnerability in Rajeev Chauhan Load More Posts allows Stored XSS.This issue affects Load More Posts: from n/a through 1.4.0. | 2024-12-02 | 7.1 | CVE-2024-53780 |
Home Junction–SpatialMatch IDX |
Cross-Site Request Forgery (CSRF) vulnerability in Home Junction SpatialMatch IDX allows Stored XSS.This issue affects SpatialMatch IDX: from n/a through 3.0.9. | 2024-12-02 | 7.1 | CVE-2024-53781 |
CMSaccount–Photo Video Store |
Cross-Site Request Forgery (CSRF) vulnerability in CMSaccount Photo Video Store allows Cross-Site Scripting (XSS).This issue affects Photo Video Store: from n/a through 21.07. | 2024-12-02 | 7.1 | CVE-2024-53782 |
Ritesh Sanap–Advanced What should we write next about |
Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanced What should we write next about allows Stored XSS.This issue affects Advanced What should we write next about: from n/a through 1.0.3. | 2024-12-02 | 7.1 | CVE-2024-53789 |
brandtoss–WP Mailster |
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0. | 2024-12-06 | 7.5 | CVE-2024-53804 |
brandtoss–WP Mailster |
Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. | 2024-12-06 | 7.5 | CVE-2024-53805 |
Jacques Malgrange–WP GeoNames |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Jacques Malgrange WP GeoNames allows Reflected XSS.This issue affects WP GeoNames: from n/a through 1.8. | 2024-12-06 | 7.1 | CVE-2024-53812 |
Acowebs–Product Labels For Woocommerce |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Acowebs Product Labels For Woocommerce allows Blind SQL Injection.This issue affects Product Labels For Woocommerce: from n/a through 1.5.8. | 2024-12-06 | 7.6 | CVE-2024-53817 |
NotFound–Pie Register Premium |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in NotFound Pie Register Premium allows Reflected XSS.This issue affects Pie Register Premium: from n/a through n/a. | 2024-12-06 | 7.1 | CVE-2024-53821 |
AREOI–All Bootstrap Blocks |
Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects All Bootstrap Blocks: from n/a through 1.3.19. | 2024-12-06 | 7.5 | CVE-2024-53824 |
rpgp–rpgp |
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1. | 2024-12-05 | 7.5 | CVE-2024-53856 |
rpgp–rpgp |
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys. | 2024-12-05 | 7.5 | CVE-2024-53857 |
n/a–n/a |
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. | 2024-12-06 | 7.5 | CVE-2024-53907 |
Kludex–python-multipart |
python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR r or LF n) in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause excessive logging for certain inputs. An attacker could abuse this by sending a malicious request with lots of data before the first or after the last boundary, causing high CPU load and stalling the processing thread for a significant amount of time. In case of ASGI application, this could stall the event loop and prevent other requests from being processed, resulting in a denial of service (DoS). This vulnerability is fixed in 0.0.18. | 2024-12-02 | 7.5 | CVE-2024-53981 |
MobSF–Mobile-Security-Framework-MobSF |
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side request forgery when a request to .well-known/assetlinks.json” returns a 302 redirect. This is a bypass of the fix for CVE-2024-29190 and is fixed in 3.9.7. | 2024-12-03 | 7.5 | CVE-2024-54000 |
open-quantum-safe–liboqs |
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0. | 2024-12-06 | 7.4 | CVE-2024-54137 |
Paloma–Paloma Widget |
Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through 1.14. | 2024-12-06 | 7.1 | CVE-2024-54205 |
Joni Halabi–Block Controller |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Joni Halabi Block Controller allows Reflected XSS.This issue affects Block Controller: from n/a through 1.4.2. | 2024-12-06 | 7.1 | CVE-2024-54208 |
WPFactory–Awesome Shortcodes |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WPFactory Awesome Shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a through 1.7.2. | 2024-12-06 | 7.1 | CVE-2024-54209 |
NotFound–ARForms |
Path Traversal vulnerability in NotFound ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1. | 2024-12-06 | 7.7 | CVE-2024-54216 |
n/a–n/a |
An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker’s code in the user’s security context, a different vulnerability than CVE-2024-52945. | 2024-12-04 | 7.8 | CVE-2024-54664 |
Zyxel–VMG8825-T50K firmware |
A buffer overflow vulnerability in the packet parser of the third-party library “libclinkc” in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device. | 2024-12-03 | 7.5 | CVE-2024-8748 |
Zyxel–VMG4005-B50A firmware |
A post-authentication command injection vulnerability in the “host” parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. | 2024-12-03 | 7.2 | CVE-2024-9200 |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
---|---|---|---|---|
Google–Android |
In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 6.7 | CVE-2017-13308 |
Google–Android |
In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 6.7 | CVE-2018-9386 |
Google–Android |
In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 6.7 | CVE-2018-9390 |
Google–Android |
In update_gps_sv and output_vzw_debug of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor ker.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 6.7 | CVE-2018-9391 |
Google–Android |
In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data. | 2024-12-05 | 6.5 | CVE-2018-9407 |
Google–Android |
In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard. | 2024-12-02 | 6.5 | CVE-2018-9426 |
Google–Android |
In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-12-02 | 6.5 | CVE-2018-9429 |
Google–Android |
In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-12-02 | 6.2 | CVE-2018-9435 |
astoundify–WP Job Manager Company Profiles |
The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘company’ parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-04 | 6.1 | CVE-2023-6978 |
persianscript– Persian WooCommerce SMS |
The افزونه پیامک ووکامرس Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-10046 |
eyale-vc–Contact Form Builder by vcita |
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-05 | 6.4 | CVE-2024-10056 |
gutentor–Gutentor Gutenberg Blocks Page Builder for Gutenberg Editor |
The Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-05 | 6.4 | CVE-2024-10178 |
iamjonasmarlo–Cookielay |
The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.4 | CVE-2024-10320 |
brainstormforce–Spectra WordPress Gutenberg Blocks |
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘Team’ widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-10484 |
reputeinfosystems–ARMember Membership Plugin, Content Restriction, Member Levels, User Profile & User signup |
The The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes. | 2024-12-06 | 6.3 | CVE-2024-10681 |
jooseposti–Posti Shipping |
The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. This is due to missing or incorrect nonce validation on the generate_notices_html() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-04 | 6.1 | CVE-2024-10832 |
themesdaddy–Flixita |
The Flixita theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.82 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-10836 |
desertthemes–NewsMunch |
The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-05 | 6.4 | CVE-2024-10848 |
desertthemes–NewsMash |
The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.4 | CVE-2024-10849 |
ultimatemember–ForumWP Forum & Discussion Board |
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-10879 |
sodah–LUNA RADIO PLAYER |
The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘lunaradio’ shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-05 | 6.4 | CVE-2024-10881 |
searchiq–SearchIQ The Search Solution |
The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘siq_searchbox’ shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-10885 |
kingyes–Pojo Forms |
The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. This was partially fixed in version 1.4.8. | 2024-12-06 | 6.3 | CVE-2024-10909 |
Rockwell Automation–Arena |
An “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | 2024-12-05 | 6.7 | CVE-2024-11158 |
GoodLayers–Goodlayers Core |
The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘font-family’ parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-03 | 6.1 | CVE-2024-11200 |
wpexpertsio–myCred Exclusive Platform for Loyalty Points and Rewards Create Leaderboards, Ranks, Badges, Cashback Coupons, Referral Programs, WooCommerce & eCommerce wallet, Gamification Awards, and Achievements. |
The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s mycred_send shortcode in all versions up to, and including, 2.7.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.4 | CVE-2024-11201 |
ultimatemember–ForumWP Forum & Discussion Board |
The ForumWP – Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-11204 |
edgarrojas–PDF Builder for WooCommerce. Create invoices,packing slips and more |
The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.2.136 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-11276 |
bastho–Accounting for WooCommerce |
The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-05 | 6.1 | CVE-2024-11324 |
fatcatapps–Campaign Monitor Forms by Optin Cat |
The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-03 | 6.1 | CVE-2024-11326 |
comfino–Comfino Payment Gateway |
The Comfino Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-11329 |
dactum–Clickbank WordPress Plugin (Storefront) |
The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing or incorrect nonce validation via the cs_menu page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-11336 |
devnethr–Smart PopUp Blaster |
The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘spb-button’ shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.4 | CVE-2024-11339 |
cs123–TwentyTwenty |
The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘twentytwenty’ shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.4 | CVE-2024-11352 |
matansmoove–Smoove connector for Elementor forms |
The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-11367 |
nanard33–Splash Sync |
The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-11368 |
rezaplus–TWChat Send or receive messages from users |
The TWChat – Send or receive messages from users plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.4. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-11374 |
edward_plainview–Broadcast |
The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘do_check’ parameter in all versions up to, and including, 51.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations. | 2024-12-06 | 6.1 | CVE-2024-11379 |
imahui–Mini Program API |
The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘qvideo’ shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-07 | 6.4 | CVE-2024-11380 |
creativethemeshq–Blocksy |
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-05 | 6.4 | CVE-2024-11420 |
genetechproducts–Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! |
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-11436 |
onlyoffice–ONLYOFFICE Docs |
The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘onlyoffice’ shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.4 | CVE-2024-11450 |
harshitpeer–Zooom |
The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘zooom’ shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-07 | 6.4 | CVE-2024-11451 |
samdani–WordPress Pinterest Plugin Make a Popup, User Profile, Masonry and Gallery Layout |
The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘gs_pin_widget’ shortcode in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-11453 |
spartac–Feedpress Generator External RSS Frontend Customizer |
The Feedpress Generator – External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-11457 |
taunoh–Form Data Collector |
The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-03 | 6.1 | CVE-2024-11461 |
alphabposervice–Easy Code Snippets |
The Easy Code Snippets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-11464 |
tomasgroulik–Intro Tour Tutorial DeepPresentation |
The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in all versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-04 | 6.1 | CVE-2024-11466 |
martinnguyen1990–Next-Cart Store to WooCommerce Migration |
The Next-Cart Store to WooCommerce Migration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-11687 |
wphocus–My auctions allegro |
The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 3.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-03 | 6.1 | CVE-2024-11707 |
iqonicdesign–KiviCare Clinic & Patient Management System (EHR) |
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘service_list[0][service_id]’ parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-06 | 6.5 | CVE-2024-11729 |
iqonicdesign–KiviCare Clinic & Patient Management System (EHR) |
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘sort[]’ parameter of the static_data_list AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with doctor/receptionist-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-06 | 6.5 | CVE-2024-11730 |
venutius–BP Profile Shortcodes Extra |
The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tab’ parameter in all versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-03 | 6.5 | CVE-2024-11732 |
wpenhanced–Responsive Videos |
