| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-26000 | PHOENIX CONTACT: Out of bounds read only memory access | | |
| CVE-2024-26001 | PHOENIX CONTACT: Out of bounds write only memory access | | |
| CVE-2024-26002 | PHOENIX CONTACT: File ownership manipulation in CHARX Series | | |
| CVE-2024-26003 | PHOENIX CONTACT: DoS of the control agent in CHARX Series | | |
| CVE-2024-26004 | PHOENIX CONTACT: DoS of a control agent due to access of a uninitialized pointer in CHARX Series | | |
| CVE-2024-26005 | PHOENIX CONTACT: Privilege gain through incomplete cleanup in CHARX Series | | |
| CVE-2024-26006 | An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS ver... | S | |
| CVE-2024-26007 | An improper check or handling of exceptional conditions vulnerability [CWE-703] in Fortinet FortiOS ... | S | |
| CVE-2024-26010 | A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through... | S | |
| CVE-2024-26011 | A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2,... | S | |
| CVE-2024-26012 | A improper neutralization of special elements used in an os command ('os command injection') in Fort... | S | |
| CVE-2024-26013 | A improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in For... | S | |
| CVE-2024-26014 | Rejected reason: Not used... | R | |
| CVE-2024-26015 | An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy versio... | S | |
| CVE-2024-26016 | Apache Superset: Improper authorization validation on dashboards and charts import | | |
| CVE-2024-26017 | Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may all... | | |
| CVE-2024-26018 | Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on t... | | |
| CVE-2024-26019 | Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If th... | | |
| CVE-2024-26020 | An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04.... | E | |
| CVE-2024-26021 | Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability ma... | | |
| CVE-2024-26022 | Improper access control in some Intel(R) UEFI Integrator Tools on Aptio V for Intel(R) NUC may allow... | | |
| CVE-2024-26023 | OS command injection vulnerability in BUFFALO wireless LAN routers allows a logged-in user to execut... | | |
| CVE-2024-26024 | SUBNET Substation Server Reliance on Insufficiently Trustworthy Component | S | |
| CVE-2024-26025 | Incorrect default permissions for some Intel(R) Advisor software before version 2024.1 may allow an ... | | |
| CVE-2024-26026 | BIG-IP Central Manager SQL Injection | | |
| CVE-2024-26027 | Uncontrolled search path for some Intel(R) Simics Package Manager software before version 1.8.3 may ... | | |
| CVE-2024-26028 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26029 | Adobe Experience Manager | Improper Access Control (CWE-284) | | |
| CVE-2024-26030 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26031 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26032 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26033 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26034 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26035 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26036 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26037 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26038 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26039 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26040 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26041 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26042 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26043 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26044 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26045 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26046 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | S | |
| CVE-2024-26047 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | S | |
| CVE-2024-26049 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26050 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26051 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26052 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26053 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26054 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26055 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26056 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26057 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26058 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26059 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26060 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26061 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26062 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26063 | Adobe Experience Manager | Information Exposure (CWE-200) | | |
| CVE-2024-26064 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26065 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26066 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26067 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26068 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26069 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26070 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26071 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26072 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26073 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26074 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26075 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26076 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | S | |
| CVE-2024-26077 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26078 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26079 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | S | |
| CVE-2024-26080 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26081 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26082 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26083 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26084 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | S | |
| CVE-2024-26085 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26086 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26087 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26088 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26089 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26090 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26091 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-26092 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26093 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26094 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26095 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26096 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26097 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26098 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | S | |
| CVE-2024-26101 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26102 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26103 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26104 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26105 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26106 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26107 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26110 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26111 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26113 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26114 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26115 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26116 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26117 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26118 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-26119 | Adobe Experience Manager | Information Exposure (CWE-200) | | |
