Security Vulnerabilities - CVEs Published In December 2024
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-12-10
IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-12-10
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course material.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-12-10
Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVSS Score
8.2
EPSS Score
0.005
Published
2024-12-10
Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
CVSS Score
7.1
EPSS Score
0.005
Published
2024-12-10
Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.
CVSS Score
7.6
EPSS Score
0.002
Published
2024-12-10
SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-12-10
The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server
CVSS Score
4.9
EPSS Score
0.004
Published
2024-12-10
The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-12-10
The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the contents of arbitrary folders on the server, which can contain sensitive information such as folder structure.
CVSS Score
7.7
EPSS Score
0.016
Published
2024-12-10