Total
82278 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-8933 | 2024-11-13 | N/A | 7.5 HIGH | ||
| CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause retrieval of password hash that could lead to denial of service and loss of confidentiality and integrity of controllers. To be successful, the attacker needs to inject themself inside the logical network while a valid user uploads or downloads a project file into the controller. | |||||
| CVE-2024-4741 | 2024-11-13 | N/A | 7.5 HIGH | ||
| Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. | |||||
| CVE-2024-10629 | 2024-11-13 | N/A | 8.8 HIGH | ||
| The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxv_file_upload() function in all versions up to, and including, 2.2.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-8938 | 2024-11-13 | N/A | 8.1 HIGH | ||
| CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a potential arbitrary code execution after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call to tamper with memory area involved in memory size computation. | |||||
| CVE-2024-10816 | 2024-11-13 | N/A | 7.5 HIGH | ||
| The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.24.01.24 via the js/fallback.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | |||||
| CVE-2024-2208 | 2024-11-13 | N/A | 8.8 HIGH | ||
| Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities. | |||||
| CVE-2024-45763 | 1 Dell | 1 Enterprise Sonic Distribution | 2024-11-13 | N/A | 7.2 HIGH |
| Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2024-47769 | 1 Idurarapp | 1 Idurar | 2024-11-13 | N/A | 7.5 HIGH |
| IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location. | |||||
| CVE-2024-47768 | 1 Lifplatforms | 1 Lif Authentication Server | 2024-11-13 | N/A | 8.1 HIGH |
| Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3. | |||||
| CVE-2024-43314 | 1 Gabelivan | 1 Asset Cleanup | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.3. | |||||
| CVE-2024-43332 | 1 Meowapps | 1 Photo Engine | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Jordy Meow Photo Engine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Engine: from n/a through 6.4.0. | |||||
| CVE-2024-43343 | 1 Etoilewebdesign | 1 Order Tracking | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Etoile Web Design Order Tracking allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Order Tracking: from n/a through 3.3.12. | |||||
| CVE-2024-43355 | 1 Beardev | 1 Joomsport | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in BearDev JoomSport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JoomSport: from n/a through 5.3.0. | |||||
| CVE-2024-43925 | 1 Enviragallery | 1 Envira Gallery | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Envira Gallery Team Envira Photo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envira Photo Gallery: from n/a through 1.8.14. | |||||
| CVE-2024-43932 | 1 Posimyth | 1 The Plus Addons For Elementor | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.2. | |||||
| CVE-2024-48039 | 1 Cubewp | 1 Cubewp | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in CubeWP CubeWP – All-in-One Dynamic Content Framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP – All-in-One Dynamic Content Framework: from n/a through 1.1.15. | |||||
| CVE-2024-48044 | 1 Shortpixel | 1 Image Optimizer | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in ShortPixel – Convert WebP/AVIF & Optimize Images ShortPixel Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through 5.6.3. | |||||
| CVE-2024-48045 | 1 Leevio | 1 Happy Addons For Elementor | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in Leevio Happy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through 3.12.3. | |||||
| CVE-2024-43293 | 1 Wpzoom | 1 Recipe Card Blocks For Gutenberg \& Elementor | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in WPZOOM Recipe Card Blocks for Gutenberg & Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Recipe Card Blocks for Gutenberg & Elementor: from n/a through 3.3.1. | |||||
| CVE-2024-43296 | 1 Bplugins | 1 Html5 Video Player | 2024-11-13 | N/A | 8.8 HIGH |
| Missing Authorization vulnerability in bPlugins LLC Flash & HTML5 Video allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flash & HTML5 Video: from n/a through 2.5.30. | |||||