The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘somryv’ shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-11747 |
floristone–Flower Delivery by Florist One |
The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘flower-delivery’ shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-11769 |
alexvtn–WIP WooCarousel Lite |
The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wip_woocarousel_products_carousel’ shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-05 | 6.4 | CVE-2024-11779 |
brandtoss–WP Mailster |
The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘mst_subscribe’ shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-11782 |
soraco–Quick License Manager WooCommerce Plugin |
The Quick License Manager – WooCommerce Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘submit_qlm_products’ parameter in all versions up to, and including, 2.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-03 | 6.1 | CVE-2024-11805 |
calliko–NPS computy |
The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘data1’ and ‘data2’ parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-04 | 6.1 | CVE-2024-11807 |
aminshah74–Pulsating Chat Button |
The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on the amin_chat_button_settings_page() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-04 | 6.1 | CVE-2024-11813 |
algoritmika–Additional Custom Order Status for WooCommerce |
The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_fallback_status parameters in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-04 | 6.1 | CVE-2024-11814 |
vjalby–Folder Gallery |
The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘foldergallery’ shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.1 | CVE-2024-11823 |
mlaza–jAlbum Bridge |
The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ar’ parameter in all versions up to, and including, 2.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-11853 |
webilia–Listdom Business Directory and Classified Ads Listings WordPress Plugin |
The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-11854 |
paulnagle–BMLT Tabbed Map |
The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘bmlt_tabbed_map’ shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-11866 |
bplugins–B Testimonial Testimonial plugin for WP |
The B Testimonial – testimonial plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘b_testimonial’ shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-11880 |
mightyforms–Contact Form, Survey & Form Builder MightyForms |
The Contact Form, Survey & Form Builder – MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘mightyforms’ shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-11897 |
akashmalik–Scratch & Win Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more |
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘swin-campaign’ shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-11898 |
timsayshey–WP eCards |
The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ecard’ shortcode in all versions up to, and including, 1.3.904 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-11903 |
codemstory– |
The 코드엠샵 소셜톡 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘msntt_add_plus_talk’ shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-07 | 6.4 | CVE-2024-11904 |
neotrendy–Email Address Obfuscation |
The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-11935 |
codemstory– |
The 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.2.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-11943 |
mikeyott–WP System |
The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the generate_wp_system_page_content() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-12003 |
francescosganga–WP Media Optimizer (.webp) |
The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘wpmowebp-css-resources’ and ‘wpmowebp-js-resources’ parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-12060 |
nshowketgmailcom–Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal |
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘monthly_sales_current_year’ parameter in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-12128 |
n/a–horilla |
A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-04 | 6.3 | CVE-2024-12138 |
Netgear–R6900 |
A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-04 | 6.5 | CVE-2024-12147 |
tsjippy–Mollie for Contact Form 7 |
The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-12165 |
cmorillas1–Shortcodes Blocks Creator Ultimate |
The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-12166 |
cmorillas1–Shortcodes Blocks Creator Ultimate |
The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-12167 |
Devolutions–Server |
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission. | 2024-12-04 | 6.5 | CVE-2024-12196 |
Shenzhen Dashi Tongzhou Information Technology–AgileBPM |
A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. It has been declared as critical. Affected by this vulnerability is the function doFilter of the file agile-bpm-basic-masterab-authab-auth-spring-security-oauth2srcmainjavacomdstzauthfilterAuthorizationTokenCheckFilter.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 6.3 | CVE-2024-12235 |
cardgate–CardGate Payments for WooCommerce |
The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-12257 |
Jirafeau project–Jirafeau |
Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in CVE-2022-30110. However, it was still possible to do a browser preview of a SVG file by sending a manipulated MIME type during the upload, where the case of any letter in image/svg+xml had been changed (like image/svg+XML). The check for image/svg+xml has been changed to be case insensitive. | 2024-12-06 | 6.1 | CVE-2024-12326 |
TP-Link–VN020 F3v(T) |
A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has been rated as critical. This issue affects some unknown processing of the file /control/WANIPConnection of the component Incomplete SOAP Request Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. | 2024-12-08 | 6.5 | CVE-2024-12342 |
TP-Link–VN020 F3v(T) |
A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. | 2024-12-08 | 6.5 | CVE-2024-12343 |
TP-Link–VN020 F3v(T) |
A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-08 | 6.3 | CVE-2024-12344 |
MediaTek, Inc.–MT6580, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8175, MT8195, MT8321, MT8365, MT8370, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8791T, MT8797, MT8798 |
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728. | 2024-12-02 | 6.7 | CVE-2024-20125 |
MediaTek, Inc.–MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8195, MT8676, MT8678, MT8696, MT8796 |
In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982. | 2024-12-02 | 6.7 | CVE-2024-20130 |
MediaTek, Inc.–MT2737, MT2739, MT6789, MT6813, MT6815, MT6835, MT6835T, MT6855, MT6878, MT6878T, MT6879, MT6886, MT6895, MT6895T, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6985, MT6986, MT6986D, MT6988, MT6989, MT6990, MT6991, MT8673, MT8676, MT8795T, MT8798 |
In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1873. | 2024-12-02 | 6.7 | CVE-2024-20131 |
MediaTek, Inc.–MT2737, MT6298, MT6879, MT6886, MT6895, MT6895T, MT6896, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990, MT8673, MT8676, MT8795T, MT8798 |
In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00957388; Issue ID: MSV-1872. | 2024-12-02 | 6.7 | CVE-2024-20132 |
MediaTek, Inc.–MT6879, MT6886, MT6895, MT6895T, MT6896, MT6980, MT6983, MT8673, MT8676, MT8795T, MT8798 |
In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1871. | 2024-12-02 | 6.7 | CVE-2024-20133 |
MediaTek, Inc.–MT6835, MT6878, MT6879, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8755, MT8775, MT8796, MT8798 |
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09154589; Issue ID: MSV-1866. | 2024-12-02 | 6.7 | CVE-2024-20134 |
MediaTek, Inc.–MT6768, MT6781, MT6833, MT6853, MT6877, MT6878, MT6893, MT6897, MT6989, MT8775, MT8796, MT9687 |
In soundtrigger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09142526; Issue ID: MSV-1841. | 2024-12-02 | 6.7 | CVE-2024-20135 |
MediaTek, Inc.–MT2737, MT6781, MT6789, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8195, MT8370, MT8390, MT8673, MT8676, MT8678, MT8755, MT8775, MT8781, MT8795T, MT8796, MT8798, MT8893 |
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821. | 2024-12-02 | 6.2 | CVE-2024-20136 |
MediaTek, Inc.–MT2737, MT3605, MT6985, MT6989, MT6990, MT7925, MT7927, MT8518S, MT8532, MT8678 |
In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600. | 2024-12-02 | 6.5 | CVE-2024-20139 |
Qualcomm, Inc.–Snapdragon |
Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. | 2024-12-02 | 6.7 | CVE-2024-33036 |
Qualcomm, Inc.–Snapdragon |
Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. | 2024-12-02 | 6.1 | CVE-2024-33037 |
Qualcomm, Inc.–Snapdragon |
Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service. | 2024-12-02 | 6.7 | CVE-2024-33039 |
Qualcomm, Inc.–Snapdragon |
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access. | 2024-12-02 | 6.7 | CVE-2024-33040 |
Qualcomm, Inc.–Snapdragon |
Memory corruption when multiple threads try to unregister the CVP buffer at the same time. | 2024-12-02 | 6.7 | CVE-2024-33053 |
IBM–Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 2024-12-03 | 6.5 | CVE-2024-41776 |
HCL Software–Launch |
HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. | 2024-12-06 | 6.2 | CVE-2024-42196 |
Ruijie–Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie’s services | 2024-12-06 | 6.5 | CVE-2024-42494 |
SonicWall–SMA100 |
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication. | 2024-12-05 | 6.3 | CVE-2024-45319 |
averta–Slider & Popup Builder by Depicter Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel |
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.4 | CVE-2024-4633 |
IBM–QRadar SIEM |
IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2024-12-07 | 6.4 | CVE-2024-47107 |
Ruijie–Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. | 2024-12-06 | 6.5 | CVE-2024-47146 |
Samsung Mobile–GamingHub |
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview. | 2024-12-03 | 6.5 | CVE-2024-49418 |
Palantir–com.palantir.gotham:external-artifacts |
Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn’t have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users. The affected service have been patched and automatically deployed to all Apollo-managed Foundry instances. | 2024-12-02 | 6.5 | CVE-2024-49581 |
extendthemes–Colibri Page Builder |
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin’s bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-5020 |
n/a–n/a |
A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. | 2024-12-06 | 6.1 | CVE-2024-50677 |
Ruijie–Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user’s session and cause a denial-of-service attack on a user’s account. | 2024-12-06 | 6.5 | CVE-2024-51727 |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager |
An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | 2024-12-03 | 6.4 | CVE-2024-51772 |
Ben Marshall–Jobify – Job Board WordPress Theme |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ben Marshall Jobify – Job Board WordPress Theme allows Stored XSS.This issue affects Jobify – Job Board WordPress Theme: from n/a through 4.2.3. | 2024-12-02 | 6.5 | CVE-2024-52478 |
SolverWP–Elementor Portfolio Builder |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SolverWP Elementor Portfolio Builder allows DOM-Based XSS.This issue affects Elementor Portfolio Builder: from n/a through 1.0.0. | 2024-12-02 | 6.5 | CVE-2024-52486 |
WebCodingPlace–Ultimate Classified Listings |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in WebCodingPlace Ultimate Classified Listings allows Stored XSS.This issue affects Ultimate Classified Listings: from n/a through 1.4. | 2024-12-02 | 6.5 | CVE-2024-52487 |
Imbasynergy–ImbaChat |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Imbasynergy ImbaChat allows DOM-Based XSS.This issue affects ImbaChat: from n/a through 3.1.4. | 2024-12-02 | 6.5 | CVE-2024-52502 |
Tailored Web Services–Tailored Tools |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Tailored Web Services Tailored Tools allows Stored XSS.This issue affects Tailored Tools: from n/a through 1.8.4. | 2024-12-02 | 6.5 | CVE-2024-52503 |
Lorex–2K Indoor Wi-Fi Security Camera |
An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. | 2024-12-03 | 6.5 | CVE-2024-52545 |
Lorex–2K Indoor Wi-Fi Security Camera |
An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. | 2024-12-03 | 6.7 | CVE-2024-52548 |
quic-go–quic-go |
quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a “message too large” error on sendmsg, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet. By setting this value to smaller than 1200 bytes (the minimum MTU for QUIC), the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake, thereby circumventing any TCP fallback that might be implemented on the application layer (for example, many browsers fall back to HTTP over TCP if they’re unable to establish a QUIC connection). The attacker needs to at least know the client’s IP and port tuple to mount an attack. This vulnerability is fixed in 0.48.2. | 2024-12-02 | 6.5 | CVE-2024-53259 |
n/a–n/a |
A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges. | 2024-12-04 | 6.5 | CVE-2024-53614 |
