Latest Security Vulnerabilities

Saturday December 21, 2024

IBM I

CVE-2024-51463 IBM i Server-Side Request Forgery (SSRF) Vulnerability
CVE-2024-51464 IBM i Navigator for i Interface Restriction Bypass Vulnerability
CVE-2024-47104 IBM i 7.4/7.5 Authenticated User Privilege Escalation via Physical File Security Attributes
 

Unclassified

CVE-2024-12875 Easy Digital Downloads Plugin Directory Traversal Vulnerability
CVE-2024-11349 AdForest WordPress Theme Authentication Bypass Vulnerability
CVE-2023-31279 AirVantage Platform Unauthorized Device Registration Vulnerability
CVE-2023-31280 Sierra Wireless AirVantage Warranty Checker Bulk Enumeration Vulnerability
CVE-2024-12591 MagicPost WordPress Plugin Stored XSS Vulnerability in wb_share_social Shortcode
CVE-2024-12884 Codezips E-Commerce Website SQL Injection Vulnerability in login.php
CVE-2024-12883 Cross-Site Scripting (XSS) Vulnerability in Job Recruitment System
CVE-2024-12846 Emlog Pro: Cross-Site Scripting (XSS) Vulnerability in /admin/link.php
CVE-2020-9250 Huawei Smart Phone Insufficient Authentication Vulnerability
And others...

Friday December 20, 2024

Apple macOS

CVE-2024-44298 macOS Sequoia: Contact Information Leak via Log Entries
CVE-2024-44293 macOS Sequoia Log Entries Sensitive Data Exposure
CVE-2024-44292 macOS Sequoia: Sensitive User Data Exposure via Log Entries
CVE-2024-44231 macOS Sequoia Login Window Bypass Vulnerability
CVE-2024-44223 macOS Login Window Protected Content Exposure Vulnerability
CVE-2024-44211 macOS Sequoia Symlink Validation Bypass Vulnerability
CVE-2024-44195 macOS Sequoia Arbitrary File Read Vulnerability in App Validation

Apple visionOS

CVE-2024-54538 Apple Multiple Products Denial-of-Service Vulnerability in Input Validation

Apache Tomcat

CVE-2024-56337 Apache Tomcat TOCTOU Race Condition Vulnerability in Default Servlet
 

Unclassified

CVE-2024-12875 Easy Digital Downloads Plugin Directory Traversal Vulnerability
CVE-2024-11349 AdForest WordPress Theme Authentication Bypass Vulnerability
CVE-2023-31279 AirVantage Platform Unauthorized Device Registration Vulnerability
CVE-2023-31280 Sierra Wireless AirVantage Warranty Checker Bulk Enumeration Vulnerability
CVE-2024-12591 MagicPost WordPress Plugin Stored XSS Vulnerability in wb_share_social Shortcode
CVE-2024-12884 Codezips E-Commerce Website SQL Injection Vulnerability in login.php
CVE-2024-12883 Cross-Site Scripting (XSS) Vulnerability in Job Recruitment System
CVE-2024-12846 Emlog Pro: Cross-Site Scripting (XSS) Vulnerability in /admin/link.php
CVE-2020-9250 Huawei Smart Phone Insufficient Authentication Vulnerability
And others...

Apple Garageband

CVE-2023-42867 GarageBand Entitlement Validation Bypass Root Privilege Escalation Vulnerability

JetBrains Teamcity

CVE-2024-56348 JetBrains TeamCity Improper Access Control Vulnerability in Agent Details
CVE-2024-56349 JetBrains TeamCity Improper Access Control Vulnerability in Build Logs
CVE-2024-56350 JetBrains TeamCity Unauthorized Project Viewing Vulnerability
CVE-2024-56351 JetBrains TeamCity Access Token Revocation Failure
CVE-2024-56352 JetBrains TeamCity Stored XSS Vulnerability in Agent Details Page
CVE-2024-56353 JetBrains TeamCity Backup File Exposure Vulnerability
CVE-2024-56354 JetBrains TeamCity Password Field Access Vulnerability
CVE-2024-56355 JetBrains TeamCity RemoteBuildLogController XSS Vulnerability
CVE-2024-56356 JetBrains TeamCity XMLParser XXE Vulnerability

IBM Cognos Analytics

CVE-2024-40695 IBM Cognos Analytics Malicious File Upload Vulnerability
CVE-2024-51466 IBM Cognos Analytics EL Injection Vulnerability
CVE-2024-25042 IBM Cognos Analytics Cross Site Scripting (XSS) Vulnerability in Column Headings
CVE-2024-41752 IBM Cognos Analytics HTML Injection Vulnerability
CVE-2024-45082 IBM Cognos Analytics Open Redirect Vulnerability

Red Hat Satellite

CVE-2024-12840 Server-Side Request Forgery in Red Hat Satellite HTTP Proxy Connection Testing

