Security Vulnerabilities - CVEs Published In December 2024
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-12-09
A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-12-09
A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-12-09
RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-12-09
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-12-09
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-12-09
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-12-09
Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.008
Published
2024-12-09
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-12-09
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-12-09