Security Vulnerabilities - CVEs Published In December 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Leuze Meteor Slides meteor-slides allows Stored XSS.This issue affects Meteor Slides: from n/a through <= 1.5.7.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-12-02
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Astoundify Jobify jobify allows Stored XSS.This issue affects Jobify: from n/a through < 4.3.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-12-02
Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Jobify jobify allows Cross Site Request Forgery.This issue affects Jobify: from n/a through < 4.3.0.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-12-02
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-12-02
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-12-02
Memory corruption while processing API calls to NPU with invalid input.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-12-02
Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-12-02
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.
CVSS Score
6.7
EPSS Score
0.001
Published
2024-12-02
Memory corruption while Configuring the SMR/S2CR register in Bypass mode.
CVSS Score
8.4
EPSS Score
0.0
Published
2024-12-02
Memory corruption when multiple threads try to unregister the CVP buffer at the same time.
CVSS Score
6.7
EPSS Score
0.001
Published
2024-12-02