bdevs–Generic Elements |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in bdevs Generic Elements allows DOM-Based XSS.This issue affects Generic Elements: from n/a through 1.2.3. | 2024-12-02 | 6.5 | CVE-2024-53709 |
Stachethemes–Advanced Event Manager |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stachethemes Advanced Event Manager allows Stored XSS.This issue affects Advanced Event Manager: from n/a through 1.1.6. | 2024-12-02 | 6.5 | CVE-2024-53721 |
Garrett Grimm–Simple Popup |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Garrett Grimm Simple Popup allows DOM-Based XSS.This issue affects Simple Popup: from n/a through 4.6. | 2024-12-02 | 6.5 | CVE-2024-53741 |
LOOS,Inc.–Arkhe Blocks |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.27.0. | 2024-12-06 | 6.5 | CVE-2024-53794 |
Themesflat–Themesflat Addons For Elementor |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.2. | 2024-12-06 | 6.5 | CVE-2024-53796 |
The Beaver Builder Team–Beaver Builder |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.4.3. | 2024-12-06 | 6.5 | CVE-2024-53797 |
BoldThemes–Bold Page Builder |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.2.1. | 2024-12-06 | 6.5 | CVE-2024-53801 |
FuturioWP–Futurio Extra |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.14. | 2024-12-06 | 6.5 | CVE-2024-53802 |
brandtoss–WP Mailster |
Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. | 2024-12-06 | 6.5 | CVE-2024-53803 |
POSIMYTH–WDesignkit |
Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through 1.0.40. | 2024-12-06 | 6.6 | CVE-2024-53811 |
WP Travel–WP Travel |
Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0. | 2024-12-06 | 6.5 | CVE-2024-53813 |
Captivate Audio Ltd–Captivate Sync |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Captivate Audio Ltd Captivate Sync allows Stored XSS.This issue affects Captivate Sync: from n/a through 2.0.22. | 2024-12-06 | 6.5 | CVE-2024-53820 |
POSIMYTH–The Plus Addons for Elementor Page Builder Lite |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.14. | 2024-12-06 | 6.5 | CVE-2024-53823 |
CodexShaper–Advanced Element Bucket Addons for Elementor |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CodexShaper Advanced Element Bucket Addons for Elementor allows Stored XSS.This issue affects Advanced Element Bucket Addons for Elementor: from n/a through 1.0.2. | 2024-12-06 | 6.5 | CVE-2024-54210 |
Noor alam–Magical Addons For Elementor |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.2.6. | 2024-12-06 | 6.5 | CVE-2024-54212 |
zionbuilder.io–WordPress Page Builder Zion Builder |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in zionbuilder.io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPress Page Builder – Zion Builder: from n/a through 3.6.12. | 2024-12-06 | 6.5 | CVE-2024-54213 |
n/a–n/a |
app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format. | 2024-12-04 | 6.1 | CVE-2024-54674 |
n/a–n/a |
app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow. | 2024-12-04 | 6.1 | CVE-2024-54675 |
owthub–Library Management System Manage e-Digital Books Library |
The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value’ parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-07 | 6.8 | CVE-2024-8679 |
wpbits–WPBITS Addons For Elementor Page Builder |
The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-12-04 | 6.4 | CVE-2024-8962 |
bdthemes–Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) |
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-9058 |
CMSMasters–CMSMasters Elementor Addon |
The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-9694 |
Google–Android |
In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of Bounds Read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 5.5 | CVE-2018-9408 |
Google–Android |
In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-12-02 | 5.5 | CVE-2018-9423 |
Google–Android |
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-12-03 | 5.5 | CVE-2018-9441 |
Google–Android |
In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-12-03 | 5.5 | CVE-2018-9449 |
IBM–Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | 2024-12-03 | 5.9 | CVE-2021-29892 |
Pegasystems–Pega Infinity |
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. | 2024-12-05 | 5.9 | CVE-2024-10716 |
OpenBSD–OpenBSD |
In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any ‘/’ in readdir name validation to avoid unexpected directory traversal on untrusted file systems. | 2024-12-05 | 5 | CVE-2024-10933 |
pickplugins–Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins |
The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status. | 2024-12-05 | 5.3 | CVE-2024-10937 |
SICK AG–SICK InspectorP61x |
The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore vulnerable for a replay attack. | 2024-12-06 | 5.6 | CVE-2024-11022 |
burgthaleratsirconic–SG Helper |
The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-12-04 | 5.5 | CVE-2024-11093 |
nimeshrmr–WP Private Content Plus |
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2024-12-06 | 5.3 | CVE-2024-11292 |
Hi e-learning–Learning Management System (LMS) |
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS.This issue affects Learning Management System (LMS): before 06.12.2024. | 2024-12-06 | 5.4 | CVE-2024-11321 |
fatcatapps–AWeber Forms by Optin Cat |
The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-03 | 5.2 | CVE-2024-11325 |
Red Hat–Red Hat Trusted Artifact Signer |
A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message. | 2024-12-06 | 5.3 | CVE-2024-11738 |
Drupal–Drupal Core |
A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10. | 2024-12-05 | 5.9 | CVE-2024-11942 |
akirk–Friends |
The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website, accept the friend request for the targeted website, and then communicate with the site as an accepted friend. | 2024-12-06 | 5.3 | CVE-2024-12028 |
OpenHarmony–OpenHarmony |
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 2024-12-03 | 5.5 | CVE-2024-12082 |
Devolutions–Server |
Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. | 2024-12-04 | 5 | CVE-2024-12151 |
code-projects–Hotel Management System |
A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Administrator Login Password Handler. The manipulation of the argument Str2 leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 5.3 | CVE-2024-12185 |
code-projects–Hotel Management System |
A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argument admin_entry leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 5.3 | CVE-2024-12186 |
MSI–Dragon Center |
A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. Upgrading to version 2.0.148.0 is able to address this issue. It is recommended to upgrade the affected component. | 2024-12-05 | 5.5 | CVE-2024-12227 |
nshowketgmailcom–Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal |
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ‘save_settings’, ‘export_csv’, and ‘simpleecommcart-action’ actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users). | 2024-12-07 | 5.4 | CVE-2024-12253 |
Cisco–Cisco NX-OS Software |
A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software. | 2024-12-04 | 5.2 | CVE-2024-20397 |
IBM–Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. | 2024-12-03 | 5.5 | CVE-2024-25019 |
IBM–Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further attacks. | 2024-12-03 | 5.5 | CVE-2024-25020 |
IBM–Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks. | 2024-12-03 | 5.3 | CVE-2024-25035 |
HCL Software–Nomad server on Domino |
The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address. | 2024-12-06 | 5.3 | CVE-2024-30129 |
IBM–Db2 for Linux, UNIX and Windows |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. | 2024-12-07 | 5.3 | CVE-2024-37071 |
element-hq–synapse |
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. Synapse 1.106 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector. | 2024-12-03 | 5.3 | CVE-2024-37303 |
tassos.gr–Convert Forms component for Joomla |
Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8. | 2024-12-04 | 5.4 | CVE-2024-40745 |
IBM–Db2 for Linux, UNIX and Windows |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | 2024-12-07 | 5.3 | CVE-2024-41762 |
IBM–Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 2024-12-03 | 5.9 | CVE-2024-41775 |
Samsung Mobile–Samsung Mobile Devices |
Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. | 2024-12-03 | 5.9 | CVE-2024-49410 |
Samsung Mobile–Samsung Mobile Devices |
Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch. | 2024-12-03 | 5.5 | CVE-2024-49412 |
n/a–n/a |
Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2024-12-04 | 5.3 | CVE-2024-51210 |
Richard K Miller–What Would Seth Godin Do |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Richard K Miller What Would Seth Godin Do allows Stored XSS.This issue affects What Would Seth Godin Do: from n/a through 2.1.1. | 2024-12-02 | 5.9 | CVE-2024-51900 |
Udi Dollberg–Add Chat App Button |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Udi Dollberg Add Chat App Button allows Stored XSS.This issue affects Add Chat App Button: from n/a through 2.1.5. | 2024-12-02 | 5.9 | CVE-2024-52489 |
Sanil Shakya–Sticky Social Icons |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Sanil Shakya Sticky Social Icons allows Stored XSS.This issue affects Sticky Social Icons: from n/a through 1.2.1. | 2024-12-02 | 5.9 | CVE-2024-52491 |
Gopi Ramasamy–Image horizontal reel scroll slideshow |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Gopi Ramasamy Image horizontal reel scroll slideshow allows Stored XSS.This issue affects Image horizontal reel scroll slideshow: from n/a through 13.4. | 2024-12-02 | 5.9 | CVE-2024-52492 |
Josh Leuze–Meteor Slides |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Josh Leuze Meteor Slides allows Stored XSS.This issue affects Meteor Slides: from n/a through 1.5.7. | 2024-12-02 | 5.9 | CVE-2024-52493 |
Matt Varone, Tim Berneman–Dynamic “To Top” |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Matt Varone, Tim Berneman Dynamic “To Top” allows Stored XSS.This issue affects Dynamic “To Top”: from 3.5.2 through n/a. | 2024-12-02 | 5.9 | CVE-2024-52494 |
Lorex–2K Indoor Wi-Fi Security Camera |
An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. | 2024-12-03 | 5.3 | CVE-2024-52546 |
Planet Technology–Planet WGS-804HPT |
The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program. | 2024-12-06 | 5.3 | CVE-2024-52558 |
n/a–n/a |
Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php. | 2024-12-04 | 5.4 | CVE-2024-52676 |
n/a–n/a |
A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious SQL queries. | 2024-12-02 | 5.4 | CVE-2024-53364 |
n/a–n/a |
Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter. | 2024-12-02 | 5.4 | CVE-2024-53459 |
n/a–n/a |
An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal. | 2024-12-02 | 5.5 | CVE-2024-53566 |
SonicWall–SMA100 |
Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret. | 2024-12-05 | 5.3 | CVE-2024-53702 |
AutoQuiz–AI Quiz |
Missing Authorization vulnerability in AutoQuiz AI Quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through 1.1. | 2024-12-02 | 5.3 | CVE-2024-53708 |
Abdul Hakeem–Build App Online |
Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22. | 2024-12-02 | 5.4 | CVE-2024-53751 |
P. Roy–WP Revisions Manager |
Cross-Site Request Forgery (CSRF) vulnerability in P. Roy WP Revisions Manager allows Cross Site Request Forgery.This issue affects WP Revisions Manager: from n/a through 1.0.2. | 2024-12-02 | 5.4 | CVE-2024-53761 |
Andy Moyle–Church Admin |
Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8. | 2024-12-06 | 5.3 | CVE-2024-53795 |
WpMaspik–Maspik Spam blacklist |
Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through 2.2.7. | 2024-12-06 | 5.4 | CVE-2024-53806 |
WPSight–WPCasa |
Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13. | 2024-12-06 | 5.3 | CVE-2024-53826 |
erlang–otp |
OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa). | 2024-12-05 | 5.5 | CVE-2024-53846 |
kanboard–kanboard |
Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41. | 2024-12-05 | 5.5 | CVE-2024-54001 |
DependencyTrack–dependency-track |
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes significantly longer than performing the same action with a username that is not known by the system. The observable difference in request duration can be leveraged by actors to enumerate valid names of managed users. LDAP and OpenID Connect users are not affected. The issue has been fixed in Dependency-Track 4.12.2. | 2024-12-04 | 5.3 | CVE-2024-54002 |
directus–directus |
Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0. | 2024-12-05 | 5.7 | CVE-2024-54128 |
URBAN BASE–Z-Downloads |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in URBAN BASE Z-Downloads allows Stored XSS.This issue affects Z-Downloads: from n/a through 1.11.7. | 2024-12-06 | 5.9 | CVE-2024-54206 |
Owen Cutajar & Hyder Jaffari–WordPress Auction Plugin |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPress Auction Plugin: from n/a through 3.7. | 2024-12-06 | 5.9 | CVE-2024-54207 |
Visualmodo–Borderless |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Visualmodo Borderless allows Cross-Site Scripting (XSS).This issue affects Borderless: from n/a through 1.5.8. | 2024-12-06 | 5.9 | CVE-2024-54211 |
RestApp Inc.–Online Ordering System |
Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: 8.2.1. NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1. | 2024-12-04 | 5.3 | CVE-2024-7488 |
andreiigna–If Menu Visibility control for Menus |
The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin’s license key due to a missing capability check on the ‘actions’ function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key. | 2024-12-07 | 5.3 | CVE-2024-7894 |
Moxa–VPort 07-3 Series |
Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment. Because of insufficient input validation, this service may be manipulated to trigger a denial-of-service. This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent potential exploitation. | 2024-12-04 | 5.3 | CVE-2024-9404 |
rstheme2017–Ultimate Coming Soon & Maintenance |
The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon / maintenance page. | 2024-12-06 | 5.3 | CVE-2024-9706 |
sasonikolov–Event Tickets with Ticket Scanner |
The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data’ parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorization on the functionality to manage tickets. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This missing authorization aspect of this was patched in 2.4.1, while the Cross-Site Scripting was fully patched in 2.4.4. | 2024-12-06 | 5.4 | CVE-2024-9866 |
vcita–Online Booking & Scheduling Calendar for WordPress by vcita |
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_user_data_callback() function in all versions up to, and including, 4.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts and update settings. | 2024-12-06 | 5.4 | CVE-2024-9872 |
OpenHarmony–OpenHarmony |
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 2024-12-03 | 5.5 | CVE-2024-9978 |
Synology–Surveillance Station |
Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors. | 2024-12-04 | 4.3 | CVE-2023-52943 |
Synology–Surveillance Station |
Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors. | 2024-12-04 | 4.3 | CVE-2023-52944 |
NVIDIA–Base Command Manager |
NVIDIA Base Command Manager and Bright Cluster Manager for Linux contain an insecure temporary file vulnerability. A successful exploit of this vulnerability might lead to denial of service. | 2024-12-06 | 4.4 | CVE-2024-0139 |
Unknown–3DPrint Lite |
The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 2024-12-06 | 4.3 | CVE-2024-10480 |
Unknown–Sticky Social Icons |
The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-06 | 4.8 | CVE-2024-10551 |
smarettheme–Eleblog Elementor Blog And Magazine Addons |
The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason. | 2024-12-04 | 4.3 | CVE-2024-10663 |
codesavory–Knowledge Base documentation & wiki plugin BasePress Docs |
The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.16.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the database. | 2024-12-04 | 4.3 | CVE-2024-10664 |
webangon–XLTab Accordions and Tabs for Elementor Page Builder |
The XLTab – Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the ‘XLTAB_INSERT_TPL’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 2024-12-06 | 4.3 | CVE-2024-10689 |
ideaboxcreations–PowerPack Elementor Addons (Free Widgets, Extensions and Templates) |
The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | 2024-12-06 | 4.3 | CVE-2024-10692 |
wpvibes–AnyWhere Elementor |
The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the ‘INSERT_ELEMENTOR’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 2024-12-05 | 4.3 | CVE-2024-10777 |
choijun–LA-Studio Element Kit for Elementor |
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the ‘elementor-template’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created by Elementor that they should not have access to. | 2024-12-04 | 4.3 | CVE-2024-10787 |
Unknown–WP Booking Calendar |
The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-03 | 4.8 | CVE-2024-10893 |
ecolosites–Simple Redirection |
The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin’s settings and redirect all site visitors via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-05 | 4.3 | CVE-2024-11341 |
clicksend–SMS for Lead Capture Forms |
The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary messages. | 2024-12-07 | 4.3 | CVE-2024-11353 |
cluevo–CLUEVO LMS, E-Learning Platform |
The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevo_render_module_ui() function. This makes it possible for unauthenticated attackers to delete modules via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-06 | 4.3 | CVE-2024-11444 |
northernbeacheswebsites–IdeaPush |
The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete terms for the “boards” taxonomy. | 2024-12-03 | 4.3 | CVE-2024-11844 |
ASUS–RT-AX55 |
An improper input validation vulnerability leads to device crashes in certain ASUS router models. Refer to the ’12/03/2024 ASUS Router Improper Input Validation’ section on the ASUS Security Advisory for more information. | 2024-12-04 | 4.4 | CVE-2024-11985 |
kofimokome–Message Filter for Contact Form 7 |
The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters. | 2024-12-07 | 4.3 | CVE-2024-12026 |
kofimokome–Message Filter for Contact Form 7 |
The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update and delete filters. | 2024-12-06 | 4.3 | CVE-2024-12027 |
nicheaddons–Charity Addon for Elementor |
The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the ‘nacharity_elementor_template’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 2024-12-03 | 4.3 | CVE-2024-12062 |
getdollie–Dollie Hub Build Your Own WordPress Cloud Platform |
The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the ‘elementor-template’ shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | 2024-12-04 | 4.3 | CVE-2024-12099 |
jerryscg–Gold Addons for Elementor |
The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate and deactivate licenses. | 2024-12-06 | 4.3 | CVE-2024-12110 |
ays-pro–Poll Maker Versus Polls, Anonymous Polls, Image Polls |
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-07 | 4.3 | CVE-2024-12115 |
Devolutions–Server |
Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints. | 2024-12-04 | 4.3 | CVE-2024-12148 |
Mattermost–Mattermost |
Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated. | 2024-12-05 | 4.6 | CVE-2024-12247 |
MediaTek, Inc.–MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798 |
In cmdq, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09057438; Issue ID: MSV-1696. | 2024-12-02 | 4.4 | CVE-2024-20116 |
IBM–Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields. | 2024-12-03 | 4.3 | CVE-2024-25036 |
Spring by VMware Tanzu–Spring Security |
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly. | 2024-12-02 | 4.8 | CVE-2024-38827 |
IBM–Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction. | 2024-12-03 | 4.3 | CVE-2024-45676 |
Microsoft–Microsoft Edge (Chromium-based) |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2024-12-06 | 4.3 | CVE-2024-49041 |
Samsung Mobile–Samsung Mobile Devices |
Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. | 2024-12-03 | 4.3 | CVE-2024-49411 |
Samsung Mobile–SmartThings |
Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information. | 2024-12-03 | 4 | CVE-2024-49416 |
Samsung Mobile–GamingHub |
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview. | 2024-12-03 | 4.3 | CVE-2024-49419 |
Samsung Mobile–Quick Share Agent |
Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location. | 2024-12-03 | 4.3 | CVE-2024-49421 |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager |
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user’s data and altering information within the user’s permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user’s session. | 2024-12-03 | 4.8 | CVE-2024-51773 |
Ben Marshall–Jobify – Job Board WordPress Theme |
Cross-Site Request Forgery (CSRF) vulnerability in Ben Marshall Jobify – Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify – Job Board WordPress Theme: from n/a through 4.2.3. | 2024-12-02 | 4.3 | CVE-2024-52479 |
vitessio–vitess |
Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered using text/template instead of rendering with a proper HTML templating engine. This vulnerability is fixed in 21.0.1, 20.0.4, and 19.0.8. | 2024-12-03 | 4.9 | CVE-2024-53257 |
n/a–n/a |
A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload. | 2024-12-02 | 4.8 | CVE-2024-53617 |
Hewlett Packard Enterprise (HPE)–HPE Aruba Networking ClearPass Policy Manager |
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system. | 2024-12-03 | 4.7 | CVE-2024-53672 |
Ahmet mamolu–Ahmeti Wp Gzel Szler |
Cross-Site Request Forgery (CSRF) vulnerability in Ahmet İmamoğlu Ahmeti Wp Güzel Sözler allows Cross Site Request Forgery.This issue affects Ahmeti Wp Güzel Sözler: from n/a through 4.0. | 2024-12-02 | 4.3 | CVE-2024-53707 |
TannerRitchie Web Applications/DancePress–DancePress (TRWA) |
Cross-Site Request Forgery (CSRF) vulnerability in TannerRitchie Web Applications/DancePress DancePress (TRWA) allows Cross Site Request Forgery.This issue affects DancePress (TRWA): from n/a through 3.1.11. | 2024-12-02 | 4.3 | CVE-2024-53775 |
E-goi–Smart Marketing SMS and Newsletters Forms |
Missing Authorization vulnerability in E-goi Smart Marketing SMS and Newsletters Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Marketing SMS and Newsletters Forms: from n/a through 5.0.9. | 2024-12-02 | 4.3 | CVE-2024-53784 |
BAKKBONE Australia–FloristPress |
Missing Authorization vulnerability in BAKKBONE Australia FloristPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FloristPress: from n/a through 7.3.0. | 2024-12-06 | 4.3 | CVE-2024-53799 |
Kiboko Labs–Namaste! LMS |
Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste! LMS allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through 2.6.4.1. | 2024-12-06 | 4.3 | CVE-2024-53809 |
Ninja Team–Filebird |
Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2. | 2024-12-06 | 4.7 | CVE-2024-53825 |
element-hq–synapse |
Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1. | 2024-12-03 | 4.3 | CVE-2024-53867 |
nanopb–nanopb |
Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB_DECODE_DELIMITED, then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1. | 2024-12-02 | 4.3 | CVE-2024-53984 |
JetBrains–YouTrack |
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack | 2024-12-04 | 4.2 | CVE-2024-54156 |
JetBrains–YouTrack |
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector | 2024-12-04 | 4.3 | CVE-2024-54157 |
n/a–n/a |
CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. | 2024-12-05 | 4.3 | CVE-2024-54679 |
ServiceNow–Now Platform |
ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance(s) as soon as possible. | 2024-12-02 | 4.3 | CVE-2024-5890 |
Zyxel–VMG3625-T50B firmware |
A post-authentication buffer overflow vulnerability in the parameter “action” of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled. | 2024-12-03 | 4.9 | CVE-2024-9197 |
rstheme2017–Ultimate Coming Soon & Maintenance |
The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘ucsm_update_template_name_lite’ function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the name of the plugin’s templates. | 2024-12-06 | 4.3 | CVE-2024-9705 |
totalsoft–Video Gallery YouTube Gallery and Vimeo Gallery |
The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-12-06 | 4.4 | CVE-2024-9769 |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
---|---|---|---|---|
Hewlett Packard Enterprise–HPE IceWall |
A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification. | 2024-12-02 | 3.7 | CVE-2024-11856 |
n/a–DedeCMS |
A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-04 | 3.5 | CVE-2024-12180 |
n/a–DedeCMS |
A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-04 | 3.5 | CVE-2024-12181 |
n/a–DedeCMS |
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-04 | 3.5 | CVE-2024-12182 |
n/a–DedeCMS |
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-04 | 3.5 | CVE-2024-12183 |
code-projects–Simple CRUD Functionality |
A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument newtitle/newdescr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 3.5 | CVE-2024-12232 |
VMware Tanzu–Spring LDAP |
A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820 | 2024-12-04 | 3.7 | CVE-2024-38829 |
HCL Software–DevOps Deploy / Launch |
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | 2024-12-05 | 3.1 | CVE-2024-42195 |
n/a–n/a |
Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page. | 2024-12-03 | 3.8 | CVE-2024-53502 |
JetBrains–YouTrack |
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | 2024-12-04 | 3.1 | CVE-2024-54153 |
JetBrains–YouTrack |
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | 2024-12-04 | 3.7 | CVE-2024-54155 |
JetBrains–YouTrack |
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding | 2024-12-04 | 3.5 | CVE-2024-54158 |
Canonical Ltd.–LXD |
Mark Laing discovered that LXD’s PKI mode, until version 5.21.2, could be bypassed if the client’s certificate was present in the trust store. | 2024-12-06 | 3.8 | CVE-2024-6156 |
Canonical Ltd.–LXD |
Mark Laing discovered in LXD’s PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. | 2024-12-06 | 3.8 | CVE-2024-6219 |
Samsung Mobile–Samsung Mobile Devices |
Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. | 2024-12-03 | 2.4 | CVE-2024-49414 |
Samsung Mobile–Smart Touch Call |
Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability. | 2024-12-03 | 2 | CVE-2024-49417 |
n/a–n/a |