| CVE-2024-26120 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26121 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26122 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26123 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26124 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26125 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-26126 | Adobe Experience Manager | Improper Input Validation (CWE-20) | | |
| CVE-2024-26127 | Adobe Experience Manager | Improper Input Validation (CWE-20) | | |
| CVE-2024-26128 | baserCMS Cross-site Scripting vulnerability in Content Management | S | |
| CVE-2024-26129 | Prestashop vulnerable to path disclosure in JavaScript variable | S | |
| CVE-2024-26130 | cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override | S | |
| CVE-2024-26131 | Element Android Intent Redirection | S | |
| CVE-2024-26132 | Element Android can be asked to share internal files. | S | |
| CVE-2024-26133 | EventStoreDB Projections Subsystem has potential password leak | S | |
| CVE-2024-26134 | CBOR2 decoder has potential buffer overflow | E S | |
| CVE-2024-26135 | MeshCentral cross-site websocket hijacking (CSWSH) vulnerability | E S | |
| CVE-2024-26136 | kedi ElectronCord's Discord Token is public | S | |
| CVE-2024-26138 | License information is public, exposing instance id and license holder details | S | |
| CVE-2024-26139 | OpenCTI Authenticated Privilege Escalation | | |
| CVE-2024-26140 | com.yetanalytics/lrs has Cross-site Scripting Vulnerability in Statement Browser | S | |
| CVE-2024-26141 | Possible DoS Vulnerability with Range Header in Rack | E S | |
| CVE-2024-26142 | Rails possible ReDoS vulnerability in Accept header parsing in Action Dispatch | S | |
| CVE-2024-26143 | Rails Possible XSS Vulnerability in Action Controller | E S | |
| CVE-2024-26144 | Possible Sensitive Session Information Leak in Active Storage | S | |
| CVE-2024-26145 | Uninvited user is able to join and mark the attendance of the the private event | S | |
| CVE-2024-26146 | Possible Denial of Service Vulnerability in Rack Header Parsing | S | |
| CVE-2024-26147 | Helm's Missing YAML Content Leads To Panic | S | |
| CVE-2024-26148 | Querybook's Stored Cross-Site Scripting vulnerability allows Privilege Elevation | S | |
| CVE-2024-26149 | Vyper _abi_decode Memory Overflow | E S | |
| CVE-2024-26150 | `@backstage/backend-common` vulnerable to path traversal through symlinks | S | |
| CVE-2024-26151 | Potentially untrusted input is rendered as HTML in final output | E S | |
| CVE-2024-26152 | Label Studio vulnerable to Cross-site Scripting if ` | E S | |
| CVE-2024-26153 | ETIC Telecom Remote Access Server (RAS) Cross-Site Request Forgery | S | |
| CVE-2024-26154 | ETIC Telecom Remote Access Server (RAS) Cross-site Scripting | S | |
| CVE-2024-26155 | ETIC Telecom Remote Access Server (RAS) Cleartext Transmission of Sensitive Information | S | |
| CVE-2024-26156 | ETIC Telecom Remote Access Server (RAS) Cross-site Scripting | S | |
| CVE-2024-26157 | ETIC Telecom Remote Access Server (RAS) Cross-site Scripting | S | |
| CVE-2024-26158 | Microsoft Install Service Elevation of Privilege Vulnerability | | |
| CVE-2024-26159 | Microsoft ODBC Driver Remote Code Execution Vulnerability | | |
| CVE-2024-26160 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | | |
| CVE-2024-26161 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-26162 | Microsoft ODBC Driver Remote Code Execution Vulnerability | | |
| CVE-2024-26163 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | S | |
| CVE-2024-26164 | Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-26165 | Visual Studio Code Elevation of Privilege Vulnerability | | |
| CVE-2024-26166 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-26167 | Microsoft Edge for Android Spoofing Vulnerability | S | |
| CVE-2024-26168 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-26169 | Windows Error Reporting Service Elevation of Privilege Vulnerability | KEV S | |
| CVE-2024-26170 | Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | | |
| CVE-2024-26171 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-26172 | Windows DWM Core Library Information Disclosure Vulnerability | | |
| CVE-2024-26173 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2024-26174 | Windows Kernel Information Disclosure Vulnerability | | |
| CVE-2024-26175 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-26176 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2024-26177 | Windows Kernel Information Disclosure Vulnerability | | |
| CVE-2024-26178 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2024-26179 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2024-26180 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-26181 | Windows Kernel Denial of Service Vulnerability | | |
| CVE-2024-26182 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2024-26183 | Windows Kerberos Denial of Service Vulnerability | | |
| CVE-2024-26184 | Secure Boot Security Feature Bypass Vulnerability | S | |
| CVE-2024-26185 | Windows Compressed Folder Tampering Vulnerability | | |
| CVE-2024-26186 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | S | |
| CVE-2024-26188 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | S | |
| CVE-2024-26189 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-26190 | Microsoft QUIC Denial of Service Vulnerability | | |
| CVE-2024-26191 | Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability | S | |
| CVE-2024-26192 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | S | |
| CVE-2024-26193 | Azure Migrate Remote Code Execution Vulnerability | | |
| CVE-2024-26194 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-26195 | DHCP Server Service Remote Code Execution Vulnerability | | |
| CVE-2024-26196 | Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | S | |
| CVE-2024-26197 | Windows Standards-Based Storage Management Service Denial of Service Vulnerability | | |
| CVE-2024-26198 | Microsoft Exchange Server Remote Code Execution Vulnerability | | |
| CVE-2024-26199 | Microsoft Office Elevation of Privilege Vulnerability | | |
| CVE-2024-26200 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2024-26201 | Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | | |
| CVE-2024-26202 | DHCP Server Service Remote Code Execution Vulnerability | | |
| CVE-2024-26203 | Azure Data Studio Elevation of Privilege Vulnerability | | |
| CVE-2024-26204 | Outlook for Android Information Disclosure Vulnerability | | |
| CVE-2024-26205 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | | |
| CVE-2024-26207 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | | |
| CVE-2024-26208 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | | |
| CVE-2024-26209 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | | |
| CVE-2024-26210 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-26211 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | | |
| CVE-2024-26212 | DHCP Server Service Denial of Service Vulnerability | | |
| CVE-2024-26213 | Microsoft Brokering File System Elevation of Privilege Vulnerability | | |
| CVE-2024-26214 | Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability | | |
| CVE-2024-26215 | DHCP Server Service Denial of Service Vulnerability | | |
| CVE-2024-26216 | Windows File Server Resource Management Service Elevation of Privilege Vulnerability | | |
| CVE-2024-26217 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | | |
| CVE-2024-26218 | Windows Kernel Elevation of Privilege Vulnerability | | |
| CVE-2024-26219 | HTTP.sys Denial of Service Vulnerability | | |
| CVE-2024-26220 | Windows Mobile Hotspot Information Disclosure Vulnerability | | |
