CINXE.COM

NVD - NVD Dashboard

<!DOCTYPE html> <html lang="en"> <head> <title>NVD - NVD Dashboard</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <meta http-equiv="content-style-type" content="text/css" /> <meta http-equiv="content-script-type" content="text/javascript" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link href="/site-scripts/font-awesome/css/font-awesome.min.css" type="text/css" rel="stylesheet" /> <link href="/site-media/bootstrap/css/bootstrap.min.css" type="text/css" rel="stylesheet" /> <link href="/site-media/bootstrap/css/bootstrap-theme.min.css" type="text/css" rel="stylesheet" /> <link href="/site-scripts/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css" type="text/css" rel="stylesheet" /> <link href="/site-media/css/nist-fonts.css" type="text/css" rel="stylesheet" /> <link href="/site-media/css/base-style.css" type="text/css" rel="stylesheet" /> <link href="/site-media/css/media-resize.css" type="text/css" rel="stylesheet" /> <meta name="theme-color" content="#000000"> <script src="/site-scripts/jquery/dist/jquery.min.js" type="text/javascript"></script> <script src="/site-scripts/jquery-visible/jquery.visible.min.js" type="text/javascript"></script> <script src="/site-scripts/underscore/underscore-min.js" type="text/javascript"></script> <script src="/site-media/bootstrap/js/bootstrap.js" type="text/javascript"></script> <script src="/site-scripts/moment/min/moment.min.js" type="text/javascript"></script> <script src="/site-scripts/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min.js" type="text/javascript"></script> <script src="/site-media/js/megamenu.js" type="text/javascript"></script> <script src="/site-media/js/nist-exit-script.js" type="text/javascript"></script> <script src="/site-media/js/forms.js" type="text/javascript"></script> <script src="/site-media/js/federated-analytics.all.min.js?agency=NIST&amp;subagency=nvd&amp;pua=UA-37115410-41&amp;yt=true" type="text/javascript" id="_fed_an_js_tag"></script> <!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-4KKFZP12LQ"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-4KKFZP12LQ'); </script> <style id="antiClickjack"> body>* { display: none !important; } #antiClickjack { display: block !important; } </style> <noscript> <style id="antiClickjackNoScript"> body>* { display: block !important; } #antiClickjack { display: none !important; } </style> </noscript> <script type="text/javascript" id="antiClickjackScript"> if (self === top) { // no clickjacking var antiClickjack = document.getElementById("antiClickjack"); antiClickjack.parentNode.removeChild(antiClickjack); } else { setTimeout(tryForward(), 5000); } function tryForward() { top.location = self.location; } </script> <meta charset="UTF-8"> <link href="/site-media/css/nvd-style.css" type="text/css" rel="stylesheet" /> <link href="/site-media/images/favicons/apple-touch-icon.png" rel="apple-touch-icon" type="image/png" sizes="180x180" /> <link href="/site-media/images/favicons/favicon-32x32.png" rel="icon" type="image/png" sizes="32x32" /> <link href="/site-media/images/favicons/favicon-16x16.png" rel="icon" type="image/png" sizes="16x16" /> <link href="/site-media/images/favicons/manifest.json" rel="manifest" /> <link href="/site-media/images/favicons/safari-pinned-tab.svg" rel="mask-icon" color="#000000" /> <link href="/site-media/images/favicons/favicon.ico" rel="shortcut icon" /> <meta name="msapplication-config" content="/site-media/images/favicons/browserconfig.xml" /> <link href="/site-media/images/favicons/favicon.ico" rel="shortcut icon" type="image/x-icon" /> <link href="/site-media/images/favicons/favicon.ico" rel="icon" type="image/x-icon" /> <meta charset="UTF-8"> </head> <body> <header role="banner" title="Site Banner"> <div id="antiClickjack" style="display: none"> <h1>You are viewing this page in an unauthorized frame window.