Vulnerability Summary for the Week of November 11, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source Info |
---|---|---|---|---|
1000 Projects--Beauty Parlour Management System | A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-12 | 7.3 | CVE-2024-11100 |
1000 Projects--Beauty Parlour Management System | A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-15 | 7.3 | CVE-2024-11257 |
1000 Projects--Beauty Parlour Management System | A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-15 | 7.3 | CVE-2024-11258 |
1000 Projects--Portfolio Management System MCA | A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-15 | 7.3 | CVE-2024-11256 |
adobe -- after_effects | After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47441 |
adobe -- after_effects | After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47442 |
adobe -- after_effects | After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47443 |
adobe -- illustrator | Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-45114 |
adobe -- illustrator | Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47450 |
adobe -- illustrator | Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47451 |
adobe -- illustrator | Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47452 |
adobe -- indesign | InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-49507 |
adobe -- indesign | InDesign Desktop versions ID18.5.2, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-49508 |
adobe -- indesign | InDesign Desktop versions ID18.5.3, ID19.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-49509 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47426 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47427 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47428 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47429 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47430 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47431 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47432 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47433 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-47434 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-49515 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-49516 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-49517 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-49518 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-49519 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-49520 |
adobe -- substance_3d_painter | Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-49525 |
Adobe--Adobe Commerce | Adobe Commerce versions 3.2.5 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to a security feature bypass. A low privileged attacker could exploit this vulnerability to send crafted requests from the vulnerable server to internal systems, which could result in the bypassing of security measures such as firewalls. Exploitation of this issue does not require user interaction. | 2024-11-12 | 7.7 | CVE-2024-49521 |
Adobe--Animate | Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-49526 |
Adobe--Animate | Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-49528 |
Adobe--Photoshop Desktop | Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-12 | 7.8 | CVE-2024-49514 |
adonesevangelista -- agri-trading_online_shopping_system | A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart. By setting the quantity value to -0, an attacker can exploit a flaw in the application's total price calculation logic. This vulnerability causes the total price to be reduced to zero, allowing the attacker to add items to the cart and proceed to checkout. | 2024-11-14 | 7.5 | CVE-2024-50968 |
algolplus--Advanced Order Export For WooCommerce | The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 2024-11-13 | 8.1 | CVE-2024-10828 |
amd -- ryzen_ai_software | Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | 2024-11-12 | 7.8 | CVE-2024-21974 |
amd -- ryzen_ai_software | Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | 2024-11-12 | 7.8 | CVE-2024-21975 |
AMD--AMD Cloud Manageability Service Software | Incorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | 2024-11-12 | 7.3 | CVE-2024-21939 |
AMD--AMD Management Console | Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | 2024-11-12 | 7.3 | CVE-2024-21957 |
AMD--AMD Management Plug-In for SCCM | Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 2024-11-12 | 7.3 | CVE-2024-21938 |
AMD--AMD Provisioning Console (APC) Software | Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | 2024-11-12 | 7.3 | CVE-2024-21958 |
AMD--AMD Ryzen AI Software | Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution. | 2024-11-12 | 8.8 | CVE-2024-21976 |
AMD--AMD Ryzen Master Monitoring SDK | Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | 2024-11-12 | 7.3 | CVE-2024-21945 |
AMD--AMD Ryzen Master Utility for Overclocking Control | Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | 2024-11-12 | 7.3 | CVE-2024-21946 |
AMD--AMD Software: PRO Edition | Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | 2024-11-12 | 7.3 | CVE-2024-21937 |
AMI--AptioV | APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode. | 2024-11-12 | 7.2 | CVE-2024-42442 |
ampache -- ampache | Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-11 | 9 | CVE-2024-51490 |
ampache -- ampache | Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-11 | 8.1 | CVE-2024-51484 |
ampache -- ampache | Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-11 | 8.1 | CVE-2024-51485 |