| CVE-2024-26221 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2024-26222 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2024-26223 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2024-26224 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2024-26226 | Windows Distributed File System (DFS) Information Disclosure Vulnerability | | |
| CVE-2024-26227 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2024-26228 | Windows Cryptographic Services Security Feature Bypass Vulnerability | | |
| CVE-2024-26229 | Windows CSC Service Elevation of Privilege Vulnerability | | |
| CVE-2024-26230 | Windows Telephony Server Elevation of Privilege Vulnerability | | |
| CVE-2024-26231 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2024-26232 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | | |
| CVE-2024-26233 | Windows DNS Server Remote Code Execution Vulnerability | | |
| CVE-2024-26234 | Proxy Driver Spoofing Vulnerability | | |
| CVE-2024-26235 | Windows Update Stack Elevation of Privilege Vulnerability | | |
| CVE-2024-26236 | Windows Update Stack Elevation of Privilege Vulnerability | | |
| CVE-2024-26237 | Windows Defender Credential Guard Elevation of Privilege Vulnerability | | |
| CVE-2024-26238 | Microsoft PLUGScheduler Scheduled Task Elevation of Privilege Vulnerability | | |
| CVE-2024-26239 | Windows Telephony Server Elevation of Privilege Vulnerability | | |
| CVE-2024-26240 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-26241 | Win32k Elevation of Privilege Vulnerability | | |
| CVE-2024-26242 | Windows Telephony Server Elevation of Privilege Vulnerability | | |
| CVE-2024-26243 | Windows USB Print Driver Elevation of Privilege Vulnerability | | |
| CVE-2024-26244 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | | |
| CVE-2024-26245 | Windows SMB Elevation of Privilege Vulnerability | | |
| CVE-2024-26246 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | S | |
| CVE-2024-26247 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | S | |
| CVE-2024-26248 | Windows Kerberos Elevation of Privilege Vulnerability | | |
| CVE-2024-26250 | Secure Boot Security Feature Bypass Vulnerability | | |
| CVE-2024-26251 | Microsoft SharePoint Server Spoofing Vulnerability | | |
| CVE-2024-26252 | Windows rndismp6.sys Remote Code Execution Vulnerability | | |
| CVE-2024-26253 | Windows rndismp6.sys Remote Code Execution Vulnerability | | |
| CVE-2024-26254 | Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability | | |
| CVE-2024-26255 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | | |
| CVE-2024-26256 | Libarchive Remote Code Execution Vulnerability | S | |
| CVE-2024-26257 | Microsoft Excel Remote Code Execution Vulnerability | | |
| CVE-2024-26258 | OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker... | | |
| CVE-2024-26260 | Hgiga OAKlouds - Command Injection | S | |
| CVE-2024-26261 | Hgiga OAKlouds - Arbitrary File Read And Delete | S | |
| CVE-2024-26262 | EBM Technologies Uniweb/SoliPACS WebServer - SQL Injection | S | |
| CVE-2024-26263 | EBM Technologies RISWEB - Improper Access Control | S | |
| CVE-2024-26264 | EBM Technologies RISWEB - SQL Injection | S | |
| CVE-2024-26265 | The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, ... | | |
| CVE-2024-26266 | Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13,... | | |
| CVE-2024-26267 | In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before... | | |
| CVE-2024-26268 | User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versi... | | |
| CVE-2024-26269 | Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.... | | |
| CVE-2024-26270 | The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 befor... | | |
| CVE-2024-26271 | Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 ... | | |
| CVE-2024-26272 | Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 t... | | |
| CVE-2024-26273 | Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 t... | | |
| CVE-2024-26275 | A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versi... | | |
| CVE-2024-26276 | A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versi... | | |
| CVE-2024-26277 | A vulnerability has been identified in JT2Go (All versions < V2312.0004), Parasolid V35.1 (All versi... | | |
| CVE-2024-26278 | [20240705] - Core - XSS in com_fields default field value | | |
| CVE-2024-26279 | [20240704] - Core - XSS in Wrapper extensions | | |
| CVE-2024-26280 | Apache Airflow: Overly broad default permissions for Viewer/Ops (audit logs) | S | |
| CVE-2024-26281 | Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorize... | | |
| CVE-2024-26282 | Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened... | | |
| CVE-2024-26283 | An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when... | | |
| CVE-2024-26284 | Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) o... | E | |
| CVE-2024-26287 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26288 | PHOENIX CONTACT: Lack of SSL support in CHARX Series | | |
| CVE-2024-26289 | Remote Code Inclusion Vulnerability in Multiple PMB Versions | | |
| CVE-2024-26290 | Authenticated Remote Command Injection affecting Avid NEXIS | | |
| CVE-2024-26294 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti... | | |
| CVE-2024-26295 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti... | | |
| CVE-2024-26296 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti... | | |
| CVE-2024-26297 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti... | | |
| CVE-2024-26298 | Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenti... | | |
| CVE-2024-26299 | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an aut... | | |
| CVE-2024-26300 | A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remo... | | |
| CVE-2024-26301 | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remo... | | |
| CVE-2024-26302 | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remo... | | |
| CVE-2024-26303 | Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon ... | | |
| CVE-2024-26304 | There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead ... | | |
| CVE-2024-26305 | There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthe... | | |
| CVE-2024-26306 | iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows ... | | |
| CVE-2024-26307 | Apache Doris: Possible race condition | | |
| CVE-2024-26308 | Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file | | |
| CVE-2024-26309 | Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vuln... | | |
| CVE-2024-26310 | Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A r... | | |
| CVE-2024-26311 | Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote... | | |
| CVE-2024-26312 | Archer Platform 6 before 2024.03 contains a sensitive information disclosure vulnerability. An authe... | | |
| CVE-2024-26313 | Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vul... | | |
| CVE-2024-26314 | Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to esca... | | |
| CVE-2024-26317 | In illumos illumos-gate 2024-02-15, an error occurs in the elliptic curve point addition algorithm t... | | |
| CVE-2024-26318 | Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do... | | |
| CVE-2024-26327 | An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles ... | S | |
| CVE-2024-26328 | An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not se... | | |
| CVE-2024-26329 | Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG in C... | | |
| CVE-2024-26330 | An issue was discovered in Kape CyberGhostVPN 8.4.3.12823 on Windows. After a successful logout, use... | | |
| CVE-2024-26331 | ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, b... | | |
| CVE-2024-26333 | swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at sw... | E | |
| CVE-2024-26334 | swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFAction... | E | |
| CVE-2024-26335 | swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at sw... | E | |