HashiCorp Nomad

CVE-2024-12678 HashiCorp Nomad Privilege Escalation via Unredacted Workload Identity Tokens

IBM Security Directory Integrator

CVE-2024-28767 IBM Security Directory Integrator Remote Command Execution Vulnerability

Spatie Browsershot

CVE-2024-21549 spatie/browsershot: Improper Input Validation in setUrl Method

WordPress

CVE-2024-11331 WordPress Plugin '??????? ??????? ??????? ???? ????': Reflected XSS Vulnerability

Uptimekuma Uptime Kuma

CVE-2024-56331 Uptime Kuma Improper URL Handling Vulnerability in Real-Browser Request Type

Thursday December 19, 2024

VMware Spring Framework

CVE-2024-38819 Spring Framework Path Traversal Vulnerability in WebMvc.fn and WebFlux.fn

Canonical Ubuntu Linux

CVE-2024-2201 Intel Linux Kernel Spectre v2 Cross-Privilege Memory Leak Vulnerability
 

Unclassified

CVE-2024-12875 Easy Digital Downloads Plugin Directory Traversal Vulnerability
CVE-2024-11349 AdForest WordPress Theme Authentication Bypass Vulnerability
CVE-2023-31279 AirVantage Platform Unauthorized Device Registration Vulnerability
CVE-2023-31280 Sierra Wireless AirVantage Warranty Checker Bulk Enumeration Vulnerability
CVE-2024-12591 MagicPost WordPress Plugin Stored XSS Vulnerability in wb_share_social Shortcode
CVE-2024-12884 Codezips E-Commerce Website SQL Injection Vulnerability in login.php
CVE-2024-12883 Cross-Site Scripting (XSS) Vulnerability in Job Recruitment System
CVE-2024-12846 Emlog Pro: Cross-Site Scripting (XSS) Vulnerability in /admin/link.php
CVE-2020-9250 Huawei Smart Phone Insufficient Authentication Vulnerability
And others...

Adobe Acrobat

CVE-2023-21586 Adobe Acrobat Reader NULL Pointer Dereference Vulnerability

Fortinet FortiOS

CVE-2020-12820 FortiOS SSL VPN Stack-based Buffer Overflow Vulnerability

Fortinet FortiClient

CVE-2020-15934 FortiClient VCM Engine Privilege Escalation Vulnerability
CVE-2024-50570 FortiClient: Cleartext Storage of Sensitive Information in VPN Password Handling

Fortinet FortiManager

CVE-2021-32589 Fortinet FortiManager/FortiAnalyzer Use After Free Vulnerability
CVE-2024-48889 FortiManager OS Command Injection Vulnerability in FGFM

Discourse

CVE-2024-53991 Discourse Local File Disclosure Vulnerability in FileStore::LocalStore
CVE-2024-49765 Discourse Connect Local Login Bypass Vulnerability

IBM Mq Appliance

CVE-2024-52897 IBM MQ Appliance Web Console Sensitive Information Disclosure Vulnerability
CVE-2024-51471 IBM MQ Appliance Web Console Buffer Overflow Denial-of-Service Vulnerability

Citrix Xen Xen

CVE-2024-45819 Xen Hypervisor ACPI Table Construction Information Disclosure Vulnerability
CVE-2024-45818 Xen Hypervisor VGA Memory Access Deadlock Vulnerability

Sophos Firewall

CVE-2024-12729 Sophos Firewall User Portal Remote Code Execution Vulnerability
CVE-2024-12727 Sophos Firewall SQL Injection Vulnerability in Email Protection Feature

IBM Security Guardium

CVE-2024-49336 IBM Security Guardium SSRF Vulnerability

IBM Sterling B2b Integrator

CVE-2021-20553 IBM Sterling B2B Integrator Standard Edition XSS Vulnerability in Web UI

Fortinet Fortiwan

CVE-2021-26102 FortiWAN Path Traversal Vulnerability in File Deletion
CVE-2021-26115 FortiWAN CLI OS Command Injection Privilege Escalation Vulnerability

IBM Infosphere Information Server

CVE-2021-29827 IBM InfoSphere Information Server Clickjacking Vulnerability

Checkmk

CVE-2024-38864 Checkmk Windows Agent: Incorrect Permissions on Data Directory

Rockwellautomation Arena

CVE-2024-12672 Rockwell Automation Arena® Out-of-Bounds Write Vulnerability in DOE File Handling
CVE-2024-12175 Rockwell Automation Arena Use-After-Free Code Execution Vulnerability in DOE File Handling
CVE-2024-11364 Rockwell Automation Arena Uninitialized Variable Code Execution Vulnerability
CVE-2024-11157 Rockwell Automation Arena® Out-of-Bounds Write Vulnerability in DOE File Handling