ampache -- ampache | Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL?-?Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-11 | 8.4 | CVE-2024-51486 |
ampache -- ampache | Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-11 | 8.1 | CVE-2024-51487 |
angeljudesuarez -- construction_management_system | A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter. | 2024-11-13 | 7.2 | CVE-2024-50971 |
angeljudesuarez -- construction_management_system | A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter. | 2024-11-13 | 7.2 | CVE-2024-50972 |
angeljudesuarez -- tailoring_management_system | A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file /incadd.php. The manipulation of the argument inccat/desc/date/amount leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "inccat" to be affected. But it must be assumed "desc", "date", and "amount" are affected as well. | 2024-11-11 | 9.8 | CVE-2024-11074 |
anisha -- job_recruitment | A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /activation.php. The manipulation of the argument e_hash leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-11 | 9.8 | CVE-2024-11076 |
anisha -- job_recruitment | A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-11 | 9.8 | CVE-2024-11077 |
anisha -- job_recruitment | A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-12 | 9.8 | CVE-2024-11099 |
anisha -- job_recruitment | A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-12 | 8.8 | CVE-2024-11127 |
Anthony Carbon--WDES Responsive Mobile Menu | Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu allows Object Injection.This issue affects WDES Responsive Mobile Menu: from n/a through 5.3.18. | 2024-11-16 | 9.8 | CVE-2024-52414 |
Apache Software Foundation--Apache Airflow | Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets. | 2024-11-15 | 7.5 | CVE-2024-45784 |
Apache Software Foundation--Apache CloudStack | Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives. for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done | 2024-11-12 | 8.5 | CVE-2024-50386 |
Apache Software Foundation--Apache Traffic Server | Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue. | 2024-11-14 | 9.1 | CVE-2024-50306 |
Apache Software Foundation--Apache Traffic Server | Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue. | 2024-11-14 | 7.5 | CVE-2024-38479 |
Apache Software Foundation--Apache Traffic Server | Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue. | 2024-11-14 | 7.5 | CVE-2024-50305 |
Arttia Creative--Datasets Manager by Arttia Creative | Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative.This issue affects Datasets Manager by Arttia Creative: from n/a through 1.5. | 2024-11-14 | 10 | CVE-2024-52375 |
Autodesk--Installer | A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management. | 2024-11-15 | 7.2 | CVE-2024-9500 |
Avigilon--VideoIQ iCVR HD camera | Avigilon - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2024-11-14 | 7.5 | CVE-2024-45253 |
axelkeller--GPX Viewer | The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible. | 2024-11-13 | 8.8 | CVE-2024-10629 |
ays-pro--Chartify WordPress Chart Plugin | The Chartify - WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2024-11-14 | 9.8 | CVE-2024-10571 |
Baxter--Life2000 Ventilation System | The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | 2024-11-14 | 10 | CVE-2024-48966 |
Baxter--Life2000 Ventilation System | The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance. | 2024-11-14 | 10 | CVE-2024-48967 |
Baxter--Life2000 Ventilation System | The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure. | 2024-11-14 | 9.3 | CVE-2024-48970 |
Baxter--Life2000 Ventilation System | The Clinician Password and Serial Number Clinician Password are hard-coded into the ventilator in plaintext form. This could allow an attacker to obtain the password off the ventilator and use it to gain unauthorized access to the device, with clinician privileges. | 2024-11-14 | 9.3 | CVE-2024-48971 |
Baxter--Life2000 Ventilation System | The debug port on the ventilator's serial interface is enabled by default. This could allow an attacker to send and receive messages over the debug port (which are unencrypted; see 3.2.1) that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | 2024-11-14 | 9.3 | CVE-2024-48973 |
Baxter--Life2000 Ventilation System | The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This could disrupt the function of the device and/or cause unauthorized information disclosure. | 2024-11-14 | 9.3 | CVE-2024-48974 |
Baxter--Life2000 Ventilation System | There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure. | 2024-11-14 | 9.3 | CVE-2024-9832 |
Baxter--Life2000 Ventilation System | Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | 2024-11-14 | 9.3 | CVE-2024-9834 |
BdThemes--Instant Image Generator | Unrestricted Upload of File with Dangerous Type vulnerability in BdThemes Instant Image Generator allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through 1.5.4. | 2024-11-14 | 10 | CVE-2024-52377 |
Bigfive--CF7 Reply Manager | Unrestricted Upload of File with Dangerous Type vulnerability in Bigfive CF7 Reply Manager.This issue affects CF7 Reply Manager: from n/a through 1.2.3. | 2024-11-16 | 9.9 | CVE-2024-52404 |
Bikram Joshi--B-Banner Slider | Unrestricted Upload of File with Dangerous Type vulnerability in Bikram Joshi B-Banner Slider allows Upload a Web Shell to a Web Server.This issue affects B-Banner Slider: from n/a through 1.1. | 2024-11-16 | 9.9 | CVE-2024-52405 |