</h1> <p> This is a potential security issue, you are being redirected to <a href="https://nvd.nist.gov">https://nvd.nist.gov</a> </p> </div> <div> <section class="usa-banner" aria-label="Official government website"> <div class="usa-accordion container"> <header class="usa-banner__header"> <noscript> <p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p> </noscript> <img class="usa-banner__header-flag" src="/site-media/images/usbanner/us_flag_small.png" alt="U.S. flag"> &nbsp; <span class="usa-banner__header-text">An official website of the United States government</span> <button id="gov-banner-button" class="usa-accordion__button usa-banner__button" data-toggle="collapse" data-target="#gov-banner" aria-expanded="false" aria-controls="gov-banner"> <span class="usa-banner__button-text">Here's how you know</span> </button> </header> <div class="usa-banner__content usa-accordion__content collapse" role="tabpanel" id="gov-banner" aria-expanded="true"> <div class="row"> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/site-media/images/usbanner/icon-dot-gov.svg" alt="Dot gov"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Official websites use .gov</strong> <br> A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> </div> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/site-media/images/usbanner/icon-https.svg" alt="Https"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Secure .gov websites use HTTPS</strong> <br> A <strong>lock</strong> (<img class="usa-banner__lock" src="/site-media/images/usbanner/lock.svg" alt="Dot gov">) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </div> </section> </div> <div> <div> <nav id="navbar" class="navbar"> <div id="nist-menu-container" class="container"> <div class="row"> <!-- Brand --> <div class="col-xs-6 col-md-4 navbar-header" style="height:104px"> <a class="navbar-brand" href="https://www.nist.gov" target="_blank" rel="noopener noreferrer" id="navbar-brand-image" style="padding-top: 36px"> <img alt="National Institute of Standards and Technology" src="/site-media/images/nist/nist-logo.svg" width="110" height="30"> </a> </div> <div class="col-xs-6 col-md-8 navbar-nist-logo"> <span id="nvd-menu-button" class="pull-right" style="margin-top: 26px"> <a href="#"> <span class="fa fa-bars"></span> <span id="nvd-menu-full-text"><span class="hidden-xxs">NVD </span>MENU</span> </a> </span> </div> </div> </div> <div class="main-menu-row container"> <!-- Collect the nav links, forms, and other content for toggling --> <div id="main-menu-drop" class="col-lg-12" style="display: none;"> <ul> <li><a href="/general"> General <span class="expander fa fa-plus" id="nvd-header-menu-general" data-expander-name="general" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="general"> <div class="row"> <div class="col-lg-4"> <p> <a href="/general/nvd-dashboard">NVD Dashboard</a> </p> <p> <a href="https://www.nist.gov/itl/nvd">News and Status Updates</a> </p> </div> <div class="col-lg-4"> <p> <a href="/general/faq">FAQ</a> </p> </div> <div class="col-lg-4"> <p> <a href="/general/visualizations">Visualizations</a> </p> <p> <a href="/general/legal-disclaimer">Legal Disclaimer</a> </p> </div> </div> </div></li> <li><a href="/vuln"> Vulnerabilities <span class="expander fa fa-plus" id="nvd-header-menu-vulnerabilities" data-expander-name="vulnerabilities" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="vulnerabilities"> <div class="row"> <div class="col-lg-4"> <p> <a href="/vuln/search">Search &amp; Statistics</a> </p> <p> <a href="/vuln/categories">Weakness Types</a> </p> </div> <div class="col-lg-4"> <p> <a href="/vuln/data-feeds">Legacy Data Feeds</a> </p> <p> <a href="/vuln/vendor-comments">Vendor Comments</a> </p> </div> <div class="col-lg-4"> <p> <a href="/vuln/cvmap">CVMAP</a> </p> </div> </div> </div></li> <li><a href="/vuln-metrics/cvss#"> Vulnerability Metrics <span class="expander fa fa-plus" id="nvd-header-menu-metrics" data-expander-name="metrics" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="metrics"> <div class="row"> <div class="col-lg-4"> <p> <a href="/vuln-metrics/cvss/v4-calculator">CVSS v4.0 Calculators</a> </p> </div> <div class="col-lg-4"> <p> <a href="/vuln-metrics/cvss/v3-calculator">CVSS v3.x Calculators</a> </p> </div> <div class="col-lg-4"> <p> <a href="/vuln-metrics/cvss/v2-calculator">CVSS v2.0 Calculator</a> </p> </div> </div> </div></li> <li><a href="/products"> Products <span class="expander fa fa-plus" id="nvd-header-menu-products" data-expander-name="products" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="products"> <div class="row"> <div class="col-lg-4"> <p> <a href="/products/cpe">CPE Dictionary</a> </p> <p> <a href="/products/cpe/search">CPE Search</a> </p> </div> <div class="col-lg-4"> <p> <a href="/products/cpe/statistics">CPE Statistics</a> </p> <p> <a href="/products/swid">SWID</a> </p> </div> <div class="col-lg-4"></div> </div> </div></li> <li> <a href="/developers">Developers<span class="expander fa