Kanboard

CVE-2024-55603 Kanboard Session Lifetime Validation Bypass Vulnerability

Wednesday December 18, 2024

Google Chrome

CVE-2024-12695 Google Chrome V8 Engine Out-of-Bounds Write Vulnerability
CVE-2024-12694 Google Chrome Compositing Use After Free Vulnerability
CVE-2024-12693 Google Chrome V8 Engine Out-of-Bounds Memory Access Vulnerability
CVE-2024-12692 Google Chrome V8 Engine Type Confusion Vulnerability

Microsoft Powerpoint

CVE-2024-39804 Microsoft PowerPoint Library Injection Vulnerability on macOS

Microsoft Teams

CVE-2024-41138 Microsoft Teams macOS Helper App Library Injection Vulnerability
CVE-2024-41145 Microsoft Teams WebView.app Helper Library Injection Vulnerability
CVE-2024-42004 Microsoft Teams Library Injection Vulnerability on macOS

Microsoft Word

CVE-2024-41165 Microsoft Word Library Injection Vulnerability on macOS

Microsoft Outlook

CVE-2024-42220 Microsoft Outlook Library Injection Vulnerability on macOS

Microsoft Excel

CVE-2024-43106 Microsoft Excel Library Injection Vulnerability on macOS

Microsoft Onenote

CVE-2024-41159 Microsoft OneNote Library Injection Vulnerability on macOS

Red Hat Openshift

CVE-2024-12698 OpenShift Container Platform: Incomplete Fix for Rapid Reset Vulnerability in OLM Catalogd Container

Apache Kafka

CVE-2024-56128 Apache Kafka SCRAM Authentication Bypass Vulnerability
 

Unclassified

CVE-2024-12875 Easy Digital Downloads Plugin Directory Traversal Vulnerability
CVE-2024-11349 AdForest WordPress Theme Authentication Bypass Vulnerability
CVE-2023-31279 AirVantage Platform Unauthorized Device Registration Vulnerability
CVE-2023-31280 Sierra Wireless AirVantage Warranty Checker Bulk Enumeration Vulnerability
CVE-2024-12591 MagicPost WordPress Plugin Stored XSS Vulnerability in wb_share_social Shortcode
CVE-2024-12884 Codezips E-Commerce Website SQL Injection Vulnerability in login.php
CVE-2024-12883 Cross-Site Scripting (XSS) Vulnerability in Job Recruitment System
CVE-2024-12846 Emlog Pro: Cross-Site Scripting (XSS) Vulnerability in /admin/link.php
CVE-2020-9250 Huawei Smart Phone Insufficient Authentication Vulnerability
And others...

Foxit Software Foxit Reader

CVE-2024-47810 Foxit Reader 3D Page Object Use-After-Free Vulnerability
CVE-2024-49576 Foxit Reader Use-After-Free Vulnerability in CBF_Widget Object

Fortinet FortiManager

CVE-2021-32589 Fortinet FortiManager/FortiAnalyzer Use After Free Vulnerability
CVE-2024-48889 FortiManager OS Command Injection Vulnerability in FGFM

Envoyproxy Envoy

CVE-2024-53271 Envoy HTTP/1.1 Non-101 1xx Response Handling Vulnerability
CVE-2024-53270 Envoy Proxy Null Pointer Dereference Vulnerability in HTTP/1 Server Abort Dispatch
CVE-2024-53269 Envoy Proxy Happy Eyeballs Algorithm Crash Vulnerability

Fortinet FortiClient

CVE-2020-15934 FortiClient VCM Engine Privilege Escalation Vulnerability
CVE-2024-50570 FortiClient: Cleartext Storage of Sensitive Information in VPN Password Handling

IBM Mq

CVE-2024-51470 IBM MQ Multiple Versions Denial of Service Vulnerability

IBM I

CVE-2024-51463 IBM i Server-Side Request Forgery (SSRF) Vulnerability
CVE-2024-51464 IBM i Navigator for i Interface Restriction Bypass Vulnerability
CVE-2024-47104 IBM i 7.4/7.5 Authenticated User Privilege Escalation via Physical File Security Attributes

IBM Cognos Analytics

CVE-2024-40695 IBM Cognos Analytics Malicious File Upload Vulnerability
CVE-2024-51466 IBM Cognos Analytics EL Injection Vulnerability
CVE-2024-25042 IBM Cognos Analytics Cross Site Scripting (XSS) Vulnerability in Column Headings
CVE-2024-41752 IBM Cognos Analytics HTML Injection Vulnerability
CVE-2024-45082 IBM Cognos Analytics Open Redirect Vulnerability

Opencart

CVE-2024-36694 OpenCart: Server-Side Template Injection (SSTI) in Theme Editor

Lifterlms

CVE-2024-12596 LifterLMS Plugin for WordPress Arbitrary Post Deletion Vulnerability

Fortinet Fortiwlm

CVE-2023-34990 Fortinet FortiWLM: Relative Path Traversal Vulnerability in Web Interface

IBM Storage Defender Resiliency Service

CVE-2024-47119 IBM Storage Defender Resiliency Service Certificate Validation Vulnerability