BlackBerry--SecuSUITE | A code injection vulnerability in the SecuSUITE Server Web Administration Portal of SecuSUITE versions 5.0.420 and earlier could allow an attacker to potentially inject script commands or other executable content into the server that would run with root privilege. | 2024-11-12 | 7.3 | CVE-2024-51721 |
Boa web server--Boa web server 0.94.14rc21 | Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2024-11-14 | 7.5 | CVE-2024-47916 |
Bosch Rexroth AG--IndraDrive FWA-INDRV*-MP* | A vulnerability in the PROFINET stack implementation of the IndraDrive (all versions) of Bosch Rexroth allows an attacker to cause a denial of service, rendering the device unresponsive by sending arbitrary UDP messages. | 2024-11-13 | 7.5 | CVE-2024-48989 |
Ciprian Popescu--W3P SEO | Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu W3P SEO allows Stored XSS.This issue affects W3P SEO: from n/a before 1.8.6. | 2024-11-14 | 7.1 | CVE-2024-51684 |
Cisco--Cisco BroadWorks | A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition. This vulnerability exists because rate limiting does not occur for certain incoming TCP connections. An attacker could exploit this vulnerability by sending a high rate of TCP connections to the server. A successful exploit could allow the attacker to cause TCP connection resources to grow rapidly until the Cisco BroadWorks Network Server becomes unusable. Note: To recover from this vulnerability, either Cisco BroadWorks Network Server software must be restarted or the Cisco BroadWorks Network Server node must be rebooted. For more information, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-15 | 8.6 | CVE-2023-20125 |
Cisco--Cisco Cyber Vision | A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-15 | 7.5 | CVE-2022-20685 |
Cisco--Cisco Industrial Network Director | A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An attacker could exploit this vulnerability by altering the request that is sent when uploading a Device Pack. A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-15 | 9.9 | CVE-2023-20036 |
Cisco--Cisco IOS XR Software | A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root. | 2024-11-15 | 8.8 | CVE-2022-20655 |
Cisco--Cisco Modeling Labs | A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. This vulnerability is due to the improper handling of certain messages that are returned by the associated external authentication server. An attacker could exploit this vulnerability by logging in to the web interface of an affected server. Under certain conditions, the authentication mechanism would be bypassed and the attacker would be logged in as an administrator. A successful exploit could allow the attacker to obtain administrative privileges on the web interface of an affected server, including the ability to access and modify every simulation and all user-created data. To exploit this vulnerability, the attacker would need valid user credentials that are stored on the associated external authentication server. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. | 2024-11-15 | 9.1 | CVE-2023-20154 |
Cisco--Cisco Redundancy Configuration Manager | A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user. The attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-15 | 8.1 | CVE-2022-20649 |
Cisco--Cisco TelePresence Video Communication Server (VCS) Expressway | A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic. Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-15 | 7.4 | CVE-2022-20814 |
Cisco--Cisco TelePresence Video Communication Server (VCS) Expressway | A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-15 | 7.4 | CVE-2022-20853 |
Citrix Session Recording--Citrix Session Recording | Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server | 2024-11-12 | 8.8 | CVE-2024-8069 |
Clarisse K.--Writer Helper | Unrestricted Upload of File with Dangerous Type vulnerability in Clarisse K. Writer Helper allows Upload a Web Shell to a Web Server.This issue affects Writer Helper: from n/a through 3.1.6. | 2024-11-16 | 9.9 | CVE-2024-52399 |
cli--cli | The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. This has been patched in the cli v2.62.0. Developers connect to remote codespaces through an SSH server running within the devcontainer, which is generally provided through the [default devcontainer image]( https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-... https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-a-dev-container-configuration/introduction-to-dev-containers#using-the-default-dev-container-configuration) . GitHub CLI [retrieves SSH connection details]( https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/inv... https://github.com/cli/cli/blob/30066b0042d0c5928d959e288144300cb28196c9/internal/codespaces/rpc/invoker.go#L230-L244 ), such as remote username, which is used in [executing `ssh` commands]( https://github.com/cli/cli/blob/e356c69a6f0125cfaac782c35acf77314f18908d/pkg/cmd/codespace/ssh.go#L2... https://github.com/cli/cli/blob/e356c69a6f0125cfaac782c35acf77314f18908d/pkg/cmd/codespace/ssh.go#L263 ) for `gh codespace ssh` or `gh codespace logs` commands. This exploit occurs when a malicious third-party devcontainer contains a modified SSH server that injects `ssh` arguments within the SSH connection details. `gh codespace ssh` and `gh codespace logs` commands could execute arbitrary code on the user's workstation if the remote username contains something like `-oProxyCommand="echo hacked" #`. The `-oProxyCommand` flag causes `ssh` to execute the provided command while `#` shell comment causes any other `ssh` arguments to be ignored. In `2.62.0`, the remote username information is being validated before being used. | 2024-11-14 | 8 | CVE-2024-52308 |