An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process. | 2024-12-03 | 2.8 | CVE-2024-53921 |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source Info |
---|---|---|---|---|
Google–Android |
In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | not yet calculated | CVE-2018-9416 |
n/a–n/a |
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets. | 2024-12-05 | not yet calculated | CVE-2023-48010 |
n/a–n/a |
Oxide control plane software before 5 allows SSRF. | 2024-12-05 | not yet calculated | CVE-2023-50913 |
B&R Industrial Automation GmbH–B&R mapp Cockpit |
An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions. B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project. | 2024-12-02 | not yet calculated | CVE-2024-10490 |
Infinix Mobile–com.transsion.agingfunction |
Infinix devices contain a pre-loaded “com.transsion.agingfunction” application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions. After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices. | 2024-12-04 | not yet calculated | CVE-2024-10576 |
Rockwell Automation–Arena |
An “out of bounds write” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | 2024-12-05 | not yet calculated | CVE-2024-11156 |
Unknown–Simple Side Tab |
The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-07 | not yet calculated | CVE-2024-11183 |
Issuetrak–Issuetrak |
A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket. | 2024-12-04 | not yet calculated | CVE-2024-11479 |
arcinfo–PcVue |
The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit the attacker to bypass user privileges. | 2024-12-04 | not yet calculated | CVE-2024-12056 |
Mogify Infotech–Tinxy |
This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number. | 2024-12-05 | not yet calculated | CVE-2024-12094 |
Issuetrak–Issuetrak |
A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. The ticket requester can be changed from the original requester to another user in the same application, which the application then accepts. | 2024-12-04 | not yet calculated | CVE-2024-12123 |
Rockwell Automation–Arena |
An “out of bounds read” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | 2024-12-05 | not yet calculated | CVE-2024-12130 |
Python Software Foundation–CPython |
Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not “pause” writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the “high-water mark”. Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected. | 2024-12-06 | not yet calculated | CVE-2024-12254 |
MediaTek, Inc.–MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8321, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8797, MT8798, MT8863T |
In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2025. | 2024-12-02 | not yet calculated | CVE-2024-20129 |
n/a–n/a |
An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component. | 2024-12-03 | not yet calculated | CVE-2024-29404 |
n/a–n/a |
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function. | 2024-12-02 | not yet calculated | CVE-2024-29645 |
n/a–n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. | 2024-12-05 | not yet calculated | CVE-2024-30961 |
n/a–n/a |
Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process | 2024-12-05 | not yet calculated | CVE-2024-30962 |
n/a–n/a |
The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity. | 2024-12-04 | not yet calculated | CVE-2024-37574 |
n/a–n/a |
The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.default_dialer.DefaultDialerActivity component. | 2024-12-04 | not yet calculated | CVE-2024-37575 |
n/a–n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_rand ` . | 2024-12-06 | not yet calculated | CVE-2024-38921 |
n/a–n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose. | 2024-12-06 | not yet calculated | CVE-2024-38922 |
n/a–n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl odom_frame_id` . | 2024-12-06 | not yet calculated | CVE-2024-38923 |
n/a–n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl laser_model_type` . | 2024-12-06 | not yet calculated | CVE-2024-38924 |
n/a–n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_max` . | 2024-12-06 | not yet calculated | CVE-2024-38925 |
n/a–n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`. | 2024-12-06 | not yet calculated | CVE-2024-38926 |
n/a–n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl do_beamskip`. | 2024-12-06 | not yet calculated | CVE-2024-38927 |
n/a–n/a |
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints. | 2024-12-04 | not yet calculated | CVE-2024-39163 |
n/a–n/a |
An issue in Aginode GigaSwitch V5 before version 7.06G allows authenticated attackers with Administrator privileges to upload an earlier firmware version, exposing the device to previously patched vulnerabilities. | 2024-12-04 | not yet calculated | CVE-2024-39219 |
Veeam–Backup & Replication |
A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privileges by default. The user can update a job and schedule it to run almost immediately, allowing arbitrary code execution on the server. | 2024-12-04 | not yet calculated | CVE-2024-40717 |
n/a–n/a |
DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability | 2024-12-05 | not yet calculated | CVE-2024-41579 |
n/a–n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. | 2024-12-06 | not yet calculated | CVE-2024-41644 |
n/a–n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. | 2024-12-06 | not yet calculated | CVE-2024-41645 |
n/a–n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. | 2024-12-06 | not yet calculated | CVE-2024-41646 |
n/a–n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. | 2024-12-06 | not yet calculated | CVE-2024-41647 |
n/a–n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller. | 2024-12-06 | not yet calculated | CVE-2024-41648 |
n/a–n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. | 2024-12-06 | not yet calculated | CVE-2024-41649 |
n/a–n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. | 2024-12-06 | not yet calculated | CVE-2024-41650 |
Veeam–Service Provider Console |
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine. | 2024-12-04 | not yet calculated | CVE-2024-42449 |
Veeam–Backup & Replication |
A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker’s side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform. | 2024-12-04 | not yet calculated | CVE-2024-42451 |
Veeam–Backup & Replication |
A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, leading to full system compromise. | 2024-12-04 | not yet calculated | CVE-2024-42452 |
Veeam–Backup & Replication |
A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services. | 2024-12-04 | not yet calculated | CVE-2024-42453 |
Veeam–Backup & Replication |
A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process. | 2024-12-04 | not yet calculated | CVE-2024-42455 |
Veeam–Backup & Replication |
A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions. | 2024-12-04 | not yet calculated | CVE-2024-42456 |
Veeam–Backup & Replication |
A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext. | 2024-12-04 | not yet calculated | CVE-2024-42457 |
n/a–n/a |
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). | 2024-12-06 | not yet calculated | CVE-2024-44852 |
n/a–n/a |
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl(). | 2024-12-06 | not yet calculated | CVE-2024-44853 |
n/a–n/a |
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan(). | 2024-12-06 | not yet calculated | CVE-2024-44854 |
n/a–n/a |
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner(). | 2024-12-06 | not yet calculated | CVE-2024-44855 |
n/a–n/a |
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner(). | 2024-12-06 | not yet calculated | CVE-2024-44856 |
Veeam–Backup & Replication |
A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities. | 2024-12-04 | not yet calculated | CVE-2024-45204 |
Ubiquiti–UniFi iOS App |
An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App (Version 10.17.7 and earlier) Mitigation: UniFi iOS App (Version 10.18.0 or later). | 2024-12-04 | not yet calculated | CVE-2024-45205 |
Veeam–Service Provider Console |
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. | 2024-12-04 | not yet calculated | CVE-2024-45206 |
Veeam–Agent for Windows |
DLL injection in Veeam Agent for Windows can occur if the system’s PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services | 2024-12-04 | not yet calculated | CVE-2024-45207 |
n/a–n/a |
An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access. | 2024-12-03 | not yet calculated | CVE-2024-45757 |
I-O DATA DEVICE, INC.–UD-LT1 |
Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained. | 2024-12-05 | not yet calculated | CVE-2024-45841 |
n/a–n/a |
An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file. | 2024-12-03 | not yet calculated | CVE-2024-46625 |
I-O DATA DEVICE, INC.–UD-LT1 |
UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands. | 2024-12-05 | not yet calculated | CVE-2024-47133 |
n/a–n/a |
An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function | 2024-12-04 | not yet calculated | CVE-2024-48453 |
n/a–n/a |
PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter. | 2024-12-06 | not yet calculated | CVE-2024-48703 |
QNAP Systems Inc.–QTS |
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-48859 |
QNAP Systems Inc.–License Center |
A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9.43 and later | 2024-12-06 | not yet calculated | CVE-2024-48863 |
QNAP Systems Inc.–QTS |
An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-48865 |
QNAP Systems Inc.–QTS |
An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-48866 |
QNAP Systems Inc.–QTS |
An improper neutralization of CRLF sequences (‘CRLF Injection’) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-48867 |
QNAP Systems Inc.–QTS |
An improper neutralization of CRLF sequences (‘CRLF Injection’) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-48868 |
PlexRipper–PlexRipper |
PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s Plex login. This vulnerability is fixed in 0.24.0. | 2024-12-02 | not yet calculated | CVE-2024-49763 |
Snap One–OVRC cloud |
Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device. | 2024-12-02 | not yet calculated | CVE-2024-50380 |
Snap One–OVRC cloud |
A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a request to claim it. | 2024-12-02 | not yet calculated | CVE-2024-50381 |
QNAP Systems Inc.–SMB Service |
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later | 2024-12-06 | not yet calculated | CVE-2024-50387 |
QNAP Systems Inc.–HBS 3 Hybrid Backup Sync |
An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later | 2024-12-06 | not yet calculated | CVE-2024-50388 |
QNAP Systems Inc.–QuRouter |
A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later | 2024-12-06 | not yet calculated | CVE-2024-50389 |
QNAP Systems Inc.–QTS |
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-50393 |
QNAP Systems Inc.–QTS |
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-50402 |
QNAP Systems Inc.–QTS |
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-50403 |
QNAP Systems Inc.–Qsync Central |
A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later | 2024-12-06 | not yet calculated | CVE-2024-50404 |
n/a–n/a |
Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code. | 2024-12-03 | not yet calculated | CVE-2024-51363 |
DocuSign–DocuSign |
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue affects DocuSign: through 2024-12-04. | 2024-12-04 | not yet calculated | CVE-2024-52269 |
DropBox(HelloSign)–DropBox Sign |
User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DropBox Sign(HelloSign): through 2024-12-04. | 2024-12-05 | not yet calculated | CVE-2024-52270 |
Documenso–Documenso |
User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects Documenso: through 1.8.0, >1.8.0 and Documenso SaaS (Hosted) as of 2024-12-05. | 2024-12-05 | not yet calculated | CVE-2024-52271 |
Shenzhen Tenda Technology Co–Tenda AC6V2 |
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 | 2024-12-04 | not yet calculated | CVE-2024-52272 |
Shenzhen Tenda Technology Co–Tenda AC6V2 |
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 | 2024-12-04 | not yet calculated | CVE-2024-52273 |
Shenzhen Tenda Technology Co–Tenda AC6V2 |
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 | 2024-12-04 | not yet calculated | CVE-2024-52274 |
Shenzhen Tenda Technology Co–Tenda AC6V2 |
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50. | 2024-12-04 | not yet calculated | CVE-2024-52275 |
DocuSign–DocuSign |
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the “Print” option is used. 2. Displayed version does not show the layer flattened version, which is provided when the combined download option is used. 3. Displayed version does not show the layer flattened version, which is also the provided version when downloading the result in the uncombined option. Once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSign: through 2024-12-04. | 2024-12-04 | not yet calculated | CVE-2024-52276 |
DocuSeal–DocuSeal |
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSeal: through 1.8.1, >1.8.1. | 2024-12-04 | not yet calculated | CVE-2024-52277 |
I-O DATA DEVICE, INC.–UD-LT1 |
Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. | 2024-12-05 | not yet calculated | CVE-2024-52564 |
simplesamlphp–xml-common |
SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it’s possible to induce an XXE. This vulnerability is fixed in 1.19.0. | 2024-12-02 | not yet calculated | CVE-2024-52596 |
pillarjs–path-to-regexp |
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296. | 2024-12-05 | not yet calculated | CVE-2024-52798 |
element-hq–synapse |
Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type. | 2024-12-03 | not yet calculated | CVE-2024-52805 |
element-hq–synapse |
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user’s /sync functionality. Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users. | 2024-12-03 | not yet calculated | CVE-2024-52815 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL. | 2024-12-02 | not yet calculated | CVE-2024-53103 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming. | 2024-12-02 | not yet calculated | CVE-2024-53104 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() Syzbot reported a bad page state problem caused by a page being freed using free_page() still having a mlocked flag at free_pages_prepare() stage: BUG: Bad page state in process syz.5.504 pfn:61f45 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61f45 flags: 0xfff00000080204(referenced|workingset|mlocked|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000080204 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), pid 8443, tgid 8442 (syz.5.504), ts 201884660643, free_ts 201499827394 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x303f/0x3190 mm/page_alloc.c:3457 __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4733 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 kvm_coalesced_mmio_init+0x1f/0xf0 virt/kvm/coalesced_mmio.c:99 kvm_create_vm virt/kvm/kvm_main.c:1235 [inline] kvm_dev_ioctl_create_vm virt/kvm/kvm_main.c:5488 [inline] kvm_dev_ioctl+0x12dc/0x2240 virt/kvm/kvm_main.c:5530 __do_compat_sys_ioctl fs/ioctl.c:1007 [inline] __se_compat_sys_ioctl+0x510/0xc90 fs/ioctl.c:950 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411 entry_SYSENTER_compat_after_hwframe+0x84/0x8e page last free pid 8399 tgid 8399 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_folios+0xf12/0x18d0 mm/page_alloc.c:2686 folios_put_refs+0x76c/0x860 mm/swap.c:1007 free_pages_and_swap_cache+0x5c8/0x690 mm/swap_state.c:335 __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline] tlb_batch_pages_flush mm/mmu_gather.c:149 [inline] tlb_flush_mmu_free mm/mmu_gather.c:366 [inline] tlb_flush_mmu+0x3a3/0x680 mm/mmu_gather.c:373 tlb_finish_mmu+0xd4/0x200 mm/mmu_gather.c:465 exit_mmap+0x496/0xc40 mm/mmap.c:1926 __mmput+0x115/0x390 kernel/fork.c:1348 exit_mm+0x220/0x310 kernel/exit.c:571 do_exit+0x9b2/0x28e0 kernel/exit.c:926 do_group_exit+0x207/0x2c0 kernel/exit.c:1088 __do_sys_exit_group kernel/exit.c:1099 [inline] __se_sys_exit_group kernel/exit.c:1097 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097 x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 8442 Comm: syz.5.504 Not tainted 6.12.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0xed0/0xf20 mm/page_alloc.c:2638 kvm_destroy_vm virt/kvm/kvm_main.c:1327 [inline] kvm_put_kvm+0xc75/0x1350 virt/kvm/kvm_main.c:1386 kvm_vcpu_release+0x54/0x60 virt/kvm/kvm_main.c:4143 __fput+0x23f/0x880 fs/file_table.c:431 task_work_run+0x24f/0x310 kernel/task_work.c:239 exit_task_work include/linux/task_work.h:43 [inline] do_exit+0xa2f/0x28e0 kernel/exit.c:939 do_group_exit+0x207/0x2c0 kernel/exit.c:1088 __do_sys_exit_group kernel/exit.c:1099 [in —truncated— | 2024-12-02 | not yet calculated | CVE-2024-53105 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in ima_eventdigest_init_common Function ima_eventdigest_init() calls ima_eventdigest_init_common() with HASH_ALGO__LAST which is then used to access the array hash_digest_size[] leading to buffer overrun. Have a conditional statement to handle this. | 2024-12-02 | not yet calculated | CVE-2024-53106 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args() The “arg->vec_len” variable is a u64 that comes from the user at the start of the function. The “arg->vec_len * sizeof(struct page_region))” multiplication can lead to integer wrapping. Use size_mul() to avoid that. Also the size_add/mul() functions work on unsigned long so for 32bit systems we need to ensure that “arg->vec_len” fits in an unsigned long. | 2024-12-02 | not yet calculated | CVE-2024-53107 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust VSDB parser for replay feature At some point, the IEEE ID identification for the replay check in the AMD EDID was added. However, this check causes the following out-of-bounds issues when using KASAN: [ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu] [ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383 … [ 27.821207] Memory state around the buggy address: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ================================================================== This is caused because the ID extraction happens outside of the range of the edid lenght. This commit addresses this issue by considering the amd_vsdb_block size. (cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8) | 2024-12-02 | not yet calculated | CVE-2024-53108 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: nommu: pass NULL argument to vma_iter_prealloc() When deleting a vma entry from a maple tree, it has to pass NULL to vma_iter_prealloc() in order to calculate internal state of the tree, but it passed a wrong argument. As a result, nommu kernels crashed upon accessing a vma iterator, such as acct_collect() reading the size of vma entries after do_munmap(). This commit fixes this issue by passing a right argument to the preallocation call. | 2024-12-02 | not yet calculated | CVE-2024-53109 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and visit undefined memory. | 2024-12-02 | not yet calculated | CVE-2024-53110 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix address wraparound in move_page_tables() On 32-bit platforms, it is possible for the expression `len + old_addr < old_end` to be false-positive if `len + old_addr` wraps around. `old_addr` is the cursor in the old range up to which page table entries have been moved; so if the operation succeeded, `old_addr` is the *end* of the old region, and adding `len` to it can wrap. The overflow causes mremap() to mistakenly believe that PTEs have been copied; the consequence is that mremap() bails out, but doesn’t move the PTEs back before the new VMA is unmapped, causing anonymous pages in the region to be lost. So basically if userspace tries to mremap() a private-anon region and hits this bug, mremap() will return an error and the private-anon region’s contents appear to have been zeroed. The idea of this check is that `old_end – len` is the original start address, and writing the check that way also makes it easier to read; so fix the check by rearranging the comparison accordingly. (An alternate fix would be to refactor this function by introducing an “orig_old_start” variable or such.) Tested in a VM with a 32-bit X86 kernel; without the patch: “` user@horn:~/big_mremap$ cat test.c #define _GNU_SOURCE #include <stdlib.h> #include <stdio.h> #include <err.h> #include <sys/mman.h> #define ADDR1 ((void*)0x60000000) #define ADDR2 ((void*)0x10000000) #define SIZE 0x50000000uL int main(void) { unsigned char *p1 = mmap(ADDR1, SIZE, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0); if (p1 == MAP_FAILED) err(1, “mmap 1”); unsigned char *p2 = mmap(ADDR2, SIZE, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0); if (p2 == MAP_FAILED) err(1, “mmap 2”); *p1 = 0x41; printf(“first char is 0x%02hhxn”, *p1); unsigned char *p3 = mremap(p1, SIZE, SIZE, MREMAP_MAYMOVE|MREMAP_FIXED, p2); if (p3 == MAP_FAILED) { printf(“mremap() failed; first char is 0x%02hhxn”, *p1); } else { printf(“mremap() succeeded; first char is 0x%02hhxn”, *p3); } } user@horn:~/big_mremap$ gcc -static -o test test.c user@horn:~/big_mremap$ setarch -R ./test first char is 0x41 mremap() failed; first char is 0x00 “` With the patch: “` user@horn:~/big_mremap$ setarch -R ./test first char is 0x41 mremap() succeeded; first char is 0x41 “` | 2024-12-02 | not yet calculated | CVE-2024-53111 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! … Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? __pfx_do_error_trap+0x10/0x10 ? handle_invalid_op+0x34/0x40 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160 ? ocfs2_set_new_buffer_uptodate+0x144/0x160 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ocfs2_group_add+0x39f/0x15a0 ? __pfx_ocfs2_group_add+0x10/0x10 ? __pfx_lock_acquire+0x10/0x10 ? mnt_get_write_access+0x68/0x2b0 ? __pfx_lock_release+0x10/0x10 ? rcu_read_lock_any_held+0xb7/0x160 ? __pfx_rcu_read_lock_any_held+0x10/0x10 ? smack_log+0x123/0x540 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x226/0x2b0 ocfs2_ioctl+0x65e/0x7d0 ? __pfx_ocfs2_ioctl+0x10/0x10 ? smack_file_ioctl+0x29e/0x3a0 ? __pfx_smack_file_ioctl+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? __pfx_ocfs2_ioctl+0x10/0x10 __se_sys_ioctl+0xfb/0x170 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f … </TASK> When ‘ioctl(OCFS2_IOC_GROUP_ADD, …)’ has failed for the particular inode in ‘ocfs2_verify_group_and_input()’, corresponding buffer head remains cached and subsequent call to the same ‘ioctl()’ for the same inode issues the BUG() in ‘ocfs2_set_new_buffer_uptodate()’ (trying to cache the same buffer head of that inode). Fix this by uncaching the buffer head with ‘ocfs2_remove_from_cache()’ on error path in ‘ocfs2_group_add()’. | 2024-12-02 | not yet calculated | CVE-2024-53112 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is migrated between cpusets. When cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be ¤t->mems_allowed. when first_zones_zonelist() is called to find preferred_zoneref, the ac->nodemask may be modified concurrently if the task is migrated between different cpusets. Assuming we have 2 NUMA Node, when traversing Node1 in ac->zonelist, the nodemask is 2, and when traversing Node2 in ac->zonelist, the nodemask is 1. As a result, the ac->preferred_zoneref points to NULL zone. In alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a allowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading to NULL pointer dereference. __alloc_pages_noprof() fixes this issue by checking NULL pointer in commit ea57485af8f4 (“mm, page_alloc: fix check for NULL preferred_zone”) and commit df76cee6bbeb (“mm, page_alloc: remove redundant checks from alloc fastpath”). To fix it, check NULL pointer for preferred_zoneref->zone. | 2024-12-02 | not yet calculated | CVE-2024-53113 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client A number of Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE, but using these instructions is reported to be a cause of a random host reboot. These instructions aren’t intended to be advertised on Zen4 client so clear the capability. | 2024-12-02 | not yet calculated | CVE-2024-53114 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle The ‘vmw_user_object_buffer’ function may return NULL with incorrect inputs. To avoid possible null pointer dereference, add a check whether the ‘bo’ is NULL in the vmw_framebuffer_surface_create_handle. | 2024-12-02 | not yet calculated | CVE-2024-53115 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnings. Panthor didn’t correctly handle the case where the partial mapping spanned multiple scatterlists and the mapping offset didn’t point to the 1st page of starting scatterlist. The offset variable was not cleared after reaching the starting scatterlist. Following warning messages were seen. WARNING: CPU: 1 PID: 650 at drivers/iommu/io-pgtable-arm.c:659 __arm_lpae_unmap+0x254/0x5a0 <snip> pc : __arm_lpae_unmap+0x254/0x5a0 lr : __arm_lpae_unmap+0x2cc/0x5a0 <snip> Call trace: __arm_lpae_unmap+0x254/0x5a0 __arm_lpae_unmap+0x108/0x5a0 __arm_lpae_unmap+0x108/0x5a0 __arm_lpae_unmap+0x108/0x5a0 arm_lpae_unmap_pages+0x80/0xa0 panthor_vm_unmap_pages+0xac/0x1c8 [panthor] panthor_gpuva_sm_step_unmap+0x4c/0xc8 [panthor] op_unmap_cb.isra.23.constprop.30+0x54/0x80 __drm_gpuvm_sm_unmap+0x184/0x1c8 drm_gpuvm_sm_unmap+0x40/0x60 panthor_vm_exec_op+0xa8/0x120 [panthor] panthor_vm_bind_exec_sync_op+0xc4/0xe8 [panthor] panthor_ioctl_vm_bind+0x10c/0x170 [panthor] drm_ioctl_kernel+0xbc/0x138 drm_ioctl+0x210/0x4b0 __arm64_sys_ioctl+0xb0/0xf8 invoke_syscall+0x4c/0x110 el0_svc_common.constprop.1+0x98/0xf8 do_el0_svc+0x24/0x38 el0_svc+0x34/0xc8 el0t_64_sync_handler+0xa0/0xc8 el0t_64_sync+0x174/0x178 <snip> panthor : [drm] drm_WARN_ON(unmapped_sz != pgsize * pgcount) WARNING: CPU: 1 PID: 650 at drivers/gpu/drm/panthor/panthor_mmu.c:922 panthor_vm_unmap_pages+0x124/0x1c8 [panthor] <snip> pc : panthor_vm_unmap_pages+0x124/0x1c8 [panthor] lr : panthor_vm_unmap_pages+0x124/0x1c8 [panthor] <snip> panthor : [drm] *ERROR* failed to unmap range ffffa388f000-ffffa3890000 (requested range ffffa388c000-ffffa3890000) | 2024-12-02 | not yet calculated | CVE-2024-53116 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Improve MSG_ZEROCOPY error handling Add a missing kfree_skb() to prevent memory leaks. | 2024-12-02 | not yet calculated | CVE-2024-53117 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix sk_error_queue memory leak Kernel queues MSG_ZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recv()ed. To prevent memory leaks, clean up the queue when the socket is destroyed. unreferenced object 0xffff8881028beb00 (size 224): comm “vsock_test”, pid 1218, jiffies 4294694897 hex dump (first 32 bytes): 90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff ..!