Security Vulnerabilities - CVEs Published In November 2024
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-11-13
In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-11-13
A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-11-13
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function.
CVSS Score
8.8
EPSS Score
0.006
Published
2024-11-13
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024.
NOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support.
CVSS Score
4.6
EPSS Score
0.001
Published
2024-11-13
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function.
CVSS Score
8.8
EPSS Score
0.051
Published
2024-11-13
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.
CVSS Score
8.8
EPSS Score
0.051
Published
2024-11-13
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
9.8
EPSS Score
0.023
Published
2024-11-13
A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.
CVSS Score
4.3
EPSS Score
0.003
Published
2024-11-13
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in theĀ REGEX and P parameters.
This issue affects MirrorCache before 1.083.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-11-13