cmorillas1--External Database Based Actions | The External Database Based Actions plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.1. This is due to a missing capability check in the 'edba_admin_handle' function. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin settings and log in as any existing user on the site, such as an administrator. | 2024-11-15 | 7.5 | CVE-2024-10311 |
cmsMinds--Boat Rental Plugin for WordPress | Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through 1.0.1. | 2024-11-14 | 10 | CVE-2024-52376 |
code-projects--Job Recruitment | A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file reset.php. The manipulation of the argument e leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-15 | 7.3 | CVE-2024-11241 |
codeSavory--BasePress Migration Tools | Unrestricted Upload of File with Dangerous Type vulnerability in codeSavory BasePress Migration Tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through 1.0.0. | 2024-11-16 | 9.9 | CVE-2024-52407 |
craftcms--cms | Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5. | 2024-11-13 | 8.4 | CVE-2024-52291 |
craftcms--cms | Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. This is fixed in 5.4.9 and 4.12.8. | 2024-11-13 | 7.7 | CVE-2024-52292 |
craftcms--cms | Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3. | 2024-11-13 | 7.2 | CVE-2024-52293 |
creativeinteractivemedia--Real3D Flipbook Lite 3D FlipBook, PDF Viewer, PDF Embedder | The 3D FlipBook, PDF Viewer, PDF Embedder - Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'r3dfb_save_thumbnail_callback' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-11-16 | 8.8 | CVE-2024-9849 |
cyberlord92--Login using WordPress Users ( WP as SAML IDP ) | The Login using WordPress Users ( WP as SAML IDP ) plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.15.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-11-16 | 7.2 | CVE-2024-9887 |
Dang Ngoc Binh--Audio Record | Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record allows Upload a Web Shell to a Web Server.This issue affects Audio Record: from n/a through 1.0. | 2024-11-11 | 10 | CVE-2024-51792 |
Davor Zeljkovic--Convert Docx2post | Unrestricted Upload of File with Dangerous Type vulnerability in Davor Zeljkovic Convert Docx2post allows Upload a Web Shell to a Web Server.This issue affects Convert Docx2post: from n/a through 1.4. | 2024-11-16 | 9.1 | CVE-2024-52397 |
decidim--decidim | Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0. | 2024-11-13 | 7.7 | CVE-2024-45594 |
decidim-ice--decidim-module-decidim_awesome | An improper neutralization of special elements used in an SQL command in the papertrail/version- model of the decidim_awesome-module <= v0.11.1 (> 0.9.0) allows an authenticated admin user to manipulate sql queries to disclose information, read and write files or execute commands. | 2024-11-12 | 9 | CVE-2024-43415 |
dell -- smartfabric_os10 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | 2024-11-12 | 7.8 | CVE-2024-49557 |
dell -- smartfabric_os10 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | 2024-11-12 | 7.8 | CVE-2024-49558 |
dell -- smartfabric_os10 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | 2024-11-12 | 7.8 | CVE-2024-49560 |
Dell--SmartFabric OS10 Software | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution | 2024-11-12 | 7.8 | CVE-2024-48837 |
Delta Electronics--DIAScreen | If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code. | 2024-11-11 | 7.8 | CVE-2024-39354 |
Delta Electronics--DIAScreen | If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code. | 2024-11-11 | 7.8 | CVE-2024-39605 |
Delta Electronics--DIAScreen | If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code. | 2024-11-11 | 7.8 | CVE-2024-47131 |
dlink -- dsl6740c_firmware | The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user's password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user's account. | 2024-11-11 | 9.8 | CVE-2024-11068 |
dlink -- dsl6740c_firmware | The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | 2024-11-11 | 7.2 | CVE-2024-11062 |
dlink -- dsl6740c_firmware | The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | 2024-11-11 | 7.2 | CVE-2024-11063 |
dlink -- dsl6740c_firmware | The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | 2024-11-11 | 7.2 | CVE-2024-11064 |
dlink -- dsl6740c_firmware | The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet. | 2024-11-11 | 7.2 | CVE-2024-11065 |
dlink -- dsl6740c_firmware | The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page. | 2024-11-11 | 7.2 | CVE-2024-11066 |
dlink -- dsl6740c_firmware | The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password. | 2024-11-11 | 7.5 | CVE-2024-11067 |
DMC--Airin Blog | Deserialization of Untrusted Data vulnerability in DMC Airin Blog allows Object Injection.This issue affects Airin Blog: from n/a through 1.6.1. | 2024-11-16 | 9.8 | CVE-2024-52413 |
DonnellC--Global Gateway e4 | Payeezy Gateway | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC Global Gateway e4 | Payeezy Gateway.This issue affects Global Gateway e4 | Payeezy Gateway: from n/a through 2.0. | 2024-11-14 | 8.6 | CVE-2024-52371 |
DoThatTask--Do That Task | Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through 1.5.5. | 2024-11-14 | 10 | CVE-2024-52374 |
dotnetzip.semverd_project -- dotnetzip.semverd | Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2024-11-13 | 9.8 | CVE-2024-48510 |
