Security Vulnerabilities - CVEs Published In 2024
A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-12-17
A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-12-17
A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-12-17
A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-12-17
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration).
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
CVSS Score
9.8
EPSS Score
0.898
Published
2024-12-17
Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions
may also be affected.
Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.
CVSS Score
5.3
EPSS Score
0.059
Published
2024-12-17
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-12-17
The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_email' function to ensure the requesting user is the intended recipient of the purchase receipt. This makes it possible for unauthenticated attackers to bypass intended security restrictions and view the receipts of other users, which contains a link to download paid content. Successful exploitation requires knowledge of another customers email address as well as the file ID of the content they purchased.
CVSS Score
3.7
EPSS Score
0.002
Published
2024-12-17
The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks.
CVSS Score
5.3
EPSS Score
0.011
Published
2024-12-17
Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-12-17