fa-plus" id="nvd-header-menu-developers" data-expander-name="developers" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="developers"> <div class="row"> <div class="col-lg-4"> <p> <a href="/developers/start-here">Start Here</a> </p> <p> <a href="/developers/request-an-api-key">Request an API Key</a> </p> </div> <div class="col-lg-4"> <p> <a href="/developers/vulnerabilities">Vulnerabilities</a> </p> <p> <a href="/developers/products">Products</a> </p> </div> <div class="col-lg-4"> <p> <a href="/developers/data-sources">Data Sources</a> </p> <p> <a href="/developers/terms-of-use">Terms of Use</a> </p> </div> </div> </div> </li> <li><a href="/contact"> Contact NVD </a></li> <li><a href="/other"> Other Sites <span class="expander fa fa-plus" id="nvd-header-menu-othersites" data-expander-name="otherSites" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="otherSites"> <div class="row"> <div class="col-lg-4"> <p> <a href="https://ncp.nist.gov">Checklist (NCP) Repository</a> </p> <p> <a href="https://ncp.nist.gov/cce">Configurations (CCE)</a> </p> <p> <a href="https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a> </p> </div> <div class="col-lg-4"> <p> <a href="https://csrc.nist.gov/projects/scap-validation-program">SCAP Validated Tools</a> </p> <p> <a href="https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a> </p> </div> <div class="col-lg-4"> <p> <a href="https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a> </p> </div> </div> </div></li> <li><a href="/search"> Search <span class="expander fa fa-plus" id="nvd-header-menu-search" data-expander-name="search" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="search"> <div class="row"> <div class="col-lg-4"> <p> <a href="/vuln/search">Vulnerability Search</a> </p> </div> <div class="col-lg-4"> <p> <a href="/products/cpe/search">CPE Search</a> </p> </div> </div> </div></li> </ul> </div> <!-- /#mobile-nav-container --> </div> </nav> <section id="itl-header" class="has-menu"> <div class="container"> <div class="row"> <div class="col-sm-12 col-md-8"> <h2 class="hidden-xs hidden-sm"> <a href="https://www.nist.gov/itl" target="_blank" rel="noopener noreferrer">Information Technology Laboratory</a> </h2> <h1 class="hidden-xs hidden-sm"> <a id="nvd-header-link" href="/">National Vulnerability Database</a> </h1> <h1 class="hidden-xs text-center hidden-md hidden-lg" >National Vulnerability Database</h1> <h1 class="hidden-sm hidden-md hidden-lg text-center" >NVD</h1> </div> <div class="col-sm-12 col-md-4"> <a style="width: 100%; text-align: center; display: block;padding-top: 14px"> <img id="img-logo-nvd-lg" alt="National Vulnerability Database" src="/site-media/images/F_NIST-Logo-NVD-white.svg" width="500" height="100"> </a> </div> </div> </div> </section> </div> </div> </header> <main> <div> <div id="body-section" class="container"> <div id="page-content" data-ng-app="nvdApp.dashboard"> <script type="text/javascript" src="/site-media/js/angular/angular.min.js"></script> <script type="text/javascript" src="/site-media/js/angular-bootstrap/ui-bootstrap-tpls.js"></script> <script type="text/javascript" src="/site-media/js/nvdApp/nvdApp.module.js"></script> <script type="text/javascript" src="/site-media/js/nvdApp/d3/d3.module.js"></script> <script type="text/javascript" src="/site-media/js/nvdApp/d3/d3.service.js"></script> <script type="text/javascript" src="/site-media/js/nvdApp/d3/d3.pieChart.directive.js"></script> <script type="text/javascript" src="/site-media/js/nvdApp/dashboard/dashboard.module.js"></script> <script type="text/javascript" src="/site-media/js/nvdApp/dashboard/dashboard.service.js"></script> <script type="text/javascript" src="/site-media/js/nvdApp/dashboard/dashboard.cveStatistics.controller.js"></script> <script type="text/javascript" src="/site-media/js/nvdApp/dashboard/dashboard.cvesInProc.controller.js"></script> <script type="text/javascript" src="/site-media/js/nvdApp/dashboard/dashboard.cvssScoreSpread.controller.js"></script> <h2>NVD Dashboard</h2> <div class="row"> <div class="col-lg-7 col-md-12"> <div class="col-lg-12"> <h3>CVEs Received and Processed</h3> <input type="hidden" id="InputRestBasePath" value="/rest/public/dashboard/statistics" name="InputRestBasePath"> <input type="hidden" id="InputScriptsPath" value="/site-media/js/visualizations" name="InputScriptsPath"> <div data-ng-controller="cvesInProcController as vm"> <div class="row" ng-show="vm.loading"> <div