| CVE-2024-26337 | swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftoo... | E | |
| CVE-2024-26339 | swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x4... | E | |
| CVE-2024-26342 | A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers... | E | |
| CVE-2024-26349 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /c... | E | |
| CVE-2024-26350 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /c... | E | |
| CVE-2024-26351 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /c... | | |
| CVE-2024-26352 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /c... | E | |
| CVE-2024-26362 | HTML injection vulnerability in Enpass Password Manager Desktop Client 6.9.2 for Windows and Linux a... | | |
| CVE-2024-26367 | Cross Site Scripting vulnerability in Evertz microsystems MViP-II Firmware 8.6.5, XPS-EDGE-* Build 1... | | |
| CVE-2024-26369 | An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to... | | |
| CVE-2024-26445 | flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /c... | E | |
| CVE-2024-26450 | An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application... | | |
| CVE-2024-26454 | A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can occur via a crafted p... | | |
| CVE-2024-26455 | fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/caly... | E | |
| CVE-2024-26458 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.... | E | |
| CVE-2024-26461 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sea... | E | |
| CVE-2024-26462 | Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.... | E | |
| CVE-2024-26464 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-26465 | A DOM based cross-site scripting (XSS) vulnerability in the component /beep/Beep.Instrument.js of st... | | |
| CVE-2024-26466 | A DOM based cross-site scripting (XSS) vulnerability in the component /dom/ranges/Range-test-iframe.... | | |
| CVE-2024-26467 | A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/ra... | | |
| CVE-2024-26468 | A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages... | | |
| CVE-2024-26469 | Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) ... | | |
| CVE-2024-26470 | A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boil... | E | |
| CVE-2024-26471 | A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to in... | | |
| CVE-2024-26472 | KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vuln... | | |
| CVE-2024-26473 | A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers t... | | |
| CVE-2024-26475 | An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker t... | E S | |
| CVE-2024-26476 | An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted sc... | E | |
| CVE-2024-26481 | Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter.... | E | |
| CVE-2024-26482 | An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: ... | | |
| CVE-2024-26483 | An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attack... | E | |
| CVE-2024-26484 | A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.... | | |
| CVE-2024-26489 | A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of fl... | E | |
| CVE-2024-26490 | A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows... | E | |
| CVE-2024-26491 | A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' ... | E | |
| CVE-2024-26492 | An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of ... | E | |
| CVE-2024-26495 | Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote atta... | E | |
| CVE-2024-26503 | Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier ... | | |
| CVE-2024-26504 | An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted p... | | |
| CVE-2024-26507 | An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6... | | |
| CVE-2024-26517 | SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain sensitiv... | | |
| CVE-2024-26519 | An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arb... | | |
| CVE-2024-26520 | An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Mana... | | |
| CVE-2024-26521 | HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute ... | | |
| CVE-2024-26529 | An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial... | | |
| CVE-2024-26540 | A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg... | | |
| CVE-2024-26542 | Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7... | | |
| CVE-2024-26548 | An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrar... | | |
| CVE-2024-26557 | Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter.... | E | |
| CVE-2024-26559 | An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information.... | E | |
| CVE-2024-26566 | An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the pass... | | |
| CVE-2024-26574 | Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execu... | | |
| CVE-2024-26577 | VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a s... | | |
| CVE-2024-26578 | Apache Answer: Repeated submission at registration created duplicate users with the same name | | |
| CVE-2024-26579 | Apache Inlong JDBC Vulnerability | | |
| CVE-2024-26580 | Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability | | |
| CVE-2024-26581 | netfilter: nft_set_rbtree: skip end interval element from gc | S | |
| CVE-2024-26582 | net: tls: fix use-after-free with partial reads and async decrypt | S | |
| CVE-2024-26583 | tls: fix race between async notify and socket close | S | |
| CVE-2024-26584 | net: tls: handle backlogging of crypto requests | S | |
| CVE-2024-26585 | tls: fix race between tx work scheduling and socket close | S | |
| CVE-2024-26586 | mlxsw: spectrum_acl_tcam: Fix stack corruption | S | |
| CVE-2024-26587 | net: netdevsim: don't try to destroy PHC on VFs | S | |
| CVE-2024-26588 | LoongArch: BPF: Prevent out-of-bounds memory access | S | |
| CVE-2024-26589 | bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS | S | |
| CVE-2024-26590 | erofs: fix inconsistent per-file compression format | S | |
| CVE-2024-26591 | bpf: Fix re-attachment branch in bpf_tracing_prog_attach | S | |
| CVE-2024-26592 | ksmbd: fix UAF issue in ksmbd_tcp_new_connection() | S | |
| CVE-2024-26593 | i2c: i801: Fix block process call transactions | S | |
| CVE-2024-26594 | ksmbd: validate mech token in session setup | S | |
| CVE-2024-26595 | mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path | S | |
| CVE-2024-26596 | net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events | S | |
| CVE-2024-26597 | net: qualcomm: rmnet: fix global oob in rmnet_policy | S | |
| CVE-2024-26598 | KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache | S | |
| CVE-2024-26599 | pwm: Fix out-of-bounds access in of_pwm_single_xlate() | S | |
| CVE-2024-26600 | phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP | S | |
| CVE-2024-26601 | ext4: regenerate buddy after block freeing failed if under fc replay | S | |
| CVE-2024-26602 | sched/membarrier: reduce the ability to hammer on sys_membarrier | S | |
| CVE-2024-26603 | x86/fpu: Stop relying on userspace for info to fault in xsave buffer | S | |
| CVE-2024-26604 | Revert "kobject: Remove redundant checks for whether ktype is NULL" | S | |
| CVE-2024-26605 | PCI/ASPM: Fix deadlock when enabling ASPM | S | |
| CVE-2024-26606 | binder: signal epoll threads of self-work | S | |
| CVE-2024-26607 | drm/bridge: sii902x: Fix probing race issue | S | |
| CVE-2024-26608 | ksmbd: fix global oob in ksmbd_nl_policy | S | |
| CVE-2024-26609 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26610 | wifi: iwlwifi: fix a memory corruption | S | |
| CVE-2024-26611 | xsk: fix usage of multi-buffer BPF helpers for ZC XDP | S | |
| CVE-2024-26612 | netfs, fscache: Prevent Oops in fscache_put_cache() | S | |
| CVE-2024-26613 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26614 | tcp: make sure init the accept_queue's spinlocks once | S | |
