Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-06 | CVE-2024-11220 | Incorrect Permission Assignment for Critical Resource vulnerability in Openautomationsoftware Open Automation Software A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. | 7.8 |
| 2024-12-06 | CVE-2024-42494 | Privacy Violation vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services | 7.5 |
| 2024-12-06 | CVE-2024-51727 | Premature Release of Resource During Expected Lifetime vulnerability in Ruijienetworks Reyee OS Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account. | 7.5 |
| 2024-12-06 | CVE-2024-53803 | Missing Authorization vulnerability in Wpmailster WP Mailster Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. | 8.8 |
| 2024-12-06 | CVE-2024-53804 | Unspecified vulnerability in Wpmailster WP Mailster Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0. | 7.5 |
| 2024-12-06 | CVE-2024-53808 | SQL Injection vulnerability in Basixonline Nex-Forms Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8. | 7.2 |
| 2024-12-06 | CVE-2024-11728 | Unspecified vulnerability in Iqonic Kivicare The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2024-12-06 | CVE-2024-53141 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. | 7.8 |
| 2024-12-06 | CVE-2024-53142 | Out-of-bounds Write vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALGN(4) + data ... 55 ============= ================== ========================= 56 Field name Field size Meaning 57 ============= ================== ========================= ... 70 c_namesize 8 bytes Length of filename, including final \0 When extracting an initramfs cpio archive, the kernel's do_name() path handler assumes a zero-terminated path at @collected, passing it directly to filp_open() / init_mkdir() / init_mknod(). If a specially crafted cpio entry carries a non-zero-terminated filename and is followed by uninitialized memory, then a file may be created with trailing characters that represent the uninitialized memory. | 7.8 |
| 2024-12-05 | CVE-2024-30961 | Unspecified vulnerability in Openrobotics Robot Operating System 2 Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. | 7.8 |