Elastic--Kibana | A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html#roles-indices-priv  and Kibana privileges https://www.elastic.co/guide/en/fleet/current/fleet-roles-and-privileges.html  assigned to them. The following Elasticsearch indices permissions are required * write privilege on the system indices .kibana_ingest* Any of the following Kibana privileges are additionally required * Under Fleet the All privilege is granted | 2024-11-14 | 9.1 | CVE-2024-37285 |
Eugen Bobrowski--Debug Tool | Missing Authorization vulnerability in Eugen Bobrowski Debug Tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a through 2.2. | 2024-11-16 | 10 | CVE-2024-52416 |
Flowcraft UX Design Studio--Advanced Personalization | Deserialization of Untrusted Data vulnerability in Flowcraft UX Design Studio Advanced Personalization allows Object Injection.This issue affects Advanced Personalization: from n/a through 1.1.2. | 2024-11-16 | 9.8 | CVE-2024-52411 |
fortinet -- forticlient | A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts. | 2024-11-12 | 8.8 | CVE-2024-36513 |
fortinet -- forticlient | A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering. | 2024-11-12 | 7.8 | CVE-2024-36507 |
Fortinet--FortiClientWindows | A authentication bypass using an alternate path or channel in Fortinet FortiClientWindows version 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0, and 6.4.10 through 6.4.0 allows low privilege attacker to execute arbitrary code with high privilege via spoofed named pipe messages. | 2024-11-13 | 7.8 | CVE-2024-47574 |
Fortinet--FortiManager | A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData at least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests. | 2024-11-12 | 7.5 | CVE-2024-23666 |
Fortinet--FortiOS | A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link. | 2024-11-12 | 7.5 | CVE-2023-50176 |
FraudLabs Pro--FraudLabs Pro SMS Verification | Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs Pro FraudLabs Pro SMS Verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through 1.10.1. | 2024-11-14 | 7.1 | CVE-2024-51688 |
FreeBSD--FreeBSD | The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option. | 2024-11-12 | 7.5 | CVE-2024-45289 |
GeekRMX--Twitter @Anywhere Plus | Cross-Site Request Forgery (CSRF) vulnerability in GeekRMX Twitter @Anywhere Plus allows Stored XSS.This issue affects Twitter @Anywhere Plus: from n/a through 2.0. | 2024-11-14 | 7.1 | CVE-2024-51659 |
GentleSource--Appointmind | Cross-Site Request Forgery (CSRF) vulnerability in GentleSource Appointmind allows Stored XSS.This issue affects Appointmind: from n/a through 4.0.0. | 2024-11-14 | 7.1 | CVE-2024-51679 |
GeoVision--GV-VS12 | Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports. | 2024-11-15 | 9.8 | CVE-2024-11120 |
GitLab--GitLab | An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations. | 2024-11-14 | 8.5 | CVE-2024-9693 |
glpi-project--glpi | GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17. | 2024-11-15 | 8.1 | CVE-2024-40638 |
gogs--gogs/gogs | A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution. | 2024-11-15 | 10 | CVE-2022-1884 |
google -- android | In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-13 | 7.8 | CVE-2024-43093 |
Google--Android | In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-13 | 8.4 | CVE-2024-31337 |
Google--Android | In multiple locations, there is a possible permissions bypass due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-13 | 8.4 | CVE-2024-34719 |
Google--Android | In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-13 | 8.4 | CVE-2024-34729 |
Google--Android | In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-13 | 8.4 | CVE-2024-34747 |
Google--Android | In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-13 | 8.4 | CVE-2024-43087 |
Google--Android | In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-13 | 8.4 | CVE-2024-43088 |
Google--Android | In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-13 | 8.8 | CVE-2024-43091 |
Google--Android | In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-13 | 7.8 | CVE-2024-40660 |
Google--Android | In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-13 | 7.8 | CVE-2024-40661 |
Google--Android | In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-13 | 7.8 | CVE-2024-40671 |
Google--Android | In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-13 | 7.8 | CVE-2024-43080 |
Google--Android | In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-13 | 7.8 | CVE-2024-43081 |
Google--Android | In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-13 | 7.8 | CVE-2024-43085 |
Google--Android | In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-13 | 7.8 | CVE-2024-43089 |
Google--Chrome | Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2024-11-12 | 8.8 | CVE-2024-11113 |
Google--Chrome | Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | 2024-11-12 | 8.3 | CVE-2024-11114 |
Google--Chrome | Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium) | 2024-11-12 | 8.8 | CVE-2024-11115 |
Google--Chrome | Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2024-11-12 | 7.5 | CVE-2024-11112 |
Grand Vice info--Webopac | Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server. | 2024-11-11 | 9.8 | CVE-2024-11018 |
Grand Vice info--Webopac | Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server. | 2024-11-11 | 8.8 | CVE-2024-11017 |
Grand Vice info--Webopac7 | Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents. | 2024-11-11 | 9.8 | CVE-2024-11020 |
Halyra--CDI | Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI.This issue affects CDI: from n/a through 5.5.3. | 2024-11-16 | 9.1 | CVE-2024-52398 |
Henrik Hoff--WP Course Manager | Cross-Site Request Forgery (CSRF) vulnerability in Henrik Hoff WP Course Manager allows Stored XSS.This issue affects WP Course Manager: from n/a through 1.3. | 2024-11-14 | 7.1 | CVE-2024-51658 |