…….!….. 00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff ……….!….. backtrace (crc 6c7031ca): [<ffffffff81418ef7>] kmem_cache_alloc_node_noprof+0x2f7/0x370 [<ffffffff81d35882>] __alloc_skb+0x132/0x180 [<ffffffff81d2d32b>] sock_omalloc+0x4b/0x80 [<ffffffff81d3a8ae>] msg_zerocopy_realloc+0x9e/0x240 [<ffffffff81fe5cb2>] virtio_transport_send_pkt_info+0x412/0x4c0 [<ffffffff81fe6183>] virtio_transport_stream_enqueue+0x43/0x50 [<ffffffff81fe0813>] vsock_connectible_sendmsg+0x373/0x450 [<ffffffff81d233d5>] ____sys_sendmsg+0x365/0x3a0 [<ffffffff81d246f4>] ___sys_sendmsg+0x84/0xd0 [<ffffffff81d26f47>] __sys_sendmsg+0x47/0x80 [<ffffffff820d3df3>] do_syscall_64+0x93/0x180 [<ffffffff8220012b>] entry_SYSCALL_64_after_hwframe+0x76/0x7e | 2024-12-02 | not yet calculated | CVE-2024-53118 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix accept_queue memory leak As the final stages of socket destruction may be delayed, it is possible that virtio_transport_recv_listen() will be called after the accept_queue has been flushed, but before the SOCK_DONE flag has been set. As a result, sockets enqueued after the flush would remain unremoved, leading to a memory leak. vsock_release __vsock_release lock virtio_transport_release virtio_transport_close schedule_delayed_work(close_work) sk_shutdown = SHUTDOWN_MASK (!) flush accept_queue release virtio_transport_recv_pkt vsock_find_bound_socket lock if flag(SOCK_DONE) return virtio_transport_recv_listen child = vsock_create_connected (!) vsock_enqueue_accept(child) release close_work lock virtio_transport_do_close set_flag(SOCK_DONE) virtio_transport_remove_sock vsock_remove_sock vsock_remove_bound release Introduce a sk_shutdown check to disallow vsock_enqueue_accept() during socket destruction. unreferenced object 0xffff888109e3f800 (size 2040): comm “kworker/5:2”, pid 371, jiffies 4294940105 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ……………. 28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@………… backtrace (crc 9e5f4e84): [<ffffffff81418ff1>] kmem_cache_alloc_noprof+0x2c1/0x360 [<ffffffff81d27aa0>] sk_prot_alloc+0x30/0x120 [<ffffffff81d2b54c>] sk_alloc+0x2c/0x4b0 [<ffffffff81fe049a>] __vsock_create.constprop.0+0x2a/0x310 [<ffffffff81fe6d6c>] virtio_transport_recv_pkt+0x4dc/0x9a0 [<ffffffff81fe745d>] vsock_loopback_work+0xfd/0x140 [<ffffffff810fc6ac>] process_one_work+0x20c/0x570 [<ffffffff810fce3f>] worker_thread+0x1bf/0x3a0 [<ffffffff811070dd>] kthread+0xdd/0x110 [<ffffffff81044fdd>] ret_from_fork+0x2d/0x50 [<ffffffff8100785a>] ret_from_fork_asm+0x1a/0x30 | 2024-12-02 | not yet calculated | CVE-2024-53119 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninitiated. Fix it to use attr which has the needed pointer value. Kernel log: BUG: kernel NULL pointer dereference, address: 0000000000000110 RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] … Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x150/0x3e0 ? exc_page_fault+0x74/0x140 ? asm_exc_page_fault+0x22/0x30 ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core] mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core] ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] flow_offload_work_handler+0x142/0x320 [nf_flow_table] ? finish_task_switch.isra.0+0x15b/0x2b0 process_one_work+0x16c/0x320 worker_thread+0x28c/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xb8/0xf0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> | 2024-12-02 | not yet calculated | CVE-2024-53120 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: – Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and unlock the FTE. – Lock the parent flow group, delete the software copy of the FTE, and remove it from the xarray. However, this approach encounters a race condition if a rule with the same match value is added simultaneously. In this scenario, fs_core may set the hardware deletion function to NULL prematurely, causing a panic during subsequent rule deletions. To prevent this, ensure the active flag of the FTE is checked under a lock, which will prevent the fs_core layer from attaching a new steering rule to an FTE that is in the process of deletion. [ 438.967589] MOSHE: 2496 mlx5_del_flow_rules del_hw_func [ 438.968205] ————[ cut here ]———— [ 438.968654] refcount_t: decrement hit 0; leaking memory. [ 438.969249] WARNING: CPU: 0 PID: 8957 at lib/refcount.c:31 refcount_warn_saturate+0xfb/0x110 [ 438.970054] Modules linked in: act_mirred cls_flower act_gact sch_ingress openvswitch nsh mlx5_vdpa vringh vhost_iotlb vdpa mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core zram zsmalloc fuse [last unloaded: cls_flower] [ 438.973288] CPU: 0 UID: 0 PID: 8957 Comm: tc Not tainted 6.12.0-rc1+ #8 [ 438.973888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 438.974874] RIP: 0010:refcount_warn_saturate+0xfb/0x110 [ 438.975363] Code: 40 66 3b 82 c6 05 16 e9 4d 01 01 e8 1f 7c a0 ff 0f 0b c3 cc cc cc cc 48 c7 c7 10 66 3b 82 c6 05 fd e8 4d 01 01 e8 05 7c a0 ff <0f> 0b c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 [ 438.976947] RSP: 0018:ffff888124a53610 EFLAGS: 00010286 [ 438.977446] RAX: 0000000000000000 RBX: ffff888119d56de0 RCX: 0000000000000000 [ 438.978090] RDX: ffff88852c828700 RSI: ffff88852c81b3c0 RDI: ffff88852c81b3c0 [ 438.978721] RBP: ffff888120fa0e88 R08: 0000000000000000 R09: ffff888124a534b0 [ 438.979353] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888119d56de0 [ 438.979979] R13: ffff888120fa0ec0 R14: ffff888120fa0ee8 R15: ffff888119d56de0 [ 438.980607] FS: 00007fe6dcc0f800(0000) GS:ffff88852c800000(0000) knlGS:0000000000000000 [ 438.983984] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 438.984544] CR2: 00000000004275e0 CR3: 0000000186982001 CR4: 0000000000372eb0 [ 438.985205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 438.985842] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 438.986507] Call Trace: [ 438.986799] <TASK> [ 438.987070] ? __warn+0x7d/0x110 [ 438.987426] ? refcount_warn_saturate+0xfb/0x110 [ 438.987877] ? report_bug+0x17d/0x190 [ 438.988261] ? prb_read_valid+0x17/0x20 [ 438.988659] ? handle_bug+0x53/0x90 [ 438.989054] ? exc_invalid_op+0x14/0x70 [ 438.989458] ? asm_exc_invalid_op+0x16/0x20 [ 438.989883] ? refcount_warn_saturate+0xfb/0x110 [ 438.990348] mlx5_del_flow_rules+0x2f7/0x340 [mlx5_core] [ 438.990932] __mlx5_eswitch_del_rule+0x49/0x170 [mlx5_core] [ 438.991519] ? mlx5_lag_is_sriov+0x3c/0x50 [mlx5_core] [ 438.992054] ? xas_load+0x9/0xb0 [ 438.992407] mlx5e_tc_rule_unoffload+0x45/0xe0 [mlx5_core] [ 438.993037] mlx5e_tc_del_fdb_flow+0x2a6/0x2e0 [mlx5_core] [ 438.993623] mlx5e_flow_put+0x29/0x60 [mlx5_core] [ 438.994161] mlx5e_delete_flower+0x261/0x390 [mlx5_core] [ 438.994728] tc_setup_cb_destroy+0xb9/0x190 [ 438.995150] fl_hw_destroy_filter+0x94/0xc0 [cls_flower] [ 438.995650] fl_change+0x11a4/0x13c0 [cls_flower] [ 438.996105] tc_new_tfilter+0x347/0xbc0 [ 438.996503] ? __ —truncated— | 2024-12-02 | not yet calculated | CVE-2024-53121 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows – i.e. created by the in kernel path manager – are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that the subflow is in a suitable state before invoking tcp_cleanup_rbuf(). | 2024-12-02 | not yet calculated | CVE-2024-53122 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero splat in the MPTCP protocol: Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted 6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163 Code: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8 0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 <f7> 7c 24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89 RSP: 0018:ffffc900041f7930 EFLAGS: 00010293 RAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b RDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004 RBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67 R10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80 R13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000 FS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493 mptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline] mptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289 inet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885 sock_recvmsg_nosec net/socket.c:1051 [inline] sock_recvmsg+0x1b2/0x250 net/socket.c:1073 __sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265 __do_sys_recvfrom net/socket.c:2283 [inline] __se_sys_recvfrom net/socket.c:2279 [inline] __x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7feb5d857559 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d RAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559 RDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000 R10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c R13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef and provided a nice reproducer. The root cause is the current bad handling of racing disconnect. After the blamed commit below, sk_wait_data() can return (with error) with the underlying socket disconnected and a zero rcv_mss. Catch the error and return without performing any additional operations on the current socket. | 2024-12-02 | not yet calculated | CVE-2024-53123 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning: ————[ cut here ]———— WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:inet_sock_destruct+0x1c5/0x1e0 Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 <0f> 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00 RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206 RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007 RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00 RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007 R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00 R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __warn+0x88/0x130 ? inet_sock_destruct+0x1c5/0x1e0 ? report_bug+0x18e/0x1a0 ? handle_bug+0x53/0x90 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? inet_sock_destruct+0x1c5/0x1e0 __sk_destruct+0x2a/0x200 rcu_do_batch+0x1aa/0x530 ? rcu_do_batch+0x13b/0x530 rcu_core+0x159/0x2f0 handle_softirqs+0xd3/0x2b0 ? __pfx_smpboot_thread_fn+0x10/0x10 run_ksoftirqd+0x25/0x30 smpboot_thread_fn+0xdd/0x1d0 kthread+0xd3/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> —[ end trace 0000000000000000 ]— Its possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add() concurrently when sk->sk_state == TCP_LISTEN with sk->sk_lock unlocked, which triggers a data-race around sk->sk_forward_alloc: tcp_v6_rcv tcp_v6_do_rcv skb_clone_and_charge_r sk_rmem_schedule __sk_mem_schedule sk_forward_alloc_add() skb_set_owner_r sk_mem_charge sk_forward_alloc_add() __kfree_skb skb_release_all skb_release_head_state sock_rfree sk_mem_uncharge sk_forward_alloc_add() sk_mem_reclaim // set local var reclaimable __sk_mem_reclaim sk_forward_alloc_add() In this syzkaller testcase, two threads call tcp_v6_do_rcv() with skb->truesize=768, the sk_forward_alloc changes like this: (cpu 1) | (cpu 2) | sk_forward_alloc … | … | 0 __sk_mem_schedule() | | +4096 = 4096 | __sk_mem_schedule() | +4096 = 8192 sk_mem_charge() | | -768 = 7424 | sk_mem_charge() | -768 = 6656 … | … | sk_mem_uncharge() | | +768 = 7424 reclaimable=7424 | | | sk_mem_uncharge() | +768 = 8192 | reclaimable=8192 | __sk_mem_reclaim() | | -4096 = 4096 | __sk_mem_reclaim() | -8192 = -4096 != 0 The skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when sk->sk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock(). Fix the same issue in dccp_v6_do_rcv(). | 2024-12-02 | not yet calculated | CVE-2024-53124 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: bpf: sync_linked_regs() must preserve subreg_def Range propagation must not affect subreg_def marks, otherwise the following example is rewritten by verifier incorrectly when BPF_F_TEST_RND_HI32 flag is set: 0: call bpf_ktime_get_ns call bpf_ktime_get_ns 1: r0 &= 0x7fffffff after verifier r0 &= 0x7fffffff 2: w1 = w0 rewrites w1 = w0 3: if w0 < 10 goto +0 ————–> r11 = 0x2f5674a6 (r) 4: r1 >>= 32 r11 <<= 32 (r) 5: r0 = r1 r1 |= r11 (r) 6: exit; if w0 < 0xa goto pc+0 r1 >>= 32 r0 = r1 exit (or zero extension of w1 at (2) is missing for architectures that require zero extension for upper register half). The following happens w/o this patch: – r0 is marked as not a subreg at (0); – w1 is marked as subreg at (2); – w1 subreg_def is overridden at (3) by copy_register_state(); – w1 is read at (5) but mark_insn_zext() does not mark (2) for zero extension, because w1 subreg_def is not set; – because of BPF_F_TEST_RND_HI32 flag verifier inserts random value for hi32 bits of (2) (marked (r)); – this random value is read at (5). | 2024-12-04 | not yet calculated | CVE-2024-53125 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: vdpa: solidrun: Fix UB bug with devres In psnet_open_pf_bar() and snet_open_vf_bar() a string later passed to pcim_iomap_regions() is placed on the stack. Neither pcim_iomap_regions() nor the functions it calls copy that string. Should the string later ever be used, this, consequently, causes undefined behavior since the stack frame will by then have disappeared. Fix the bug by allocating the strings on the heap through devm_kasprintf(). | 2024-12-04 | not yet calculated | CVE-2024-53126 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: Revert “mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K” The commit 8396c793ffdf (“mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K”) increased