| CVE-2024-26615 | net/smc: fix illegal rmb_desc access in SMC-D connection dump | S | |
| CVE-2024-26616 | btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned | S | |
| CVE-2024-26617 | fs/proc/task_mmu: move mmu notification mechanism inside mm lock | S | |
| CVE-2024-26618 | arm64/sme: Always exit sme_alloc() early with existing storage | S | |
| CVE-2024-26619 | riscv: Fix module loading free order | S | |
| CVE-2024-26620 | s390/vfio-ap: always filter entire AP matrix | S | |
| CVE-2024-26621 | mm: huge_memory: don't force huge page alignment on 32 bit | S | |
| CVE-2024-26622 | tomoyo: fix UAF write bug in tomoyo_write_control() | S | |
| CVE-2024-26623 | pds_core: Prevent race issues involving the adminq | S | |
| CVE-2024-26624 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26625 | llc: call sock_orphan() at release time | S | |
| CVE-2024-26626 | ipmr: fix kernel panic when forwarding mcast packets | S | |
| CVE-2024-26627 | scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler | S | |
| CVE-2024-26628 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26629 | nfsd: fix RELEASE_LOCKOWNER | S | |
| CVE-2024-26630 | mm: cachestat: fix folio read-after-free in cache walk | S | |
| CVE-2024-26631 | ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work | S | |
| CVE-2024-26632 | block: Fix iterating over an empty bio with bio_for_each_folio_all | S | |
| CVE-2024-26633 | ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() | S | |
| CVE-2024-26634 | net: fix removing a namespace with conflicting altnames | S | |
| CVE-2024-26635 | llc: Drop support for ETH_P_TR_802_2. | S | |
| CVE-2024-26636 | llc: make llc_ui_sendmsg() more robust against bonding changes | S | |
| CVE-2024-26637 | wifi: ath11k: rely on mac80211 debugfs handling for vif | S | |
| CVE-2024-26638 | nbd: always initialize struct msghdr completely | S | |
| CVE-2024-26639 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26640 | tcp: add sanity checks to rx zerocopy | S | |
| CVE-2024-26641 | ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() | S | |
| CVE-2024-26642 | netfilter: nf_tables: disallow anonymous set with timeout flag | S | |
| CVE-2024-26643 | netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout | S | |
| CVE-2024-26644 | btrfs: don't abort filesystem when attempting to snapshot deleted subvolume | S | |
| CVE-2024-26645 | tracing: Ensure visibility when inserting an element into tracing_map | S | |
| CVE-2024-26646 | thermal: intel: hfi: Add syscore callbacks for system-wide PM | S | |
| CVE-2024-26647 | drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()' | S | |
| CVE-2024-26648 | drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() | S | |
| CVE-2024-26649 | drm/amdgpu: Fix the null pointer when load rlc firmware | S | |
| CVE-2024-26650 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26651 | sr9800: Add check for usbnet_get_endpoints | S | |
| CVE-2024-26652 | net: pds_core: Fix possible double free in error handling path | S | |
| CVE-2024-26653 | usb: misc: ljca: Fix double free in error handling path | S | |
| CVE-2024-26654 | ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs | S | |
| CVE-2024-26655 | Fix memory leak in posix_clock_open() | S | |
| CVE-2024-26656 | drm/amdgpu: fix use-after-free bug | S | |
| CVE-2024-26657 | drm/sched: fix null-ptr-deref in init entity | S | |
| CVE-2024-26658 | bcachefs: grab s_umount only if snapshotting | S | |
| CVE-2024-26659 | xhci: handle isoc Babble and Buffer Overrun events properly | S | |
| CVE-2024-26660 | drm/amd/display: Implement bounds check for stream encoder creation in DCN301 | S | |
| CVE-2024-26661 | drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' | S | |
| CVE-2024-26662 | drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' | S | |
| CVE-2024-26663 | tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() | S | |
| CVE-2024-26664 | hwmon: (coretemp) Fix out-of-bounds memory access | S | |
| CVE-2024-26665 | tunnels: fix out of bounds access when building IPv6 PMTU error | S | |
| CVE-2024-26666 | wifi: mac80211: fix RCU use in TDLS fast-xmit | S | |
| CVE-2024-26667 | drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup | S | |
| CVE-2024-26668 | netfilter: nft_limit: reject configurations that cause integer overflow | S | |
| CVE-2024-26669 | net/sched: flower: Fix chain template offload | S | |
| CVE-2024-26670 | arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD | S | |
| CVE-2024-26671 | blk-mq: fix IO hang from sbitmap wakeup race | S | |
| CVE-2024-26672 | drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()' | S | |
| CVE-2024-26673 | netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations | S | |
| CVE-2024-26674 | x86/lib: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups | S | |
| CVE-2024-26675 | ppp_async: limit MRU to 64K | S | |
| CVE-2024-26676 | af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. | S | |
| CVE-2024-26677 | rxrpc: Fix delayed ACKs to not set the reference serial number | S | |
| CVE-2024-26678 | x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section | S | |
| CVE-2024-26679 | inet: read sk->sk_family once in inet_recv_error() | S | |
| CVE-2024-26680 | net: atlantic: Fix DMA mapping for PTP hwts ring | S | |
| CVE-2024-26681 | netdevsim: avoid potential loop in nsim_dev_trap_report_work() | S | |
| CVE-2024-26682 | wifi: mac80211: improve CSA/ECSA connection refusal | S | |
| CVE-2024-26683 | wifi: cfg80211: detect stuck ECSA element in probe resp | S | |
| CVE-2024-26684 | net: stmmac: xgmac: fix handling of DPP safety error for DMA channels | S | |
| CVE-2024-26685 | nilfs2: fix potential bug in end_buffer_async_write | S | |
| CVE-2024-26686 | fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats | S | |
| CVE-2024-26687 | xen/events: close evtchn after mapping cleanup | S | |
| CVE-2024-26688 | fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super | S | |
| CVE-2024-26689 | ceph: prevent use-after-free in encode_cap_msg() | S | |
| CVE-2024-26690 | net: stmmac: protect updates of 64-bit statistics counters | S | |
| CVE-2024-26691 | KVM: arm64: Fix circular locking dependency | S | |
| CVE-2024-26692 | smb: Fix regression in writes when non-standard maximum write size negotiated | S | |
| CVE-2024-26693 | wifi: iwlwifi: mvm: fix a crash when we run out of stations | S | |
| CVE-2024-26694 | wifi: iwlwifi: fix double-free bug | S | |
| CVE-2024-26695 | crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked | S | |
| CVE-2024-26696 | nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() | S | |
| CVE-2024-26697 | nilfs2: fix data corruption in dsync block recovery for small block sizes | S | |
| CVE-2024-26698 | hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove | S | |
| CVE-2024-26699 | drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr | S | |
| CVE-2024-26700 | drm/amd/display: Fix MST Null Ptr for RV | S | |
| CVE-2024-26701 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26702 | iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC | S | |
| CVE-2024-26703 | tracing/timerlat: Move hrtimer_init to timerlat_fd open() | S | |
| CVE-2024-26704 | ext4: fix double-free of blocks due to wrong extents moved_len | S | |
| CVE-2024-26705 | parisc: BTLB: Fix crash when setting up BTLB at CPU bringup | S | |
| CVE-2024-26706 | parisc: Fix random data corruption from exception handler | S | |
| CVE-2024-26707 | net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() | S | |
| CVE-2024-26708 | mptcp: really cope with fastopen race | S | |
| CVE-2024-26709 | powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach | S | |
| CVE-2024-26710 | powerpc/kasan: Limit KASAN thread size increase to 32KB | S | |
| CVE-2024-26711 | iio: adc: ad4130: zero-initialize clock init data | S | |