class="col-lg-12 dash-overlay" style="height: 255px;"> <div> <h3>CVEs Received and Processed</h3> <h3> <i class="fa fa-spinner fa-spin"></i> Please Wait </h3> </div> </div> </div> <div id="divCvesReceivedAndProcessed" class="row" ng-hide="vm.loading" ng-cloak="ng-cloak"> <div class="col-lg-12"> <table class="table table-striped" id="tableCvesReceivedAndProcessed"> <thead> <tr> <th>Time Period</th> <th>New CVEs Received by NVD</th> <th>New CVEs Analyzed by NVD</th> <th>Modified CVEs Received by NVD</th> <th>Modified CVEs Re-analyzed by NVD</th> </tr> </thead> <tbody> <tr> <th nowrap="nowrap">Today</th> <td ng-repeat="data in vm.countsData.TODAY">{{data.count}}</td> </tr> <tr> <th nowrap="nowrap">This Week</th> <td ng-repeat="data in vm.countsData.THIS_WEEK">{{data.count}}</td> </tr> <tr> <th nowrap="nowrap">This Month</th> <td ng-repeat="data in vm.countsData.THIS_MONTH">{{data.count}}</td> </tr> <tr> <th nowrap="nowrap">Last Month</th> <td ng-repeat="data in vm.countsData.LAST_MONTH">{{data.count}}</td> </tr> <tr> <th nowrap="nowrap">This Year</th> <td ng-repeat="data in vm.countsData.THIS_YEAR">{{data.count}}</td> </tr> </tbody> </table> </div> </div> </div> </div> <div class="col-lg-6 col-md-12"> <div data-ng-controller="cveStatisticsController as vm"> <div class="row" ng-show="vm.loading"> <div class="col-lg-12 dash-overlay" style="height: 255px;"> <div> <h3>CVE Status Count</h3> <h3> <i class="fa fa-spinner fa-spin"></i> Please Wait </h3> </div> </div> </div> <div class="row" ng-hide="vm.loading" ng-cloak="ng-cloak" id="divCveStatusCount"> <div class="col-lg-12"> <h3>CVE Status Count</h3> <table class="table table-striped" id="tableCveStatusCount"> <tbody> <tr ng-repeat="data in vm.countsData | orderBy: 'order'" uib-tooltip="{{data.description}}"> <td>{{data.name}}</td> <td>{{data.count}}</td> </tr> </tbody> </table> </div> </div> </div> </div> <div class="col-lg-6 col-md-12"> <div id="nvdCounts"> <h3>NVD Contains</h3> <table class="table table-striped" id="tableNvdCounts"> <tbody> <tr> <td><a href="https://cve.org" target="_blank" rel="noopener noreferrer">CVE Vulnerabilities</a></td> <td>271338</td> </tr> <tr> <td><a href="https://ncp.nist.gov">Checklists</a></td> <td >805</td> </tr> <tr> <td><a href="https://www.cisa.gov/uscert/ncas/alerts" target="_blank" rel="noopener noreferrer">US-CERT Alerts</a></td> <td>249</td> </tr> <tr> <td><a href="https://www.kb.cert.org/vuls/byupdate/desc/" target="_blank" rel="noopener noreferrer">US-CERT Vuln Notes</a></td> <td >4486</td> </tr> <tr> <td><a href="https://oval.mitre.org/" target="_blank" rel="noopener noreferrer">OVAL Queries</a></td> <td >0</td> </tr> <tr> <td><a href="/products/cpe">CPE Names</a></td> <td >1335203</td> </tr> </tbody> </table> </div> </div> </div> <div class="col-lg-5 col-md-12"> <div data-ng-controller="cvssScoreSpreadController as vm"> <div class="row" ng-show="vm.loading"> <div class="col-lg-12 dash-overlay" style="height: 510px;"> <div> <h3>CVSS Score Spread</h3> <h3><i class="fa fa-spinner fa-spin"></i> Please Wait</h3> </div> </div> </div> <div class="row" ng-hide="vm.loading" ng-cloak="ng-cloak" id="divCvssV3ScoreDist"> <h3> CVSS V3 Score Distribution </h3> <div class="row"> <div class="col-lg-5"> <d3-pie-chart pie-data="vm.cvssV3PieData" pie-complete="vm.v3Complete" height="250" width="250" loading="vm.loading"></d3-pie-chart> </div> <div class="col-lg-7"> <table class="table table-striped" id="tableCvssV3ScoreDist"> <thead> <tr> <th>Severity</th> <th>Number of Vulns</th> </tr> </thead> <tbody> <tr ng-repeat="data in vm.cvssV3PieData | orderBy: 'order'"> <td> <span class="label label-{{data.label}}">{{data.name}}</span> </td> <td>{{data.count}}</td> </tr> </tbody> </table> </div> </div> </div> <br /> <div class="row" ng-hide="vm.loading" ng-cloak="ng-cloak" id="divCvssV2ScoreDist"> <h3>CVSS V2 Score Distribution</h3> <div class="row"> <div class="col-md-5"> <d3-pie-chart pie-data="vm.cvssV2PieData" pie-complete="vm.v2Complete" height="250" width="250" loading="vm.loading"></d3-pie-chart> </div> <div class="col-lg-7"> <table class="table table-striped" id="tableCvssV2ScoreDist"> <thead> <tr> <th>Severity</th> <th>Number of Vulns</th> </tr> </thead> <tbody> <tr ng-repeat="data in vm.cvssV2PieData | orderBy: 'order'"> <td> <span class="label label-{{data.label}}">{{data.name}}</span> </td> <td>{{data.count}}</td> </tr> </tbody> </table> </div> </div> </div> </div> </div> </div><br/> <br/> <span>For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult <a href="https://data.nist.gov/od/id/1E0F15DAAEFB84E4E0531A5706813DD8436"> NIST's Public Data Repository</a>.