Hive Support--Hive Support WordPress Help Desk | Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support - WordPress Help Desk allows Upload a Web Shell to a Web Server.This issue affects Hive Support - WordPress Help Desk: from n/a through 1.1.1. | 2024-11-14 | 9.9 | CVE-2024-52370 |
ibm -- soar | IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism. | 2024-11-14 | 8.1 | CVE-2024-45670 |
IBM--Engineering Insights | IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | 2024-11-15 | 8.2 | CVE-2024-39726 |
IBM--Sterling Secure Proxy | IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot dot" sequences (/.../) to view arbitrary files on the system. | 2024-11-15 | 7.5 | CVE-2024-41784 |
icdsoft--MultiManager WP Manage All Your WordPress Sites Easily | The MultiManager WP - Manage All Your WordPress Sites Easily plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.5. This is due to the user impersonation feature inappropriately determining the current user via user-supplied input. This makes it possible for unauthenticated attackers to generate an impersonation link that will allow them to log in as any existing user, such as an administrator. NOTE: The user impersonation feature was disabled in version 1.1.0 and re-enabled with a patch in version 1.1.2. | 2024-11-13 | 9.8 | CVE-2024-11028 |
Icinga--icinga2 | Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12. | 2024-11-12 | 9.8 | CVE-2024-49369 |
ivanti -- avalanche | A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 2024-11-12 | 7.5 | CVE-2024-50317 |
ivanti -- avalanche | A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 2024-11-12 | 7.5 | CVE-2024-50318 |
ivanti -- avalanche | An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 2024-11-12 | 7.5 | CVE-2024-50319 |
ivanti -- avalanche | An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 2024-11-12 | 7.5 | CVE-2024-50320 |
ivanti -- avalanche | An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | 2024-11-12 | 7.5 | CVE-2024-50321 |
ivanti -- connect_secure | Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 2024-11-12 | 7.2 | CVE-2024-11007 |
ivanti -- connect_secure | A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | 2024-11-12 | 7.5 | CVE-2024-47907 |
Ivanti--Avalanche | An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. | 2024-11-12 | 7.5 | CVE-2024-50331 |
Ivanti--Connect Secure | Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 2024-11-12 | 9.1 | CVE-2024-11005 |
Ivanti--Connect Secure | Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 2024-11-12 | 9.1 | CVE-2024-11006 |
Ivanti--Connect Secure | Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 2024-11-13 | 9.1 | CVE-2024-38656 |
Ivanti--Connect Secure | Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | 2024-11-12 | 8.4 | CVE-2024-11004 |
Ivanti--Connect Secure | A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution. | 2024-11-12 | 8.8 | CVE-2024-9420 |
Ivanti--Connect Secure | Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 and Ivanti Policy Secure before version 22.6R1 allow a local authenticated attacker to escalate their privileges. | 2024-11-13 | 7.8 | CVE-2024-39709 |
Ivanti--Connect Secure | Excessive binary privileges in Ivanti Connect Secure which affects versions 22.4R2 through 22.7R2.2 inclusive within the R2 release line and Ivanti Policy Secure before version 22.7R1.2 allow a local authenticated attacker to escalate privileges. | 2024-11-12 | 7.8 | CVE-2024-47906 |
Ivanti--Connect Secure | A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service. | 2024-11-12 | 7.5 | CVE-2024-8495 |
Ivanti--Endpoint Manager | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. | 2024-11-12 | 9.8 | CVE-2024-50330 |
Ivanti--Endpoint Manager | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | 2024-11-12 | 8.8 | CVE-2024-50329 |
Ivanti--Endpoint Manager | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | 2024-11-12 | 7.8 | CVE-2024-50322 |
Ivanti--Endpoint Manager | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | 2024-11-12 | 7.8 | CVE-2024-50323 |
Ivanti--Endpoint Manager | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 2024-11-12 | 7.2 | CVE-2024-50324 |
Ivanti--Endpoint Manager | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 2024-11-12 | 7.2 | CVE-2024-50326 |
Ivanti--Endpoint Manager | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 2024-11-12 | 7.2 | CVE-2024-50327 |
Ivanti--Endpoint Manager | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 2024-11-12 | 7.2 | CVE-2024-50328 |
Ivanti--EPM | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 2024-11-13 | 7.2 | CVE-2024-32844 |
Ivanti--Secure Access Client | Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | 2024-11-12 | 7.8 | CVE-2024-7571 |
Ivanti--Secure Access Client | Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. | 2024-11-12 | 7.1 | CVE-2024-8539 |
Ivanti--Secure Access Client | Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. | 2024-11-12 | 7.3 | CVE-2024-9842 |
Jenkins Project--Jenkins Authorize Project Plugin | Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2024-11-13 | 8 | CVE-2024-52552 |
Jenkins Project--Jenkins OpenId Connect Authentication Plugin | Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login. | 2024-11-13 | 8.8 | CVE-2024-52553 |
Jenkins Project--Jenkins Pipeline: Declarative Plugin | Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. | 2024-11-13 | 8 | CVE-2024-52551 |