| CVE-2024-26712 | powerpc/kasan: Fix addr error caused by page alignment | S | |
| CVE-2024-26713 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26714 | interconnect: qcom: sc8180x: Mark CO0 BCM keepalive | S | |
| CVE-2024-26715 | usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend | S | |
| CVE-2024-26716 | usb: core: Prevent null pointer dereference in update_port_device_state | S | |
| CVE-2024-26717 | HID: i2c-hid-of: fix NULL-deref on failed power up | S | |
| CVE-2024-26718 | dm-crypt, dm-verity: disable tasklets | S | |
| CVE-2024-26719 | nouveau: offload fence uevents work to workqueue | S | |
| CVE-2024-26720 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26721 | drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address | S | |
| CVE-2024-26722 | ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() | S | |
| CVE-2024-26723 | lan966x: Fix crash when adding interface under a lag | S | |
| CVE-2024-26724 | net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers | S | |
| CVE-2024-26725 | dpll: fix possible deadlock during netlink dump operation | S | |
| CVE-2024-26726 | btrfs: don't drop extent_map for free space inode on write error | S | |
| CVE-2024-26727 | btrfs: do not ASSERT() if the newly created subvolume already got read | S | |
| CVE-2024-26728 | drm/amd/display: fix null-pointer dereference on edid reading | S | |
| CVE-2024-26729 | drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv | S | |
| CVE-2024-26730 | hwmon: (nct6775) Fix access to temperature configuration registers | S | |
| CVE-2024-26731 | bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() | S | |
| CVE-2024-26732 | net: implement lockless setsockopt(SO_PEEK_OFF) | S | |
| CVE-2024-26733 | arp: Prevent overflow in arp_req_get(). | S | |
| CVE-2024-26734 | devlink: fix possible use-after-free and memory leaks in devlink_init() | S | |
| CVE-2024-26735 | ipv6: sr: fix possible use-after-free and null-ptr-deref | S | |
| CVE-2024-26736 | afs: Increase buffer size in afs_update_volume_status() | S | |
| CVE-2024-26737 | bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel | S | |
| CVE-2024-26738 | powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller | S | |
| CVE-2024-26739 | net/sched: act_mirred: don't override retval if we already lost the skb | S | |
| CVE-2024-26740 | net/sched: act_mirred: use the backlog for mirred ingress | S | |
| CVE-2024-26741 | dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). | S | |
| CVE-2024-26742 | scsi: smartpqi: Fix disable_managed_interrupts | S | |
| CVE-2024-26743 | RDMA/qedr: Fix qedr_create_user_qp error flow | S | |
| CVE-2024-26744 | RDMA/srpt: Support specifying the srpt_service_guid parameter | S | |
| CVE-2024-26745 | powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV | S | |
| CVE-2024-26746 | dmaengine: idxd: Ensure safe user copy of completion record | S | |
| CVE-2024-26747 | usb: roles: fix NULL pointer issue when put module's reference | S | |
| CVE-2024-26748 | usb: cdns3: fix memory double free when handle zero packet | S | |
| CVE-2024-26749 | usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() | S | |
| CVE-2024-26750 | af_unix: Drop oob_skb ref before purging queue in GC. | S | |
| CVE-2024-26751 | ARM: ep93xx: Add terminator to gpiod_lookup_table | S | |
| CVE-2024-26752 | l2tp: pass correct message length to ip6_append_data | S | |
| CVE-2024-26753 | crypto: virtio/akcipher - Fix stack overflow on memcpy | S | |
| CVE-2024-26754 | gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() | S | |
| CVE-2024-26755 | md: Don't suspend the array for interrupted reshape | S | |
| CVE-2024-26756 | md: Don't register sync_thread for reshape directly | S | |
| CVE-2024-26757 | md: Don't ignore read-only array in md_check_recovery() | S | |
| CVE-2024-26758 | md: Don't ignore suspended array in md_check_recovery() | S | |
| CVE-2024-26759 | mm/swap: fix race when skipping swapcache | S | |
| CVE-2024-26760 | scsi: target: pscsi: Fix bio_put() for error case | S | |
| CVE-2024-26761 | cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window | S | |
| CVE-2024-26762 | cxl/pci: Skip to handle RAS errors if CXL.mem device is detached | S | |
| CVE-2024-26763 | dm-crypt: don't modify the data when using authenticated encryption | S | |
| CVE-2024-26764 | fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio | S | |
| CVE-2024-26765 | LoongArch: Disable IRQ before init_fn() for nonboot CPUs | S | |
| CVE-2024-26766 | IB/hfi1: Fix sdma.h tx->num_descs off-by-one error | S | |
| CVE-2024-26767 | drm/amd/display: fixed integer types and null check locations | S | |
| CVE-2024-26768 | LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] | S | |
| CVE-2024-26769 | nvmet-fc: avoid deadlock on delete association path | S | |
| CVE-2024-26770 | HID: nvidia-shield: Add missing null pointer checks to LED initialization | S | |
| CVE-2024-26771 | dmaengine: ti: edma: Add some null pointer checks to the edma_probe | S | |
| CVE-2024-26772 | ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() | S | |
| CVE-2024-26773 | ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() | S | |
| CVE-2024-26774 | ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt | S | |
| CVE-2024-26775 | aoe: avoid potential deadlock at set_capacity | S | |
| CVE-2024-26776 | spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected | S | |
| CVE-2024-26777 | fbdev: sis: Error out if pixclock equals zero | S | |
| CVE-2024-26778 | fbdev: savage: Error out if pixclock equals zero | S | |
| CVE-2024-26779 | wifi: mac80211: fix race condition on enabling fast-xmit | S | |
| CVE-2024-26780 | af_unix: Fix task hung while purging oob_skb in GC. | S | |
| CVE-2024-26781 | mptcp: fix possible deadlock in subflow diag | S | |
| CVE-2024-26782 | mptcp: fix double-free on socket dismantle | S | |
| CVE-2024-26783 | mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index | S | |
| CVE-2024-26784 | pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal | S | |
| CVE-2024-26785 | iommufd: Fix protection fault in iommufd_test_syz_conv_iova | S | |
| CVE-2024-26786 | iommufd: Fix iopt_access_list_id overwrite bug | S | |
| CVE-2024-26787 | mmc: mmci: stm32: fix DMA API overlapping mappings warning | S | |
| CVE-2024-26788 | dmaengine: fsl-qdma: init irq after reg initialization | S | |
| CVE-2024-26789 | crypto: arm64/neonbs - fix out-of-bounds access on short input | S | |
| CVE-2024-26790 | dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read | S | |
| CVE-2024-26791 | btrfs: dev-replace: properly validate device names | S | |
| CVE-2024-26792 | btrfs: fix double free of anonymous device after snapshot creation failure | S | |
| CVE-2024-26793 | gtp: fix use-after-free and null-ptr-deref in gtp_newlink() | S | |
| CVE-2024-26794 | btrfs: fix race between ordered extent completion and fiemap | S | |
| CVE-2024-26795 | riscv: Sparse-Memory/vmemmap out-of-bounds fix | S | |
| CVE-2024-26796 | drivers: perf: ctr_get_width function for legacy is not defined | S | |
| CVE-2024-26797 | drm/amd/display: Prevent potential buffer overflow in map_hw_resources | S | |
| CVE-2024-26798 | fbcon: always restore the old font data in fbcon_do_set_font() | S | |
| CVE-2024-26799 | ASoC: qcom: Fix uninitialized pointer dmactl | S | |
| CVE-2024-26800 | tls: fix use-after-free on failed backlog decryption | S | |
| CVE-2024-26801 | Bluetooth: Avoid potential use-after-free in hci_error_reset | S | |
| CVE-2024-26802 | stmmac: Clear variable when destroying workqueue | S | |
| CVE-2024-26803 | net: veth: clear GRO when clearing XDP even when down | S | |
| CVE-2024-26804 | net: ip_tunnel: prevent perpetual headroom growth | S | |
| CVE-2024-26805 | netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter | S | |
| CVE-2024-26806 | spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks | S | |