</span> <br/> <br/> <div> <div class="row"> <div class="col-md-12 col-sm-12"> <div id="vulnResultsPanel"> <!-- Results Panel --> <div id="latestVulnsArea"> <div id="latestVulnsTitleRow" class="row"> <span class="hidden-md col-lg-9"> <strong class="h4Size">Last 20 Scored Vulnerability IDs &amp; Summaries</strong> </span> <span class="hidden-md col-lg-3"> <strong class="h4Size">CVSS Severity </strong> </span> </div> <ul id="latestVulns"> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-10965" id="cveDetailAnchor-0">CVE-2024-10965</a></strong> - A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclo... <a href="/vuln/detail/CVE-2024-10965#vulnDescriptionTitle">read CVE-2024-10965</a><br> <strong>Published:</strong> November 07, 2024; 12:15:06 PM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-0"> <span id="cvss3-link-0"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-10965&amp;vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N&amp;version=3.1&amp;source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-0" aria-label="V3 score for CVE-2024-10965">6.5 MEDIUM</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-11026" id="cveDetailAnchor-1">CVE-2024-11026</a></strong> - A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore Handler... <a href="/vuln/detail/CVE-2024-11026#vulnDescriptionTitle">read CVE-2024-11026</a><br> <strong>Published:</strong> November 08, 2024; 5:15:14 PM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-1"> <span id="cvss3-link-1"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-11026&amp;vector=AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N&amp;version=3.1&amp;source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-1" aria-label="V3 score for CVE-2024-11026">7.4 HIGH</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-11049" id="cveDetailAnchor-2">CVE-2024-11049</a></strong> - A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to la... <a href="/vuln/detail/CVE-2024-11049#vulnDescriptionTitle">read CVE-2024-11049</a><br> <strong>Published:</strong> November 10, 2024; 1:15:03 AM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-2"> <span id="cvss3-link-2"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-11049&amp;vector=AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N&amp;version=3.1&amp;source=NIST" class="label label-low" data-testid="vuln-cvss3-link-2" aria-label="V3 score for CVE-2024-11049">3.7 LOW</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-11050" id="cveDetailAnchor-3">CVE-2024-11050</a></strong> - A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName l... <a href="/vuln/detail/CVE-2024-11050#vulnDescriptionTitle">read CVE-2024-11050</a><br> <strong>Published:</strong> November 10, 2024; 2:15:03 AM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-3"> <span id="cvss3-link-3"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-11050&amp;vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N&amp;version=3.1&amp;source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-3" aria-label="V3 score for CVE-2024-11050">5.4 MEDIUM</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-11070" id="cveDetailAnchor-4">CVE-2024-11070</a></strong> - A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument... <a href="/vuln/detail/CVE-2024-11070#vulnDescriptionTitle">read CVE-2024-11070</a><br> <strong>Published:</strong> November 11, 2024; 10:15:04 AM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-4"> <span id="cvss3-link-4"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-11070&amp;vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N&amp;version=3.1&amp;source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-4" aria-label="V3 score for CVE-2024-11070">5.4 MEDIUM</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-11078" id="cveDetailAnchor-5">CVE-2024-11078</a></strong> - A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e leads to cross site scripti... <a href="/vuln/detail/CVE-2024-11078#vulnDescriptionTitle">read CVE-2024-11078</a><br> <strong>Published:</strong> November 11, 2024; 3:15:17 PM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-5"> <span