Jenkins Project--Jenkins Shared Library Version Override Plugin | Jenkins Shared Library Version Override Plugin 17.v786074c9fce7 and earlier declares folder-scoped library overrides as trusted, so that they're not executed in the Script Security sandbox, allowing attackers with Item/Configure permission on a folder to configure a folder-scoped library override that runs without sandbox protection. | 2024-11-13 | 8.8 | CVE-2024-52554 |
Joshua Wolfe--The Novel Design Store Directory | Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through 4.3.0. | 2024-11-11 | 10 | CVE-2024-51788 |
kanboard--kanboard | Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `path` entry in the `project_has_files` SQLite db. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, can set arbitrary file links, by abusing path traversals. Once the modified db is uploaded and the project page is accessed, a file download can be triggered and all files, readable in the context of the Kanboard application permissions, can be downloaded. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-11 | 9.1 | CVE-2024-51747 |
kanboard--kanboard | Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting `application_language` in the `settings` table. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, has control over the filepath, which is loaded. Exploiting this vulnerability has one constraint: the attacker must be able to place a file (called translations.php) on the system. However, this is not impossible, think of anonymous FTP server or another application that allows uploading files. Once the attacker has placed its file with the actual php code as the payload, the attacker can craft a sqlite db settings, which uses path traversal to point to the directory, where the `translations.php` file is stored. Then gaining code execution after importing the crafted sqlite.db. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-11 | 9.1 | CVE-2024-51748 |
KCT--Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One | Missing Authorization vulnerability in KCT Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One: from n/a through 2.1.2. | 2024-11-14 | 7.5 | CVE-2024-52383 |
Kinetic Innovative Technologies Sdn Bhd--kineticPay for WooCommerce | Unrestricted Upload of File with Dangerous Type vulnerability in Kinetic Innovative Technologies Sdn Bhd kineticPay for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through 2.0.8. | 2024-11-14 | 10 | CVE-2024-52379 |
Labs64--DigiPass | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Labs64 DigiPass allows Absolute Path Traversal.This issue affects DigiPass: from n/a through 0.3.0. | 2024-11-14 | 7.5 | CVE-2024-52378 |
Laravel-Backpack--FileManager | FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9. | 2024-11-13 | 7.6 | CVE-2024-52306 |
laurent22--joplin | Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a> tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution. | 2024-11-14 | 7.7 | CVE-2024-49362 |
librenms--librenms | LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result in the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0. | 2024-11-15 | 7.5 | CVE-2024-49754 |
Made I.T.--Forms | Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through 2.8.0. | 2024-11-11 | 10 | CVE-2024-51791 |
Medma Technologies--Matix Popup Builder | Missing Authorization vulnerability in Medma Technologies Matix Popup Builder allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through 1.0.0. | 2024-11-14 | 9.8 | CVE-2024-52382 |
melapress--WP Activity Log | The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user_id parameter in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page. | 2024-11-15 | 7.2 | CVE-2024-10793 |
microsoft -- 365_apps | Microsoft Excel Remote Code Execution Vulnerability | 2024-11-12 | 7.8 | CVE-2024-49026 |
microsoft -- 365_apps | Microsoft Excel Remote Code Execution Vulnerability | 2024-11-12 | 7.8 | CVE-2024-49027 |
microsoft -- 365_apps | Microsoft Excel Remote Code Execution Vulnerability | 2024-11-12 | 7.8 | CVE-2024-49029 |
microsoft -- 365_apps | Microsoft Excel Remote Code Execution Vulnerability | 2024-11-12 | 7.8 | CVE-2024-49030 |
microsoft -- 365_apps | Microsoft Word Security Feature Bypass Vulnerability | 2024-11-12 | 7.5 | CVE-2024-49033 |
microsoft -- exchange_server | Microsoft Exchange Server Spoofing Vulnerability | 2024-11-12 | 7.5 | CVE-2024-49040 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-48994 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-48995 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-48996 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-48997 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-48998 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-48999 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49000 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49001 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49002 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49003 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49004 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49005 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49006 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49007 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49008 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49009 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49010 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49011 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49012 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49013 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49014 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49015 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49016 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49017 |