| CVE-2024-26807 | spi: cadence-qspi: fix pointer reference in runtime PM hooks | S | |
| CVE-2024-26808 | netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain | S | |
| CVE-2024-26809 | netfilter: nft_set_pipapo: release elements in clone only from destroy path | S | |
| CVE-2024-26810 | vfio/pci: Lock external INTx masking ops | S | |
| CVE-2024-26811 | ksmbd: validate payload size in ipc response | S | |
| CVE-2024-26812 | vfio/pci: Create persistent INTx handler | S | |
| CVE-2024-26813 | vfio/platform: Create persistent IRQ handlers | S | |
| CVE-2024-26814 | vfio/fsl-mc: Block calling interrupt handler without trigger | S | |
| CVE-2024-26815 | net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check | S | |
| CVE-2024-26816 | x86, relocs: Ignore relocations in .notes section | S | |
| CVE-2024-26817 | amdkfd: use calloc instead of kzalloc to avoid integer overflow | S | |
| CVE-2024-26818 | tools/rtla: Fix clang warning about mount_point var size | S | |
| CVE-2024-26819 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26820 | hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed | S | |
| CVE-2024-26821 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26822 | smb: client: set correct id, uid and cruid for multiuser automounts | S | |
| CVE-2024-26823 | irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems | S | |
| CVE-2024-26824 | crypto: algif_hash - Remove bogus SGL free on zero-length error path | S | |
| CVE-2024-26825 | nfc: nci: free rx_data_reassembly skb on NCI device cleanup | S | |
| CVE-2024-26826 | mptcp: fix data re-injection from stale subflow | S | |
| CVE-2024-26827 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26828 | cifs: fix underflow in parse_server_interfaces() | S | |
| CVE-2024-26829 | media: ir_toy: fix a memleak in irtoy_tx | S | |
| CVE-2024-26830 | i40e: Do not allow untrusted VF to remove administratively set MAC | S | |
| CVE-2024-26831 | net/handshake: Fix handshake_req_destroy_test1 | S | |
| CVE-2024-26832 | mm: zswap: fix missing folio cleanup in writeback race path | S | |
| CVE-2024-26833 | drm/amd/display: Fix memory leak in dm_sw_fini() | S | |
| CVE-2024-26834 | netfilter: nft_flow_offload: release dst in case direct xmit path is used | S | |
| CVE-2024-26835 | netfilter: nf_tables: set dormant flag on hook register failure | S | |
| CVE-2024-26836 | platform/x86: think-lmi: Fix password opcode ordering for workstations | S | |
| CVE-2024-26837 | net: bridge: switchdev: Skip MDB replays of deferred events on offload | S | |
| CVE-2024-26838 | RDMA/irdma: Fix KASAN issue with tasklet | S | |
| CVE-2024-26839 | IB/hfi1: Fix a memleak in init_credit_return | S | |
| CVE-2024-26840 | cachefiles: fix memory leak in cachefiles_add_cache() | S | |
| CVE-2024-26841 | LoongArch: Update cpu_sibling_map when disabling nonboot CPUs | S | |
| CVE-2024-26842 | scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() | S | |
| CVE-2024-26843 | efi: runtime: Fix potential overflow of soft-reserved region size | S | |
| CVE-2024-26844 | block: Fix WARNING in _copy_from_iter | S | |
| CVE-2024-26845 | scsi: target: core: Add TMF to tmr_list handling | S | |
| CVE-2024-26846 | nvme-fc: do not wait in vain when unloading module | S | |
| CVE-2024-26847 | powerpc/rtas: use correct function name for resetting TCE tables | | |
| CVE-2024-26848 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26849 | netlink: add nla be16/32 types to minlen array | S | |
| CVE-2024-26850 | mm/debug_vm_pgtable: fix BUG_ON with pud advanced test | S | |
| CVE-2024-26851 | netfilter: nf_conntrack_h323: Add protection for bmp length out of range | S | |
| CVE-2024-26852 | net/ipv6: avoid possible UAF in ip6_route_mpath_notify() | S | |
| CVE-2024-26853 | igc: avoid returning frame twice in XDP_REDIRECT | S | |
| CVE-2024-26854 | ice: fix uninitialized dplls mutex usage | S | |
| CVE-2024-26855 | net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() | S | |
| CVE-2024-26856 | net: sparx5: Fix use after free inside sparx5_del_mact_entry | S | |
| CVE-2024-26857 | geneve: make sure to pull inner header in geneve_rx() | S | |
| CVE-2024-26858 | net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map | S | |
| CVE-2024-26859 | net/bnx2x: Prevent access to a freed page in page_pool | S | |
| CVE-2024-26860 | dm-integrity: fix a memory leak when rechecking the data | S | |
| CVE-2024-26861 | wireguard: receive: annotate data-race around receiving_counter.counter | S | |
| CVE-2024-26862 | packet: annotate data-races around ignore_outgoing | S | |
| CVE-2024-26863 | hsr: Fix uninit-value access in hsr_get_node() | S | |
| CVE-2024-26864 | tcp: Fix refcnt handling in __inet_hash_connect(). | S | |
| CVE-2024-26865 | rds: tcp: Fix use-after-free of net in reqsk_timer_handler(). | S | |
| CVE-2024-26866 | spi: lpspi: Avoid potential use-after-free in probe() | S | |
| CVE-2024-26867 | comedi: comedi_8255: Correct error in subdevice initialization | S | |
| CVE-2024-26868 | nfs: fix panic when nfs4_ff_layout_prepare_ds() fails | S | |
| CVE-2024-26869 | f2fs: fix to truncate meta inode pages forcely | S | |
| CVE-2024-26870 | NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 | S | |
| CVE-2024-26871 | f2fs: fix NULL pointer dereference in f2fs_submit_page_write() | S | |
| CVE-2024-26872 | RDMA/srpt: Do not register event handler until srpt device is fully setup | S | |
| CVE-2024-26873 | scsi: hisi_sas: Fix a deadlock issue related to automatic dump | S | |
| CVE-2024-26874 | drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip | S | |
| CVE-2024-26875 | media: pvrusb2: fix uaf in pvr2_context_set_notify | S | |
| CVE-2024-26876 | drm/bridge: adv7511: fix crash on irq during probe | S | |
| CVE-2024-26877 | crypto: xilinx - call finalize with bh disabled | | |
| CVE-2024-26878 | quota: Fix potential NULL pointer dereference | S | |
| CVE-2024-26879 | clk: meson: Add missing clocks to axg_clk_regmaps | S | |
| CVE-2024-26880 | dm: call the resume method on internal suspend | | |
| CVE-2024-26881 | net: hns3: fix kernel crash when 1588 is received on HIP08 devices | S | |
| CVE-2024-26882 | net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() | S | |
| CVE-2024-26883 | bpf: Fix stackmap overflow check on 32-bit arches | S | |
| CVE-2024-26884 | bpf: Fix hashtab overflow check on 32-bit arches | S | |
| CVE-2024-26885 | bpf: Fix DEVMAP_HASH overflow check on 32-bit arches | S | |
| CVE-2024-26886 | Bluetooth: af_bluetooth: Fix deadlock | S | |
| CVE-2024-26887 | Bluetooth: btusb: Fix memory leak | S | |
| CVE-2024-26888 | Bluetooth: msft: Fix memory leak | S | |
| CVE-2024-26889 | Bluetooth: hci_core: Fix possible buffer overflow | S | |
| CVE-2024-26890 | Bluetooth: btrtl: fix out of bounds memory access | S | |
| CVE-2024-26891 | iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected | S | |
| CVE-2024-26892 | wifi: mt76: mt7921e: fix use-after-free in free_irq() | S | |
| CVE-2024-26893 | firmware: arm_scmi: Fix double free in SMC transport cleanup path | S | |
| CVE-2024-26894 | ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() | S | |
| CVE-2024-26895 | wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces | S | |
| CVE-2024-26896 | wifi: wfx: fix memory leak when starting AP | S | |
| CVE-2024-26897 | wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete | | |
| CVE-2024-26898 | aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts | S | |
| CVE-2024-26899 | block: fix deadlock between bd_link_disk_holder and partition scan | S | |
| CVE-2024-26900 | md: fix kmemleak of rdev->serial | S | |
| CVE-2024-26901 | do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak | S | |
| CVE-2024-26902 | perf: RISCV: Fix panic on pmu overflow handler | S | |
| CVE-2024-26903 | Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security | S | |
| CVE-2024-26904 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26905 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26906 | x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() | | |
| CVE-2024-26907 | RDMA/mlx5: Fix fortify source warning while accessing Eth segment | S | |
| CVE-2024-26908 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26909 | soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free | S | |
| CVE-2024-26910 | netfilter: ipset: fix performance regression in swap operation | S | |
| CVE-2024-26911 | drm/buddy: Fix alloc_range() error handling code | S | |
| CVE-2024-26912 | drm/nouveau: fix several DMA buffer leaks | S | |
| CVE-2024-26913 | drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue | S | |
| CVE-2024-26914 | drm/amd/display: fix incorrect mpc_combine array size | | |
| CVE-2024-26915 | drm/amdgpu: Reset IH OVERFLOW_CLEAR bit | S | |
| CVE-2024-26916 | Revert "drm/amd: flush any delayed gfxoff on suspend entry" | | |
| CVE-2024-26917 | scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" | S | |
| CVE-2024-26918 | PCI: Fix active state requirement in PME polling | | |
| CVE-2024-26919 | usb: ulpi: Fix debugfs directory leak | | |
| CVE-2024-26920 | tracing/trigger: Fix to return error if failed to alloc snapshot | | |
| CVE-2024-26921 | inet: inet_defrag: prevent sk release while still in use | | |
| CVE-2024-26922 | drm/amdgpu: validate the parameters of bo mapping operations more clearly | | |
| CVE-2024-26923 | af_unix: Fix garbage collector racing against connect() | | |
| CVE-2024-26924 | netfilter: nft_set_pipapo: do not free live element | S | |
| CVE-2024-26925 | netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path | | |
| CVE-2024-26926 | binder: check offset alignment in binder_get_object() | | |
| CVE-2024-26927 | ASoC: SOF: Add some bounds checking to firmware data | S | |
| CVE-2024-26928 | smb: client: fix potential UAF in cifs_debug_files_proc_show() | S | |
| CVE-2024-26929 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26930 | scsi: qla2xxx: Fix double free of the ha->vp_map pointer | S | |
| CVE-2024-26931 | scsi: qla2xxx: Fix command flush on cable pull | S | |
| CVE-2024-26932 | usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() | S | |
| CVE-2024-26933 | USB: core: Fix deadlock in port "disable" sysfs attribute | S | |
| CVE-2024-26934 | USB: core: Fix deadlock in usb_deauthorize_interface() | S | |
| CVE-2024-26935 | scsi: core: Fix unremoved procfs host directory regression | | |
| CVE-2024-26936 | ksmbd: validate request buffer size in smb2_allocate_rsp_buf() | | |
| CVE-2024-26937 | drm/i915/gt: Reset queue_priority_hint on parking | | |
| CVE-2024-26938 | drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() | | |
| CVE-2024-26939 | drm/i915/vma: Fix UAF on destroy against retire race | S | |
| CVE-2024-26940 | drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed | S | |
| CVE-2024-26941 | drm/dp: Fix divide-by-zero regression on DP MST unplug with nouveau | S | |
| CVE-2024-26942 | net: phy: qcom: at803x: fix kernel panic with at8031_probe | S | |
| CVE-2024-26943 | nouveau/dmem: handle kcalloc() allocation failure | S | |
| CVE-2024-26944 | btrfs: zoned: fix use-after-free in do_zone_finish() | S | |
| CVE-2024-26945 | crypto: iaa - Fix nr_cpus < nr_iaa case | S | |
| CVE-2024-26946 | kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address | | |
| CVE-2024-26947 | ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses | | |
| CVE-2024-26948 | drm/amd/display: Add a dc_state NULL check in dc_state_release | | |
| CVE-2024-26949 | drm/amdgpu/pm: Fix NULL pointer dereference when get power limit | S | |
| CVE-2024-26950 | wireguard: netlink: access device through ctx instead of peer | S | |
| CVE-2024-26951 | wireguard: netlink: check for dangling peer via is_dead instead of empty list | | |
| CVE-2024-26952 | ksmbd: fix potencial out-of-bounds when buffer offset is invalid | S | |
| CVE-2024-26953 | net: esp: fix bad handling of pages from page_pool | | |
| CVE-2024-26954 | ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() | S | |
| CVE-2024-26955 | nilfs2: prevent kernel bug at submit_bh_wbc() | | |
| CVE-2024-26956 | nilfs2: fix failure to detect DAT corruption in btree and direct mappings | | |
| CVE-2024-26957 | s390/zcrypt: fix reference counting on zcrypt card objects | S | |
| CVE-2024-26958 | nfs: fix UAF in direct writes | S | |
| CVE-2024-26959 | Bluetooth: btnxpuart: Fix btnxpuart_close | | |
| CVE-2024-26960 | mm: swap: fix race between free_swap_and_cache() and swapoff() | S | |
| CVE-2024-26961 | mac802154: fix llsec key resources release in mac802154_llsec_key_del | S | |
| CVE-2024-26962 | dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape | S | |
| CVE-2024-26963 | usb: dwc3-am62: fix module unload/reload behavior | | |
| CVE-2024-26964 | usb: xhci: Add error handling in xhci_map_urb_for_dma | S | |
| CVE-2024-26965 | clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays | | |
| CVE-2024-26966 | clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays | S | |
| CVE-2024-26967 | clk: qcom: camcc-sc8280xp: fix terminating of frequency table arrays | S | |
| CVE-2024-26968 | clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays | S | |
| CVE-2024-26969 | clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays | S | |
| CVE-2024-26970 | clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays | S | |
| CVE-2024-26971 | clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays | S | |
| CVE-2024-26972 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26973 | fat: fix uninitialized field in nostale filehandles | S | |
| CVE-2024-26974 | crypto: qat - resolve race condition during AER recovery | S | |
| CVE-2024-26975 | powercap: intel_rapl: Fix a NULL pointer dereference | S | |
| CVE-2024-26976 | KVM: Always flush async #PF workqueue when vCPU is being destroyed | S | |
| CVE-2024-26977 | pci_iounmap(): Fix MMIO mapping leak | | |
| CVE-2024-26978 | serial: max310x: fix NULL pointer dereference in I2C instantiation | S | |
| CVE-2024-26979 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-26980 | ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf | S | |
| CVE-2024-26981 | nilfs2: fix OOB in nilfs_set_de_type | S | |
| CVE-2024-26982 | Squashfs: check the inode number is not the invalid value of zero | S | |
| CVE-2024-26983 | bootconfig: use memblock_free_late to free xbc memory to buddy | S | |
| CVE-2024-26984 | nouveau: fix instmem race condition around ptr stores | S | |
| CVE-2024-26985 | drm/xe: Fix bo leak in intel_fb_bo_framebuffer_init | | |
| CVE-2024-26986 | drm/amdkfd: Fix memory leak in create_process failure | S | |
| CVE-2024-26987 | mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled | S | |
| CVE-2024-26988 | init/main.c: Fix potential static_command_line memory overflow | | |
| CVE-2024-26989 | arm64: hibernate: Fix level3 translation fault in swsusp_save() | S | |
| CVE-2024-26990 | KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status | | |
| CVE-2024-26991 | KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes | S | |
| CVE-2024-26992 | KVM: x86/pmu: Disable support for adaptive PEBS | | |
| CVE-2024-26993 | fs: sysfs: Fix reference leak in sysfs_break_active_protection() | S | |
| CVE-2024-26994 | speakup: Avoid crash on very long word | | |
| CVE-2024-26995 | usb: typec: tcpm: Correct the PDO counting in pd_set | S | |
| CVE-2024-26996 | usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error | S | |
| CVE-2024-26997 | usb: dwc2: host: Fix dereference issue in DDMA completion flow. | | |
| CVE-2024-26998 | serial: core: Clearing the circular buffer before NULLifying it | S | |
| CVE-2024-26999 | serial/pmac_zilog: Remove flawed mitigation for rx irq flood | S |