id="cvss3-link-5"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-11078&amp;vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N&amp;version=3.1&amp;source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-5" aria-label="V3 score for CVE-2024-11078">5.4 MEDIUM</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-11096" id="cveDetailAnchor-6">CVE-2024-11096</a></strong> - A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. This affects an unknown part of the file /newProject.php. The manipulation of the argument projectName leads to sql injection. It is possible to initia... <a href="/vuln/detail/CVE-2024-11096#vulnDescriptionTitle">read CVE-2024-11096</a><br> <strong>Published:</strong> November 11, 2024; 8:15:03 PM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-6"> <span id="cvss3-link-6"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-11096&amp;vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N&amp;version=3.1&amp;source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-6" aria-label="V3 score for CVE-2024-11096">6.5 MEDIUM</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-11485" id="cveDetailAnchor-7">CVE-2024-11485</a></strong> - A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Affected by this issue is some unknown functionality of the file /decoration/admin/userregister.php of the component User Handler. Th... <a href="/vuln/detail/CVE-2024-11485#vulnDescriptionTitle">read CVE-2024-11485</a><br> <strong>Published:</strong> November 20, 2024; 11:15:19 AM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-7"> <span id="cvss3-link-7"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-11485&amp;vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N&amp;version=3.1&amp;source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-7" aria-label="V3 score for CVE-2024-11485">8.1 HIGH</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-11484" id="cveDetailAnchor-8">CVE-2024-11484</a></strong> - A vulnerability classified as critical was found in Code4Berry Decoration Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /decoration/admin/update_image.php of the component User Image Handler. The man... <a href="/vuln/detail/CVE-2024-11484#vulnDescriptionTitle">read CVE-2024-11484</a><br> <strong>Published:</strong> November 20, 2024; 11:15:19 AM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-8"> <span id="cvss3-link-8"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-11484&amp;vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-8" aria-label="V3 score for CVE-2024-11484">8.8 HIGH</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-51208" id="cveDetailAnchor-9">CVE-2024-51208</a></strong> - File Upload vulnerability in change-image.php in Anuj Kumar&#39;s Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter. <br> <strong>Published:</strong> November 20, 2024; 10:15:08 AM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-9"> <span id="cvss3-link-9"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-51208&amp;vector=AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-9" aria-label="V3 score for CVE-2024-51208">7.2 HIGH</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-10872" id="cveDetailAnchor-10">CVE-2024-10872</a></strong> - The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. Thi... <a href="/vuln/detail/CVE-2024-10872#vulnDescriptionTitle">read CVE-2024-10872</a><br> <strong>Published:</strong> November 20, 2024; 6:15:04 AM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-10"> <span id="cvss3-link-10"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-10872&amp;vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N&amp;version=3.1&amp;source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-10" aria-label="V3 score for CVE-2024-10872">5.4 MEDIUM</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2018-9412" id="cveDetailAnchor-11">CVE-2018-9412</a></strong> - In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation. <br> <strong>Published:</strong> November 19, 2024; 5:15:18 PM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-11"> <span id="cvss3-link-11"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2018-9412&amp;vector=AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H&amp;version=3.1&amp;source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-11" aria-label="V3 score for CVE-2018-9412">5.5 MEDIUM</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-6687" id="cveDetailAnchor-12">CVE-2024-6687</a></strong> - The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible ... <a href="/vuln/detail/CVE-2024-6687#vulnDescriptionTitle">read CVE-2024-6687</a><br> <strong>Published:</strong> July 31, 2024; 10:15:02 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-12"> <span id="cvss3-link-12"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-6687&amp;vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&amp;version=3.1&amp;source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-12" aria-label="V3 score for CVE-2024-6687">7.5 HIGH</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-6698" id="cveDetailAnchor-13">CVE-2024-6698</a></strong> - The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible... <a href="/vuln/detail/CVE-2024-6698#vulnDescriptionTitle">read CVE-2024-6698</a><br> <strong>Published:</strong> August 01, 2024; 12:15:04 AM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-13"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-5924" id="cveDetailAnchor-14">CVE-2024-5924</a></strong> - Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploi... <a href="/vuln/detail/CVE-2024-5924#vulnDescriptionTitle">read CVE-2024-5924</a><br> <strong>Published:</strong> June 13, 2024; 4:15:16 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-14"> <span id="cvss3-link-14"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-5924&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-14" aria-label="V3 score for CVE-2024-5924">8.8 HIGH</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2018-9411" id="cveDetailAnchor-15">CVE-2018-9411</a></strong> - In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. <br> <strong>Published:</strong> November 19, 2024; 5:15:18 PM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-15"> <span id="cvss3-link-15"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2018-9411&amp;vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&amp;version=3.1&amp;source=NIST" class="label label-danger" data-testid="vuln-cvss3-link-15" aria-label="V3 score for CVE-2018-9411">8.8 HIGH</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2018-9410" id="cveDetailAnchor-16">CVE-2018-9410</a></strong> - In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. <br> <strong>Published:</strong> November 19, 2024; 4:15:05 PM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-16"> <span id="cvss3-link-16"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2018-9410&amp;vector=AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N&amp;version=3.1&amp;source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-16" aria-label="V3 score for CVE-2018-9410">5.5 MEDIUM</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-53069" id="cveDetailAnchor-17">CVE-2024-53069</a></strong> - In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: fix a NULL-pointer dereference Some SCM calls can be invoked with __scm being NULL (the driver may not have been and will not be probed as there&#39;s no SCM en... <a href="/vuln/detail/CVE-2024-53069#vulnDescriptionTitle">read CVE-2024-53069</a><br> <strong>Published:</strong> November 19, 2024; 1:15:26 PM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-17"> <span id="cvss3-link-17"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-53069&amp;vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H&amp;version=3.1&amp;source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-17" aria-label="V3 score for CVE-2024-53069">5.5 MEDIUM</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-53076" id="cveDetailAnchor-18">CVE-2024-53076</a></strong> - In the Linux kernel, the following vulnerability has been resolved: iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() If per_time_scales[i] or per_time_gains[i] kcalloc fails in the for loop of iio_gts_bui... <a href="/vuln/detail/CVE-2024-53076#vulnDescriptionTitle">read CVE-2024-53076</a><br> <strong>Published:</strong> November 19, 2024; 1:15:27 PM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-18"> <span id="cvss3-link-18"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-53076&amp;vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H&amp;version=3.1&amp;source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-18" aria-label="V3 score for CVE-2024-53076">5.5 MEDIUM</a><br /> </span> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2024-53043" id="cveDetailAnchor-19">CVE-2024-53043</a></strong> - In the Linux kernel, the following vulnerability has been resolved: mctp i2c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet should be dropped. saddr will usually be set by ... <a href="/vuln/detail/CVE-2024-53043#vulnDescriptionTitle">read CVE-2024-53043</a><br> <strong>Published:</strong> November 19, 2024; 1:15:24 PM -0500 </p> </div> <div class="col-lg-3"> <p id="severity-score-19"> <span id="cvss3-link-19"> <em>V3.1:</em> <a href="/vuln-metrics/cvss/v3-calculator?name=CVE-2024-53043&amp;vector=AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H&amp;version=3.1&amp;source=NIST" class="label label-warning" data-testid="vuln-cvss3-link-19" aria-label="V3 score for CVE-2024-53043">5.5 MEDIUM</a><br /> </span> </p> </div> </li> </ul> </div> </div> </div> </div> </div> </div> </div> </div> </main> <footer id="footer" role="contentinfo"> <div class="container"> <div class="row"> <div class="col-sm-12"> <ul class="social-list pull-right"> <li class="field-item service-twitter list-horiz"><a href="https://twitter.com/NISTCyber" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a></li> <li class="field-item service-facebook list-horiz"><a href="https://www.facebook.com/NIST" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-linkedin list-horiz"><a href="https://www.linkedin.com/company/nist" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-youtube list-horiz"><a href="https://www.youtube.com/user/USNISTGOV" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-rss list-horiz"><a href="https://www.nist.gov/news-events/nist-rss-feeds" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink"> <i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i> </a></li> <li class="field-item service-govdelivery list-horiz last"><a href="https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-envelope fa-fw"><span class="element-invisible">govdelivery</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a></li> </ul> <span class="hidden-xs"> <a title="National Institute of Standards and Technology" rel="home" class="footer-nist-logo"> <img src="/site-media/images/nist/nist-logo.png" alt="National Institute of Standards and Technology logo" /> </a> </span> </div> </div> <div class="row hidden-sm hidden-md hidden-lg"> <div class="col-sm-12"> <a href="https://www.nist.gov" title="National Institute of Standards and Technology" rel="home" target="_blank" rel="noopener noreferrer" class="footer-nist-logo"> <img src="/site-media/images/nist/nist-logo.png" alt="National Institute of Standards and Technology logo" /> </a> </div> </div> <div class="row footer-contact-container"> <div class="col-sm-6"> <strong>HEADQUARTERS</strong> <br> 100 Bureau Drive <br> Gaithersburg, MD 20899 <br> <a href="tel:301-975-2000">(301) 975-2000</a> <br> <br> <a href="mailto:nvd@nist.gov">Webmaster</a> | <a href="https://www.nist.gov/about-nist/contact-us">Contact Us</a> | <a href="https://www.nist.gov/about-nist/visit" style="display: inline-block;">Our Other Offices</a> </div> <div class="col-sm-6"> <div class="pull-right" style="text-align:right"> <strong>Incident Response Assistance and Non-NVD Related<br>Technical Cyber Security Questions:</strong> <br> US-CERT Security Operations Center <br> Email: <a href="mailto:soc@us-cert.gov">soc@us-cert.gov</a> <br> Phone: 1-888-282-0870 </div> </div> </div> <div class="row"> <nav title="Footer Navigation" role="navigation" class="row footer-bottom-links-container"> <!-- https://github.com/usnistgov/nist-header-footer/blob/nist-pages/boilerplate-footer.html --> <p> <a href="https://www.nist.gov/oism/site-privacy">Site Privacy</a> | <a href="https://www.nist.gov/oism/accessibility">Accessibility</a> | <a href="https://www.nist.gov/privacy">Privacy Program</a> | <a href="https://www.nist.gov/oism/copyrights">Copyrights</a> | <a href="https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a> | <a href="https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a> | <a href="https://www.nist.gov/foia">FOIA</a> | <a href="https://www.nist.gov/environmental-policy-statement">Environmental Policy</a> | <a href="https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a> | <a href="https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a> | <a href="https://www.commerce.gov/">Commerce.gov</a> | <a href="https://www.science.gov/">Science.gov</a> | <a href="https://www.usa.gov/">USA.gov</a> </p> </nav> </div> </div> </footer> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10