microsoft -- sql_server_2016 | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49018 |
microsoft -- sql_server_2016 | Microsoft SQL Server Remote Code Execution Vulnerability | 2024-11-12 | 7.8 | CVE-2024-49021 |
microsoft -- sql_server_2016 | Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability | 2024-11-12 | 7.8 | CVE-2024-49043 |
microsoft -- windows_10_1507 | Windows Telephony Service Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-43620 |
microsoft -- windows_10_1507 | Windows Telephony Service Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-43621 |
microsoft -- windows_10_1507 | Windows Telephony Service Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-43622 |
microsoft -- windows_10_1507 | Windows Task Scheduler Elevation of Privilege Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49039 |
microsoft -- windows_10_1507 | Windows NT OS Kernel Elevation of Privilege Vulnerability | 2024-11-12 | 7.8 | CVE-2024-43623 |
microsoft -- windows_11_22h2 | Microsoft Windows VMSwitch Elevation of Privilege Vulnerability | 2024-11-12 | 8.1 | CVE-2024-43625 |
Microsoft--airlift.microsoft.com | Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network. | 2024-11-12 | 7.3 | CVE-2024-49056 |
Microsoft--Azure CycleCloud | Azure CycleCloud Remote Code Execution Vulnerability | 2024-11-12 | 9.9 | CVE-2024-43602 |
Microsoft--Azure Database for PostgreSQL Flexible Server | Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability | 2024-11-12 | 7.2 | CVE-2024-43613 |
Microsoft--Azure Database for PostgreSQL Flexible Server | Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability | 2024-11-12 | 7.2 | CVE-2024-49042 |
Microsoft--Azure Stack HCI | Azure Stack HCI Elevation of Privilege Vulnerability | 2024-11-15 | 8.8 | CVE-2024-49060 |
Microsoft--LightGBM | LightGBM Remote Code Execution Vulnerability | 2024-11-12 | 8.1 | CVE-2024-43598 |
Microsoft--Microsoft Office LTSC for Mac 2024 | Microsoft Excel Remote Code Execution Vulnerability | 2024-11-12 | 7.8 | CVE-2024-49028 |
Microsoft--Microsoft Office LTSC for Mac 2024 | Microsoft Office Graphics Remote Code Execution Vulnerability | 2024-11-12 | 7.8 | CVE-2024-49031 |
Microsoft--Microsoft Office LTSC for Mac 2024 | Microsoft Office Graphics Remote Code Execution Vulnerability | 2024-11-12 | 7.8 | CVE-2024-49032 |
Microsoft--Microsoft PC Manager | Microsoft PC Manager Elevation of Privilege Vulnerability | 2024-11-12 | 7.8 | CVE-2024-49051 |
Microsoft--Microsoft SQL Server 2017 (GDR) | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-38255 |
Microsoft--Microsoft SQL Server 2017 (GDR) | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-43459 |
Microsoft--Microsoft SQL Server 2017 (GDR) | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-48993 |
Microsoft--Microsoft SQL Server 2019 (CU 29) | SQL Server Native Client Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-43462 |
Microsoft--Microsoft TorchGeo | TorchGeo Remote Code Execution Vulnerability | 2024-11-12 | 8.1 | CVE-2024-49048 |
Microsoft--Microsoft Visual Studio 2022 version 17.6 | .NET and Visual Studio Denial of Service Vulnerability | 2024-11-12 | 7.5 | CVE-2024-43499 |
Microsoft--Microsoft Visual Studio 2022 version 17.8 | .NET and Visual Studio Remote Code Execution Vulnerability | 2024-11-12 | 9.8 | CVE-2024-43498 |
Microsoft--Python extension for Visual Studio Code | Visual Studio Code Python Extension Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-49050 |
Microsoft--Visual Studio Code Remote - SSH Extension | Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | 2024-11-12 | 7.1 | CVE-2024-49049 |
Microsoft--Windows 10 Version 1809 | Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability | 2024-11-12 | 8.8 | CVE-2024-43624 |
Microsoft--Windows 10 Version 1809 | Windows Telephony Service Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-43627 |
Microsoft--Windows 10 Version 1809 | Windows Telephony Service Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-43628 |
Microsoft--Windows 10 Version 1809 | Windows Telephony Service Remote Code Execution Vulnerability | 2024-11-12 | 8.8 | CVE-2024-43635 |
Microsoft--Windows 10 Version 1809 | Windows Registry Elevation of Privilege Vulnerability | 2024-11-12 | 7.5 | CVE-2024-43452 |
Microsoft--Windows 10 Version 1809 | Windows Telephony Service Elevation of Privilege Vulnerability | 2024-11-12 | 7.8 | CVE-2024-43626 |
Microsoft--Windows 10 Version 1809 | Win32k Elevation of Privilege Vulnerability | 2024-11-12 | 7.8 | CVE-2024-43636 |
Microsoft--Windows 10 Version 1809 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability | 2024-11-12 | 7.8 | CVE-2024-49046 |
Microsoft--Windows Server 2019 | Windows DNS Spoofing Vulnerability | 2024-11-12 | 7.5 | CVE-2024-43450 |
Microsoft--Windows Server 2019 | Active Directory Certificate Services Elevation of Privilege Vulnerability | 2024-11-12 | 7.8 | CVE-2024-49019 |
Microsoft--Windows Server 2022 | Windows SMBv3 Server Remote Code Execution Vulnerability | 2024-11-12 | 8.1 | CVE-2024-43447 |
Microsoft--Windows Server 2022 | Windows Update Stack Elevation of Privilege Vulnerability | 2024-11-12 | 7.8 | CVE-2024-43530 |
Microsoft--Windows Server 2022 | Windows Kernel Elevation of Privilege Vulnerability | 2024-11-12 | 7.8 | CVE-2024-43630 |
Microsoft--Windows Server 2022 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 2024-11-12 | 7.8 | CVE-2024-43640 |
Microsoft--Windows Server 2025 | Windows KDC Proxy Remote Code Execution Vulnerability | 2024-11-12 |