the max_req_size, even for 4K pages, causing various issues: – Panic booting the kernel/rootfs from an SD card on Rockchip RK3566 – Panic booting the kernel/rootfs from an SD card on StarFive JH7100 – “swiotlb buffer is full” and data corruption on StarFive JH7110 At this stage no fix have been found, so it’s probably better to just revert the change. This reverts commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890. | 2024-12-04 | not yet calculated | CVE-2024-53127 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers When CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, the object_is_on_stack() function may produce incorrect results due to the presence of tags in the obj pointer, while the stack pointer does not have tags. This discrepancy can lead to incorrect stack object detection and subsequently trigger warnings if CONFIG_DEBUG_OBJECTS is also enabled. Example of the warning: ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated. ————[ cut here ]———— WARNING: CPU: 0 PID: 1 at lib/debugobjects.c:557 __debug_object_init+0x330/0x364 Modules linked in: CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc5 #4 Hardware name: linux,dummy-virt (DT) pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=–) pc : __debug_object_init+0x330/0x364 lr : __debug_object_init+0x330/0x364 sp : ffff800082ea7b40 x29: ffff800082ea7b40 x28: 98ff0000c0164518 x27: 98ff0000c0164534 x26: ffff800082d93ec8 x25: 0000000000000001 x24: 1cff0000c00172a0 x23: 0000000000000000 x22: ffff800082d93ed0 x21: ffff800081a24418 x20: 3eff800082ea7bb0 x19: efff800000000000 x18: 0000000000000000 x17: 00000000000000ff x16: 0000000000000047 x15: 206b63617473206e x14: 0000000000000018 x13: ffff800082ea7780 x12: 0ffff800082ea78e x11: 0ffff800082ea790 x10: 0ffff800082ea79d x9 : 34d77febe173e800 x8 : 34d77febe173e800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : feff800082ea74b8 x4 : ffff800082870a90 x3 : ffff80008018d3c4 x2 : 0000000000000001 x1 : ffff800082858810 x0 : 0000000000000050 Call trace: __debug_object_init+0x330/0x364 debug_object_init_on_stack+0x30/0x3c schedule_hrtimeout_range_clock+0xac/0x26c schedule_hrtimeout+0x1c/0x30 wait_task_inactive+0x1d4/0x25c kthread_bind_mask+0x28/0x98 init_rescuer+0x1e8/0x280 workqueue_init+0x1a0/0x3cc kernel_init_freeable+0x118/0x200 kernel_init+0x28/0x1f0 ret_from_fork+0x10/0x20 —[ end trace 0000000000000000 ]— ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated. ————[ cut here ]———— | 2024-12-04 | not yet calculated | CVE-2024-53128 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The ‘state’ can’t be NULL, we should check crtc_state. Fix warning: drivers/gpu/drm/rockchip/rockchip_drm_vop.c:1096 vop_plane_atomic_async_check() warn: variable dereferenced before check ‘state’ (see line 1077) | 2024-12-04 | not yet calculated | CVE-2024-53129 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint When using the “block:block_dirty_buffer” tracepoint, mark_buffer_dirty() may cause a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because, since the tracepoint was added in mark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, nilfs_grab_buffer(), which grabs a buffer to read (or create) a block of metadata, including b-tree node blocks, does not set the block device, but instead does so only if the buffer is not in the “uptodate” state for each of its caller block reading functions. However, if the uptodate flag is set on a folio/page, and the buffer heads are detached from it by try_to_free_buffers(), and new buffer heads are then attached by create_empty_buffers(), the uptodate flag may be restored to each buffer without the block device being set to bh->b_bdev, and mark_buffer_dirty() may be called later in that state, resulting in the bug mentioned above. Fix this issue by making nilfs_grab_buffer() always set the block device of the super block structure to the buffer head, regardless of the state of the buffer’s uptodate flag. | 2024-12-04 | not yet calculated | CVE-2024-53130 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Patch series “nilfs2: fix null-ptr-deref bugs on block tracepoints”. This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints. This patch (of 2): It has been reported that when using “block:block_touch_buffer” tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because since the tracepoint was added in touch_buffer(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, the block_device structure is set after the function returns to the caller. Here, touch_buffer() is used to mark the folio/page that owns the buffer head as accessed, but the common search helper for folio/page used by the caller function was optimized to mark the folio/page as accessed when it was reimplemented a long time ago, eliminating the need to call touch_buffer() here in the first place. So this solves the issue by eliminating the touch_buffer() call itself. | 2024-12-04 | not yet calculated | CVE-2024-53131 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix “Missing outer runtime PM protection” warning Fix the following drm_WARN: [953.586396] xe 0000:00:02.0: [drm] Missing outer runtime PM protection … <4> [953.587090] ? xe_pm_runtime_get_noresume+0x8d/0xa0 [xe] <4> [953.587208] guc_exec_queue_add_msg+0x28/0x130 [xe] <4> [953.587319] guc_exec_queue_fini+0x3a/0x40 [xe] <4> [953.587425] xe_exec_queue_destroy+0xb3/0xf0 [xe] <4> [953.587515] xe_oa_release+0x9c/0xc0 [xe] (cherry picked from commit b107c63d2953907908fd0cafb0e543b3c3167b75) | 2024-12-04 | not yet calculated | CVE-2024-53132 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle dml allocation failure to avoid crash [Why] In the case where a dml allocation fails for any reason, the current state’s dml contexts would no longer be valid. Then subsequent calls dc_state_copy_internal would shallow copy invalid memory and if the new state was released, a double free would occur. [How] Reset dml pointers in new_state to NULL and avoid invalid pointer (cherry picked from commit bcafdc61529a48f6f06355d78eb41b3aeda5296c) | 2024-12-04 | not yet calculated | CVE-2024-53133 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx93-blk-ctrl: correct remove path The check condition should be ‘i < bc->onecell_data.num_domains’, not ‘bc->onecell_data.num_domains’ which will make the look never finish and cause kernel panic. Also disable runtime to address “imx93-blk-ctrl 4ac10000.system-controller: Unbalanced pm_runtime_enable!” | 2024-12-04 | not yet calculated | CVE-2024-53134 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM’s pt_mode module param behind CONFIG_BROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad bugs in the implementation, some of which are fatal to the guest, and others which put the stability and health of the host at risk. For guest fatalities, the most glaring issue is that KVM fails to ensure tracing is disabled, and *stays* disabled prior to VM-Enter, which is necessary as hardware disallows loading (the guest’s) RTIT_CTL if tracing is enabled (enforced via a VMX consistency check). Per the SDM: If the logical processor is operating with Intel PT enabled (if IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the “load IA32_RTIT_CTL” VM-entry control must be 0. On the host side, KVM doesn’t validate the guest CPUID configuration provided by userspace, and even worse, uses the guest configuration to decide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring guest CPUID to enumerate more address ranges than are supported in hardware will result in KVM trying to passthrough, save, and load non-existent MSRs, which generates a variety of WARNs, ToPA ERRORs in the host, a potential deadlock, etc. | 2024-12-04 | not yet calculated | CVE-2024-53135 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: mm: revert “mm: shmem: fix data-race in shmem_getattr()” Revert d949d1d14fa2 (“mm: shmem: fix data-race in shmem_getattr()”) as suggested by Chuck [1]. It is causing deadlocks when accessing tmpfs over NFS. As Hugh commented, “added just to silence a syzbot sanitizer splat: added where there has never been any practical problem”. | 2024-12-04 | not yet calculated | CVE-2024-53136 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: ARM: fix cacheflush with PAN It seems that the cacheflush syscall got broken when PAN for LPAE was implemented. User access was not enabled around the cache maintenance instructions, causing them to fault. | 2024-12-04 | not yet calculated | CVE-2024-53137 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of get_page() and page_ref_inc() APIs to increment the page reference. But on the release path (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used. This is an issue when using pages from large folios: the get_page() references are stored on the folio page while the page_ref_inc() references are stored directly in the given page. On release the folio page will be dereferenced too many times. This was found while doing kTLS testing with sendfile() + ZC when the served file was read from NFS on a kernel with NFS large folios support (commit 49b29a573da8 (“nfs: add support for large folios”)). | 2024-12-04 | not yet calculated | CVE-2024-53138 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctp_v6_available() A lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints that sctp_v6_available() is calling dev_get_by_index_rcu() and ipv6_chk_addr() without holding rcu. [1] ============================= WARNING: suspicious RCU usage 6.12.0-rc5-virtme #1216 Tainted: G W —————————– net/core/dev.c:876 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by sctp_hello/31495: #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp stack backtrace: CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216 Tainted: [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:123) lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822) dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7)) sctp_v6_available (net/sctp/ipv6.c:701) sctp sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp sctp_bind (net/sctp/socket.c:320) sctp inet6_bind_sk (net/ipv6/af_inet6.c:465) ? security_socket_bind (security/security.c:4581 (discriminator 1)) __sys_bind (net/socket.c:1848 net/socket.c:1869) ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13)) __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1)) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) RIP: 0033:0x7f59b934a1e7 Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48 All code ======== 0: 44 00 00 add %r8b,(%rax) 3: 48 8b 15 39 8c 0c 00 mov 0xc8c39(%rip),%rdx # 0xc8c43 a: f7 d8 neg %eax c: 64 89 02 mov %eax,%fs:(%rdx) f: b8 ff ff ff ff mov $0xffffffff,%eax 14: eb bd jmp 0xffffffffffffffd3 16: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 1d: 00 00 00 20: 0f 1f 00 nopl (%rax) 23: b8 31 00 00 00 mov $0x31,%eax 28: 0f 05 syscall 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <– trapping instruction 30: 73 01 jae 0x33 32: c3 ret 33: 48 8b 0d 09 8c 0c 00 mov 0xc8c09(%rip),%rcx # 0xc8c43 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax 6: 73 01 jae 0x9 8: c3 ret 9: 48 8b 0d 09 8c 0c 00 mov 0xc8c09(%rip),%rcx # 0xc8c19 10: f7 d8 neg %eax 12: 64 89 01 mov %eax,%fs:(%rcx) 15: 48 rex.W RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7 RDX: 000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005 RBP: 0000000000000005 R08: 1999999999999999 R09: 0000000000000000 R10: 00007f59b9253298 R11: 000000000000 —truncated— | 2024-12-04 | not yet calculated | CVE-2024-53139 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: – start – (optional) kicks off the dumping process – dump – actual dump helper, keeps getting called until it returns 0 – done – (optional) pairs with .start, can be used for cleanup The whole process is asynchronous and the repeated calls to .dump don’t actually happen in a tight loop, but rather are triggered in response to recvmsg() on the socket. This gives the user full control over the dump, but also means that the user can close the socket without getting to the end of the dump. To make sure .start is always paired with .done we check if there is an ongoing dump before freeing the socket, and if so call .done. The complication is that sockets can get freed from BH and .done is allowed to sleep. So we use a workqueue to defer the call, when needed. Unfortunately this does not work correctly. What we defer is not the cleanup but rather releasing a reference on the socket. We have no guarantee that we own the last reference, if someone else holds the socket they may release it in BH and we’re back to square one. The whole dance, however, appears to be unnecessary. Only the user can interact with dumps, so we can clean up when socket is closed. And close always happens in process context. Some async code may still access the socket after close, queue notification skbs to it etc. but no dumps can start, end or otherwise make progress. Delete the workqueue and flush the dump state directly from the release handler. Note that further cleanup is possible in -next, for instance we now always call .done before releasing the main module reference, so dump doesn’t have to take a reference of its own. | 2024-12-04 | not yet calculated | CVE-2024-53140 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks. | 2024-12-06 | not yet calculated | CVE-2024-53141 |
Linux–Linux |
In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + “ |