| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-27000 | serial: mxs-auart: add spinlock around changing cts state | | |
| CVE-2024-27001 | comedi: vmk80xx: fix incomplete endpoint checking | | |
| CVE-2024-27002 | clk: mediatek: Do a runtime PM get on controllers during probe | S | |
| CVE-2024-27003 | clk: Get runtime PM before walking tree for clk_summary | S | |
| CVE-2024-27004 | clk: Get runtime PM before walking tree during disable_unused | | |
| CVE-2024-27005 | interconnect: Don't access req_list while it's being manipulated | S | |
| CVE-2024-27006 | thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up() | | |
| CVE-2024-27007 | userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE | | |
| CVE-2024-27008 | drm: nv04: Fix out of bounds access | S | |
| CVE-2024-27009 | s390/cio: fix race condition during online processing | | |
| CVE-2024-27010 | net/sched: Fix mirred deadlock on device recursion | S | |
| CVE-2024-27011 | netfilter: nf_tables: fix memleak in map from abort path | S | |
| CVE-2024-27012 | netfilter: nf_tables: restore set elements when delete set fails | S | |
| CVE-2024-27013 | tun: limit printing rate when illegal packet received by tun dev | S | |
| CVE-2024-27014 | net/mlx5e: Prevent deadlock while disabling aRFS | S | |
| CVE-2024-27015 | netfilter: flowtable: incorrect pppoe tuple | S | |
| CVE-2024-27016 | netfilter: flowtable: validate pppoe header | S | |
| CVE-2024-27017 | netfilter: nft_set_pipapo: walk over current view on netlink dump | S | |
| CVE-2024-27018 | netfilter: br_netfilter: skip conntrack input hook for promisc packets | S | |
| CVE-2024-27019 | netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() | S | |
| CVE-2024-27020 | netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() | S | |
| CVE-2024-27021 | r8169: fix LED-related deadlock on module removal | S | |
| CVE-2024-27022 | fork: defer linking file vma until vma is fully initialized | S | |
| CVE-2024-27023 | md: Fix missing release of 'active_io' for flush | | |
| CVE-2024-27024 | net/rds: fix WARNING in rds_conn_connect_if_down | S | |
| CVE-2024-27025 | nbd: null check for nla_nest_start | S | |
| CVE-2024-27026 | vmxnet3: Fix missing reserved tailroom | S | |
| CVE-2024-27027 | dpll: fix dpll_xa_ref_*_del() for multiple registrations | | |
| CVE-2024-27028 | spi: spi-mt65xx: Fix NULL pointer access in interrupt handler | S | |
| CVE-2024-27029 | drm/amdgpu: fix mmhub client id out-of-bounds access | S | |
| CVE-2024-27030 | octeontx2-af: Use separate handlers for interrupts | S | |
| CVE-2024-27031 | NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt | S | |
| CVE-2024-27032 | f2fs: fix to avoid potential panic during recovery | S | |
| CVE-2024-27033 | f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic | S | |
| CVE-2024-27034 | f2fs: compress: fix to cover normal cluster write with cp_rwsem | | |
| CVE-2024-27035 | f2fs: compress: fix to guarantee persisting compressed blocks by CP | | |
| CVE-2024-27036 | cifs: Fix writeback data corruption | | |
| CVE-2024-27037 | clk: zynq: Prevent null pointer dereference caused by kmalloc failure | S | |
| CVE-2024-27038 | clk: Fix clk_core_get NULL dereference | S | |
| CVE-2024-27039 | clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() | | |
| CVE-2024-27040 | drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' | S | |
| CVE-2024-27041 | drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() | S | |
| CVE-2024-27042 | drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' | S | |
| CVE-2024-27043 | media: edia: dvbdev: fix a use-after-free | S | |
| CVE-2024-27044 | drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' | S | |
| CVE-2024-27045 | drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' | S | |
| CVE-2024-27046 | nfp: flower: handle acti_netdevs allocation failure | S | |
| CVE-2024-27047 | net: phy: fix phy_get_internal_delay accessing an empty array | S | |
| CVE-2024-27048 | wifi: brcm80211: handle pmk_op allocation failure | S | |
| CVE-2024-27049 | wifi: mt76: mt7925e: fix use-after-free in free_irq() | S | |
| CVE-2024-27050 | libbpf: Use OPTS_SET() macro in bpf_xdp_query() | S | |
| CVE-2024-27051 | cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value | S | |
| CVE-2024-27052 | wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work | S | |
| CVE-2024-27053 | wifi: wilc1000: fix RCU usage in connect path | S | |
| CVE-2024-27054 | s390/dasd: fix double module refcount decrement | S | |
| CVE-2024-27055 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-27056 | wifi: iwlwifi: mvm: ensure offloading TID queue exists | | |
| CVE-2024-27057 | ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend | | |
| CVE-2024-27058 | tmpfs: fix race on handling dquot rbtree | S | |
| CVE-2024-27059 | USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command | S | |
| CVE-2024-27060 | thunderbolt: Fix NULL pointer dereference in tb_port_update_credits() | S | |
| CVE-2024-27061 | crypto: sun8i-ce - Fix use after free in unprepare | S | |
| CVE-2024-27062 | nouveau: lock the client object tree. | S | |
| CVE-2024-27063 | leds: trigger: netdev: Fix kernel panic on interface rename trig notify | | |
| CVE-2024-27064 | netfilter: nf_tables: Fix a memory leak in nf_tables_updchain | S | |
| CVE-2024-27065 | netfilter: nf_tables: do not compare internal table flags on updates | | |
| CVE-2024-27066 | virtio: packed: fix unmap leak for indirect desc table | | |
| CVE-2024-27067 | xen/evtchn: avoid WARN() when unbinding an event channel | | |
| CVE-2024-27068 | thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path | S | |
| CVE-2024-27069 | ovl: relax WARN_ON in ovl_verify_area() | | |
| CVE-2024-27070 | f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault | S | |
| CVE-2024-27071 | backlight: hx8357: Fix potential NULL pointer dereference | S | |
| CVE-2024-27072 | media: usbtv: Remove useless locks in usbtv_video_free() | S | |
| CVE-2024-27073 | media: ttpci: fix two memleaks in budget_av_attach | S | |
| CVE-2024-27074 | media: go7007: fix a memleak in go7007_load_encoder | S | |
| CVE-2024-27075 | media: dvb-frontends: avoid stack overflow warnings with clang | | |
| CVE-2024-27076 | media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak | S | |
| CVE-2024-27077 | media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity | S | |
| CVE-2024-27078 | media: v4l2-tpg: fix some memleaks in tpg_alloc | S | |
| CVE-2024-27079 | iommu/vt-d: Fix NULL domain on device release | S | |
| CVE-2024-27080 | btrfs: fix race when detecting delalloc ranges during fiemap | | |
| CVE-2024-27081 | ESPHome remote code execution via arbitrary file write | E S | |
| CVE-2024-27082 | Cacti Cross-site Scripting vulnerability when managing trees | E | |
| CVE-2024-27083 | Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS) | S | |
| CVE-2024-27084 | Rejected reason: This CVE is a duplicate of CVE-2024-1631.... | R | |
| CVE-2024-27085 | Denial of service through invites in Discourse | | |
| CVE-2024-27086 | MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service | | |
| CVE-2024-27087 | Kirby cross-site scripting (XSS) in the link field "Custom" type | S | |
| CVE-2024-27088 | es5-ext Regular Expression Denial of Service in `function#copy` and `function#toStringTokens` | E S | |
| CVE-2024-27089 | Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was n... | R | |
| CVE-2024-27090 | Decidim vulnerable to data disclosure through the embed feature | | |
| CVE-2024-27091 | GeoNode stored XSS to full account takeover | | |
| CVE-2024-27092 | Content spoofing - real Hoppscotch emails | E S | |
| CVE-2024-27093 | Minder trusts client-provided mapping from repo name to upstream ID | E S | |
| CVE-2024-27094 | OpenZeppelin Contracts base64 encoding may read from potentially dirty memory | | |
| CVE-2024-27095 | Decidim cross-site scripting (XSS) in the admin panel | | |
| CVE-2024-27096 | SQL Injection in through the search engine | S | |
| CVE-2024-27097 | Potential log injection in reset user endpoint in ckan | S | |
| CVE-2024-27098 | Blind Server-Side Request Forgery (SSRF) using Arbitrary Object Instantiation in GLPI | S | |
| CVE-2024-27099 | Azure IoT Platform Device SDK Double Free Vulnerability | S | |
| CVE-2024-27100 | Denial of service via Staff Actions in Discourse | | |
| CVE-2024-27101 | Integer overflow in chunking helper causes dispatching to miss elements or panic | | |
| CVE-2024-27102 | Improper isolation of server file access in github.com/pterodactyl/wings | S | |
| CVE-2024-27103 | Querybook Stored Cross-Site Scripting allows Privilege Elevation | S | |
| CVE-2024-27104 | Stored XSS in dashboards in GLPI | S | |
| CVE-2024-27105 | Frappe File Permissions can by bypassed using certain endpoints | | |
| CVE-2024-27106 | Vulnerable data in transit in GE HealthCare EchoPAC products | | |
| CVE-2024-27107 | Weak account password in GE HealthCare EchoPAC products | | |
| CVE-2024-27108 | Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products | | |
| CVE-2024-27109 | Insufficiently protected credentials in GE HealthCare EchoPAC products | | |
| CVE-2024-27110 | Elevation of privilege vulnerability in GE HealthCare EchoPAC products | | |
| CVE-2024-27112 | SQL Injection in SOPlanning before 1.52.02 | M | |
| CVE-2024-27113 | Insecure Direct Object Reference to export Database in SOPlanning before 1.52.02 | M | |
| CVE-2024-27114 | Remote Code Execution through File Upload in SOPlanning before 1.52.02 | M | |
| CVE-2024-27115 | Remote Code Execution through File Upload in SOPlanning before 1.52.02 | | |
| CVE-2024-27120 | Local File Inclusion in ComfortKey before version 24.1.2 | | |
| CVE-2024-27121 | Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automatio... | | |
| CVE-2024-27122 | Notes Station 3 | S | |
| CVE-2024-27124 | QTS, QuTS hero, QuTScloud | S | |
| CVE-2024-27125 | Helpdesk | S | |
| CVE-2024-27126 | Notes Station 3 | S | |
| CVE-2024-27127 | QTS, QuTS hero | S | |
| CVE-2024-27128 | QTS, QuTS hero | S | |
| CVE-2024-27129 | QTS, QuTS hero | S | |
| CVE-2024-27130 | QTS, QuTS hero | S | |
| CVE-2024-27132 | Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. | E S | |
| CVE-2024-27133 | Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. | E S | |
| CVE-2024-27134 | Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf | S | |
| CVE-2024-27135 | Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution | | |
| CVE-2024-27136 | Apache JSPWiki: Cross-site scripting vulnerability on upload page | | |
| CVE-2024-27137 | Apache Cassandra: unrestricted deserialization of JMX authentication credentials | | |
| CVE-2024-27138 | Apache Archiva: disabling user registration is not effective | | |
| CVE-2024-27139 | Apache Archiva: incorrect authentication potentially leading to account takeover | | |
| CVE-2024-27140 | Apache Archiva: reflected XSS | | |
| CVE-2024-27141 | Pre-authenticated Time-Based Blind XXE injection | S | |
| CVE-2024-27142 | Pre-authenticated XXE injection | S | |
| CVE-2024-27143 | Pre-authenticated Remote Code Execution | S | |
| CVE-2024-27144 | Pre-authenticated Remote Code Execution | S | |
| CVE-2024-27145 | Multiple Post-authenticated Remote Code Execution | S | |
| CVE-2024-27146 | Lack of privileges separation | S | |
| CVE-2024-27147 | Local Privilege Escalation and Remote Code Execution using snmpd | S | |
| CVE-2024-27148 | Local Privilege Escalation and Remote Code Execution using insecure PATH | S | |
| CVE-2024-27149 | Local Privilege Escalation and Remote Code Execution using insecure LD_PRELOAD | S | |
| CVE-2024-27150 | Local Privilege Escalation and Remote Code Execution using insecure LD_LIBRARY_PATH | S | |
| CVE-2024-27151 | Local Privilege Escalation and Remote Code Execution using insecure permissions | S | |
| CVE-2024-27152 | Local Privilege Escalation and Remote Code Execution using insecure permissions | S | |
| CVE-2024-27153 | Local Privilege Escalation and Remote Code Execution | S | |
| CVE-2024-27154 | Passwords are stored in clear-text logs. | S | |
| CVE-2024-27155 | Local Privilege Escalation and Remote Code Execution using insecure permissions | S | |
| CVE-2024-27156 | Leak of authentication sessions in secure logs | S | |
| CVE-2024-27157 | Leak of authentication sessions in secure logs | S | |
| CVE-2024-27158 | Hardcoded root password | S | |
| CVE-2024-27159 | Hardcoded password used to encrypt logs | S | |
| CVE-2024-27160 | Hardcoded password used to encrypt logs and use of weak cipher | S | |
| CVE-2024-27161 | Hardcoded password used to encrypt files | S | |
| CVE-2024-27162 | DOM-based XSS | S | |
| CVE-2024-27163 | Leak of admin password and passwords | S | |
| CVE-2024-27164 | Hardcoded credentials | S | |
| CVE-2024-27165 | Local Privilege Escalation | S | |
| CVE-2024-27166 | Insecure permissions | S | |
| CVE-2024-27167 | Insecure permissions | S | |
| CVE-2024-27168 | Hardcoded keys used to generate authentication cookies | S | |
| CVE-2024-27169 | Lack of authentication | S | |
| CVE-2024-27170 | Hardcoded credentials for WebDAV access | S | |
| CVE-2024-27171 | Insecure permissions | S | |
| CVE-2024-27172 | Remote Code Execution | S | |
| CVE-2024-27173 | insecure upload | S | |
| CVE-2024-27174 | insecure upload | S | |
| CVE-2024-27175 | Local File Inclusion | S | |
| CVE-2024-27176 | Remote Code Execution | S | |
| CVE-2024-27177 | Remote Code Execution | S | |
| CVE-2024-27178 | Remote Code Execution | S | |
| CVE-2024-27179 | Session disclosure inside the log files | S | |
| CVE-2024-27180 | TOCTOU vulnerability | S | |
| CVE-2024-27181 | Apache Linkis Basic management services: Privilege Escalation Attack vulnerability | | |
| CVE-2024-27182 | Apache Linkis Basic management services: Engine material management Arbitrary file deletion vulnerability | | |
| CVE-2024-27183 | Extension - dj-extensions.com - XSS vulnerability in DJ-HelpfulArticles component for Joomla 1.0.0-1.1.0 | | |
| CVE-2024-27184 | [20240801] - Core - Inadequate validation of internal URLs | | |
| CVE-2024-27185 | [20240802] - Core - Cache Poisoning in Pagination | | |
| CVE-2024-27186 | [20240803] - Core - XSS in HTML Mail Templates | | |
| CVE-2024-27187 | [20240804] - Core - Improper ACL for backend profile view | | |
| CVE-2024-27188 | WordPress Breeze plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27189 | WordPress WP Social Widget plugin <= 2.2.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27190 | WordPress Download Media plugin <= 1.4.2 - Broken Access Control vulnerability | | |
| CVE-2024-27191 | WordPress Slivery Extender plugin <= 1.0.2 - Auth. Remote Code Execution (RCE) vulnerability | | |
| CVE-2024-27192 | WordPress Configure SMTP Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS) | | |
| CVE-2024-27193 | WordPress PayU India plugin <= 3.8.2 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-27194 | WordPress Fontific plugin <= 0.1.6 - CSRF to XSS vulnerability | | |
| CVE-2024-27195 | WordPress Watermark RELOADED plugin <= 1.3.5 - CSRF to XSS vulnerability | | |
| CVE-2024-27196 | WordPress postMash – custom post order plugin <= 1.2.0 - Reflected Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-27197 | WordPress BeePress plugin <= 6.9.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-27198 | In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was p... | KEV | |
| CVE-2024-27199 | In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was... | | |
| CVE-2024-27200 | Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a au... | | |
| CVE-2024-27201 | An improper input validation vulnerability exists in the OAS Engine User Configuration functionality... | E | |
| CVE-2024-27202 | BIG-IP TMUI XSS vulnerability | | |
| CVE-2024-27204 | In tmu_set_gov_active of tmu.c, there is a possible out of bounds write due to a missing bounds chec... | | |
| CVE-2024-27205 | there is a possible memory corruption due to a use after free. This could lead to local escalation o... | | |
| CVE-2024-27206 | there is a possible out of bounds read due to a missing bounds check. This could lead to remote info... | | |
| CVE-2024-27207 | Exported broadcast receivers allowing malicious apps to bypass broadcast protection.... | | |
| CVE-2024-27208 | there is a possible out of bounds write due to a missing bounds check. This could lead to local esca... | | |
| CVE-2024-27209 | there is a possible out of bounds write due to a heap buffer overflow. This could lead to local esca... | | |
| CVE-2024-27210 | In policy_check of fvp.c, there is a possible out of bounds write due to a missing bounds check. Thi... | | |
| CVE-2024-27211 | In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write due to a missing null check. Thi... | | |
| CVE-2024-27212 | In init_data of , there is a possible out of bounds write due to a missing bounds check. This could ... | | |
| CVE-2024-27213 | In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remote Code Execution due to a use ... | | |
| CVE-2024-27215 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1709. Reason: This candidate... | R | |
| CVE-2024-27217 | MSDP has a use after free vulnerability | | |
| CVE-2024-27218 | In update_freq_data of , there is a possible out of bounds read due to a missing bounds check. This ... | | |
| CVE-2024-27219 | In tmu_set_pi of tmu.c, there is a possible out of bounds write due to a missing bounds check. This ... | | |
| CVE-2024-27220 | In lpm_req_handler of , there is a possible out of bounds memory access due to a missing bounds chec... | | |
| CVE-2024-27221 | In update_policy_data of , there is a possible out of bounds write due to a missing bounds check. Th... | | |
| CVE-2024-27222 | In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app ... | | |
| CVE-2024-27223 | In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bo... | | |
| CVE-2024-27224 | In strncpy of strncpy.c, there is a possible out of bounds write due to a missing bounds check. This... | | |
| CVE-2024-27225 | In sendHciCommand of bluetooth_hci.cc, there is a possible out of bounds read due to a heap buffer o... | | |
| CVE-2024-27226 | In tmu_config_gov_params of , there is a possible out of bounds write due to a missing bounds check.... | | |
| CVE-2024-27227 | A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues... | | |
| CVE-2024-27228 | there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote cod... | | |
| CVE-2024-27229 | In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref d... | | |
| CVE-2024-27230 | In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cpp, there is a possible out of ... | | |
| CVE-2024-27231 | In tmu_get_tr_stats of tmu.c, there is a possible out of bounds read due to a missing bounds check. ... | | |
| CVE-2024-27232 | In asn1_ec_pkey_parse of asn1_common.c, there is a possible OOB read due to a missing null check. Th... | | |
| CVE-2024-27233 | In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission bypass due to uninitialized data.... | | |
| CVE-2024-27234 | In fvp_set_target of fvp.c, there is a possible out of bounds read due to a missing bounds check. Th... | | |
| CVE-2024-27235 | In plugin_extern_func of , there is a possible out of bounds read due to a missing bounds check. Thi... | | |
| CVE-2024-27236 | In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion. This co... | | |
| CVE-2024-27237 | In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size calculation due to a logic erro... | | |
| CVE-2024-27238 | Zoom Apps and SDKs - Race Condition | | |
| CVE-2024-27239 | Zoom Workplace Apps and SDKs - Divide By Zero | | |
| CVE-2024-27240 | Zoom Apps for Windows - Improper Input Validation | | |
| CVE-2024-27241 | Zoom Apps and SDKs - Improper Input Validation | | |
| CVE-2024-27242 | Zoom Desktop Client for Linux - Cross Site Scripting | | |
| CVE-2024-27243 | Zoom Apps - Buffer Overflow | | |
| CVE-2024-27244 | Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity | | |
| CVE-2024-27245 | Zoom Workplace Apps and SDKs - Buffer Overflow | | |
| CVE-2024-27246 | Zoom Workplace Apps and SDKs - Use After Free | | |
| CVE-2024-27247 | Zoom Desktop Client for macOS - Improper Privilege Management | | |
| CVE-2024-27254 | IBM Db2 for Linux, UNIX and Windows denial of service | | |
| CVE-2024-27255 | IBM MQ Container information disclosure | | |
| CVE-2024-27256 | IBM MQ Operator information disclosure | | |
| CVE-2024-27257 | IBM OpenPages information disclosure | | |
| CVE-2024-27260 | IBM AIX command execution | | |
| CVE-2024-27261 | IBM Storage Defender - Resiliency Service privilege escalation | | |
| CVE-2024-27263 | IBM Sterling B2B Integrator information disclosure | | |
| CVE-2024-27264 | IBM Performance Tools for i privilege escalation | | |
| CVE-2024-27265 | IBM Integration Bus for z/OS cross-site request forgery | S | |
| CVE-2024-27266 | IBM Maximo Application Suite XML external entity injection | S | |
| CVE-2024-27267 | IBM SDK, Java Technology Edition denial of service | | |
| CVE-2024-27268 | IBM WebSphere Application Server Liberty denial of service | | |
| CVE-2024-27269 | IBM QRadar SIEM information disclosure | | |
| CVE-2024-27270 | IBM WebSphere Application Server Liberty cross-site scripting | | |
| CVE-2024-27273 | IBM AIX privilege escalation | | |
| CVE-2024-27275 | IBM i privilege escalation | | |
| CVE-2024-27277 | IBM Storage Protect Plus Server information disclosure | | |
| CVE-2024-27278 | OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. ... | | |
| CVE-2024-27279 | Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3... | | |
| CVE-2024-27280 | A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6... | | |
| CVE-2024-27281 | An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When ... | | |
| CVE-2024-27282 | An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby... | | |
| CVE-2024-27283 | A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application adminis... | | |
| CVE-2024-27284 | cassandra-rs non-idiomatic use of iterators leads to use after free | S | |
| CVE-2024-27285 | YARD's default template vulnerable to Cross-site Scripting in generated frames.html | E S | |
| CVE-2024-27286 | Moving single messages from public to private streams leaves them accessible | | |
| CVE-2024-27287 | ESPHome vulnerable to stored Cross-site Scripting in edit configuration file API | | |
| CVE-2024-27288 | 1Panel open source panel project has an unauthorized vulnerability. | E | |
| CVE-2024-27289 | pgx SQL Injection via Line Comment Creation | | |
| CVE-2024-27290 | Docassemble HTML and javascript injection | | |
| CVE-2024-27291 | Docassemble open redirect | | |
| CVE-2024-27292 | Docassemble unauthorized access through URL manipulation | | |
| CVE-2024-27294 | dp-golang Go installation could be owned by wrong user | S | |
| CVE-2024-27295 | Directus MySQL accent insensitive email matching | E | |
| CVE-2024-27296 | Directus version number disclosure | S | |
| CVE-2024-27297 | Nix Corruption of fixed-output derivations | E S | |
| CVE-2024-27298 | Parse Server literalizeRegexPart SQL Injection | | |
| CVE-2024-27299 | phpMyFAQ SQL Injection at "Save News" | E S | |
| CVE-2024-27300 | phpMyFAQ Stored XSS at user email | E S | |
| CVE-2024-27301 | Privilege Escalation Abusing installer in SupportApp | | |
| CVE-2024-27302 | Authorization Bypass Through User-Controlled Key in go-zero | | |
| CVE-2024-27303 | electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only) | | |
| CVE-2024-27304 | pgx SQL Injection via Protocol Message Size Overflow | | |
| CVE-2024-27305 | SMTP smuggling in aiosmtpd | S | |
| CVE-2024-27306 | aiohttp vulnerable to XSS on index pages for static file handling | | |
| CVE-2024-27307 | JSONata expression can pollute the "Object" prototype | | |
| CVE-2024-27308 | Mio's tokens for named pipes may be delivered after deregistration | | |
| CVE-2024-27309 | Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode | | |
| CVE-2024-27310 | DOS Vulnerability | | |
| CVE-2024-27311 | Arbitrary file writing | | |
| CVE-2024-27312 | Authorization vulnerability in PAM360 | | |
| CVE-2024-27313 | XSS Vulnerability | | |
| CVE-2024-27314 | Stored XSS Vulnerability | | |
| CVE-2024-27315 | Apache Superset: Improper error handling on alerts | | |
| CVE-2024-27316 | Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames | | |
| CVE-2024-27317 | Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification | | |
| CVE-2024-27318 | Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as th... | S | |
| CVE-2024-27319 | Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the... | S | |
| CVE-2024-27320 | An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel... | | |
| CVE-2024-27321 | An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel... | | |
| CVE-2024-27322 | Deserialization of untrusted data can occur in the R statistical programming language, on any versio... | | |
| CVE-2024-27323 | PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability | | |
| CVE-2024-27324 | PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-27325 | PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-27326 | PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-27327 | PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-27328 | PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-27329 | PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-27330 | PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-27331 | PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-27332 | PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-27333 | Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-27334 | Kofax Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-27335 | Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-27336 | Kofax Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-27337 | Kofax Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-27338 | Kofax Power PDF app response Out-Of-Bounds Read Remote Code Execution Vulnerability | | |
| CVE-2024-27339 | Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-27340 | Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-27341 | Kofax Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability | | |
| CVE-2024-27342 | Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | | |
| CVE-2024-27343 | Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-27344 | Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability | | |
| CVE-2024-27345 | Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-27346 | Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2024-27347 | Apache HugeGraph-Hubble: SSRF in Hubble connection page | | |
| CVE-2024-27348 | Apache HugeGraph-Server: Command execution in gremlin | KEV E | |
| CVE-2024-27349 | Apache HugeGraph-Server: Bypass whitelist in Auth mode | | |
| CVE-2024-27350 | Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ... | | |
| CVE-2024-27351 | In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncato... | | |
| CVE-2024-27353 | A memory corruption vulnerability in SdHost and SdMmcDevice in Insyde InsydeH2O kernel 5.2 before 05... | | |
| CVE-2024-27354 | An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An... | | |
| CVE-2024-27355 | An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. Wh... | | |
| CVE-2024-27356 | An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via co... | | |
| CVE-2024-27357 | An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Cli... | | |
| CVE-2024-27358 | An issue was discovered in WithSecure Elements Agent through 23.x for macOS and WithSecure Elements ... | | |
| CVE-2024-27359 | Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infi... | | |
| CVE-2024-27360 | A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Ex... | | |
| CVE-2024-27361 | A vulnerability was discovered in Samsung Mobile Processor Exynos 980, Exynos 990, Exynos 1080, Exyn... | | |
| CVE-2024-27362 | A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, E... | | |
| CVE-2024-27363 | A vulnerability was discovered in Samsung Mobile Processor Exynos 850, Exynos 9610, Exynos 980, Exyn... | | |
| CVE-2024-27364 | An issue was discovered in Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080,... | | |
| CVE-2024-27365 | An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exyn... | | |
| CVE-2024-27366 | An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 85... | | |
| CVE-2024-27367 | An issue was discovered in Samsung Mobile Processor Exynos Wearable Processor Exynos 980, Exynos 850... | | |
| CVE-2024-27368 | An issue was discovered in Samsung Mobile Processor Exynos Mobile Processor, Wearable Processor Exyn... | | |
| CVE-2024-27370 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27371 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27372 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27373 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27374 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27375 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27376 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27377 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27378 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27379 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27380 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27381 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27382 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27383 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27385 | A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Pr... | | |
| CVE-2024-27386 | A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Pr... | | |
| CVE-2024-27387 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380... | | |
| CVE-2024-27388 | SUNRPC: fix some memleaks in gssx_dec_option_array | S | |
| CVE-2024-27389 | pstore: inode: Only d_invalidate() is needed | | |
| CVE-2024-27390 | ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() | | |
| CVE-2024-27391 | wifi: wilc1000: do not realloc workqueue everytime an interface is added | | |
| CVE-2024-27392 | nvme: host: fix double-free of struct nvme_id_ns in ns_update_nuse() | S | |
| CVE-2024-27393 | xen-netfront: Add missing skb_mark_for_recycle | S | |
| CVE-2024-27394 | tcp: Fix Use-After-Free in tcp_ao_connect_init | S | |
| CVE-2024-27395 | net: openvswitch: Fix Use-After-Free in ovs_ct_exit | S | |
| CVE-2024-27396 | net: gtp: Fix Use-After-Free in gtp_dellink | S | |
| CVE-2024-27397 | netfilter: nf_tables: use timestamp to check for set element timeout | | |
| CVE-2024-27398 | Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout | | |
| CVE-2024-27399 | Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout | | |
| CVE-2024-27400 | drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 | | |
| CVE-2024-27401 | firewire: nosy: ensure user_length is taken into account when fetching packet contents | | |
| CVE-2024-27402 | phonet/pep: fix racy skb_queue_empty() use | | |
| CVE-2024-27403 | netfilter: nft_flow_offload: reset dst in route object after setting up flow | | |
| CVE-2024-27404 | mptcp: fix data races on remote_id | | |
| CVE-2024-27405 | usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs | S | |
| CVE-2024-27406 | lib/Kconfig.debug: TEST_IOV_ITER depends on MMU | | |
| CVE-2024-27407 | fs/ntfs3: Fixed overflow check in mi_enum_attr() | S | |
| CVE-2024-27408 | dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup | | |
| CVE-2024-27409 | dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup | | |
| CVE-2024-27410 | wifi: nl80211: reject iftype change with mesh ID change | | |
| CVE-2024-27411 | drm/nouveau: keep DMA buffers required for suspend/resume | | |
| CVE-2024-27412 | power: supply: bq27xxx-i2c: Do not free non existing IRQ | | |
| CVE-2024-27413 | efi/capsule-loader: fix incorrect allocation size | | |
| CVE-2024-27414 | rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back | | |
| CVE-2024-27415 | netfilter: bridge: confirm multicast packets before passing them up the stack | | |
| CVE-2024-27416 | Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST | | |
| CVE-2024-27417 | ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() | | |
| CVE-2024-27418 | net: mctp: take ownership of skb in mctp_local_output | | |
| CVE-2024-27419 | netrom: Fix data-races around sysctl_net_busy_read | | |
| CVE-2024-27420 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-27421 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-27422 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-27423 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-27424 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-27425 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-27426 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-27427 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-27428 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-27429 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-27430 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-27431 | cpumap: Zero-initialise xdp_rxq_info struct before running XDP program | | |
| CVE-2024-27432 | net: ethernet: mtk_eth_soc: fix PPE hanging issue | | |
| CVE-2024-27433 | clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() | S | |
| CVE-2024-27434 | wifi: iwlwifi: mvm: don't set the MFP flag for the GTK | | |
| CVE-2024-27435 | nvme: fix reconnection fail due to reserved tag allocation | | |
| CVE-2024-27436 | ALSA: usb-audio: Stop parsing channels bits when all channels are found. | | |
| CVE-2024-27437 | vfio/pci: Disable auto-enable of exclusive INTx IRQ | S | |
| CVE-2024-27438 | Apache Doris: Downloading arbitrary remote jar files resulting in remote command execution | | |
| CVE-2024-27439 | Apache Wicket: Possible bypass of CSRF protection | | |
| CVE-2024-27440 | The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android... | | |
| CVE-2024-27441 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-27442 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a comp... | | |
| CVE-2024-27443 | An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vul... | KEV | |
| CVE-2024-27444 | langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to ... | | |
| CVE-2024-27447 | pretix before 2024.1.1 mishandles file validation.... | | |
| CVE-2024-27448 | MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail a... | | |
| CVE-2024-27453 | In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP... | | |
| CVE-2024-27454 | orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents.... | | |
| CVE-2024-27455 | In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's A... | | |
| CVE-2024-27456 | rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files.... | | |
| CVE-2024-27457 | Improper check for unusual or exceptional conditions in Intel(R) TDX Module firmware before version ... | | |
| CVE-2024-27458 | HP Hotkey Support – Escalation of Privilege | | |
| CVE-2024-27459 | The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack... | | |
| CVE-2024-27460 | A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.... | | |
| CVE-2024-27461 | Incorrect default permissions in software installer for Intel(R) MAS (GUI) may allow an authenticate... | | |
| CVE-2024-27462 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-27474 | Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicio... | E | |
| CVE-2024-27476 | Leantime 3.0.6 is vulnerable to HTML Injection via /dashboard/show#/tickets/newTicket.... | E | |
| CVE-2024-27477 | In Leantime 3.0.6, a Cross-Site Scripting vulnerability exists within the ticket creation and modifi... | E | |
| CVE-2024-27488 | Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attacke... | | |
| CVE-2024-27489 | An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a cr... | | |
| CVE-2024-27497 | Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.... | | |
| CVE-2024-27499 | Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in prod... | E | |
| CVE-2024-27507 | libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.... | E | |
| CVE-2024-27508 | Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c.... | E | |
| CVE-2024-27515 | Osclass 5.1.2 is vulnerable to SQL Injection.... | E | |
| CVE-2024-27516 | Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote at... | S | |
| CVE-2024-27517 | Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attackers can create blogs containing... | E | |
| CVE-2024-27518 | An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to ... | | |
| CVE-2024-27521 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote command ... | | |
| CVE-2024-27524 | Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate pri... | E S | |
| CVE-2024-27525 | Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate pri... | E S | |
| CVE-2024-27527 | wasm3 139076a is vulnerable to Denial of Service (DoS).... | | |
| CVE-2024-27528 | wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution.... | | |
| CVE-2024-27529 | wasm3 139076a contains memory leaks in Read_utf8.... | | |
| CVE-2024-27530 | wasm3 139076a contains a Use-After-Free in ForEachModule.... | | |
| CVE-2024-27532 | wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Der... | | |
| CVE-2024-27536 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-27537 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-27558 | Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting (XSS) within the blog title of the set... | E | |
| CVE-2024-27559 | Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the compo... | E | |
| CVE-2024-27561 | A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.... | E | |
| CVE-2024-27563 | A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows atta... | E | |
| CVE-2024-27564 | pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE... | E M | |
| CVE-2024-27565 | A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows ... | E M | |
| CVE-2024-27567 | LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpn_client_ip parameter ... | E | |
| CVE-2024-27568 | LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apn_name_3g parameter in ... | E | |
| CVE-2024-27569 | LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in th... | E | |
| CVE-2024-27570 | LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in th... | E | |
| CVE-2024-27571 | LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in th... | E | |
| CVE-2024-27572 | LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in th... | E | |
| CVE-2024-27574 | SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obt... | | |
| CVE-2024-27575 | INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary file... | | |
| CVE-2024-27592 | Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitr... | | |
| CVE-2024-27593 | A stored cross-site scripting (XSS) vulnerability in the Filter function of Eramba Version 3.22.3 Co... | | |
| CVE-2024-27602 | Alldata V0.4.6 is vulnerable to Incorrect Access Control. A total of many modules interface document... | | |
| CVE-2024-27604 | Alldata V0.4.6 is vulnerable to Command execution vulnerability. System commands can be deserialized... | | |
| CVE-2024-27605 | Alldata V0.4.6 is vulnerable to Insecure Permissions. Using users (test) can query information about... | | |
| CVE-2024-27609 | Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel.... | | |
| CVE-2024-27612 | Numbas editor before 7.3 mishandles editing of themes and extensions.... | | |
| CVE-2024-27613 | Numbas editor before 7.3 mishandles reading of themes and extensions.... | | |
| CVE-2024-27619 | Dlink Dir-3040us A1 1.20b03a hotfix is vulnerable to Buffer Overflow. Any user having read/write acc... | | |
| CVE-2024-27620 | An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information vi... | | |
| CVE-2024-27622 | A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Mad... | E | |
| CVE-2024-27623 | CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerabi... | E | |
| CVE-2024-27625 | CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resid... | E | |
| CVE-2024-27626 | A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. T... | | |
| CVE-2024-27627 | A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing rem... | | |
| CVE-2024-27628 | Buffer Overflow vulnerability in DCMTK v.3.6.8 allows an attacker to execute arbitrary code via the ... | | |
| CVE-2024-27629 | An issue in dc2niix before v.1.0.20240202 allows a local attacker to execute arbitrary code via the ... | | |
| CVE-2024-27630 | Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to ... | | |
| CVE-2024-27631 | Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to... | | |
| CVE-2024-27632 | An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the for... | | |
| CVE-2024-27655 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter... | E | |
| CVE-2024-27656 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. Th... | E | |
| CVE-2024-27657 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter... | E | |
| CVE-2024-27658 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). Thi... | E | |
| CVE-2024-27659 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). Thi... | E | |
| CVE-2024-27660 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). T... | E | |
| CVE-2024-27661 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). Thi... | E | |
| CVE-2024-27662 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). T... | E | |
| CVE-2024-27665 | Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in ... | | |
| CVE-2024-27668 | Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.'... | E | |
| CVE-2024-27673 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-27674 | Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M) access to the "%PROGRAMFILES(X86)%\Grass... | | |
| CVE-2024-27680 | Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form."... | E | |
| CVE-2024-27683 | D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function h... | | |
| CVE-2024-27684 | A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama... | | |
| CVE-2024-27689 | Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-a... | E | |
| CVE-2024-27692 | Rejected reason: * REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-22939. Reason: T... | R | |
| CVE-2024-27694 | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /sys... | E | |
| CVE-2024-27698 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-27703 | Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary c... | E | |
| CVE-2024-27705 | Cross Site Scripting vulnerability in Leantime v3.0.6 allows attackers to execute arbitrary code via... | E | |
| CVE-2024-27706 | Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary ... | | |
| CVE-2024-27707 | Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows att... | | |
| CVE-2024-27709 | SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitra... | | |
| CVE-2024-27710 | An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker... | | |
| CVE-2024-27711 | An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker... | | |
| CVE-2024-27712 | An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker... | | |
| CVE-2024-27713 | An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker... | | |
| CVE-2024-27715 | An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker... | | |
| CVE-2024-27716 | Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker ... | | |
| CVE-2024-27717 | Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and... | | |
| CVE-2024-27718 | SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local ... | | |
| CVE-2024-27719 | A cross site scripting (XSS) vulnerability in rems FAQ Management System v.1.0 allows a remote attac... | | |
| CVE-2024-27728 | Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensiti... | | |
| CVE-2024-27729 | Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensiti... | E | |
| CVE-2024-27730 | Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensiti... | | |
| CVE-2024-27731 | Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensiti... | | |
| CVE-2024-27733 | File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attack... | | |
| CVE-2024-27734 | A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code... | E | |
| CVE-2024-27743 | Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to exe... | E | |
| CVE-2024-27744 | Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to exe... | E | |
| CVE-2024-27746 | SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute ar... | E | |
| CVE-2024-27747 | File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbi... | E | |
| CVE-2024-27752 | Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary ... | E | |
| CVE-2024-27756 | GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a craft... | | |
| CVE-2024-27757 | flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that... | E | |
| CVE-2024-27758 | In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a ... | | |
| CVE-2024-27763 | XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "... | | |
| CVE-2024-27764 | An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInte... | E | |
| CVE-2024-27765 | Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sens... | E | |
| CVE-2024-27766 | An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_s... | | |
| CVE-2024-27767 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-287: Improper Authentication | S | |
| CVE-2024-27768 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-22: 'Path Traversal' | S | |
| CVE-2024-27769 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2024-27770 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-23: Relative Path Traversal | S | |
| CVE-2024-27771 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-22: 'Path Traversal' | S | |
| CVE-2024-27772 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-78: 'OS Command Injection' | S | |
| CVE-2024-27773 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-348: Use of Less Trusted Source | S | |
| CVE-2024-27774 | Unitronics Unistream Unilogic – Versions prior to 1.35.227 CWE-259: Use of Hard-coded Password | S | |
| CVE-2024-27775 | SysAid - CWE-918: Server-Side Request Forgery (SSRF) | S | |
| CVE-2024-27776 | MileSight DeviceHub - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | | |
| CVE-2024-27778 | An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Forti... | S | |
| CVE-2024-27780 | Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulner... | S | |
| CVE-2024-27781 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet ... | S | |
| CVE-2024-27782 | Multiple insufficient session expiration vulnerabilities [CWE-613] in FortiAIOps version 2.0.0 may ... | S | |
| CVE-2024-27783 | Multiple cross-site request forgery (CSRF) vulnerabilities [CWE-352] in FortiAIOps version 2.0.0 ma... | S | |
| CVE-2024-27784 | Multiple Exposure of sensitive information to an unauthorized actor vulnerabilities [CWE-200] in For... | S | |
| CVE-2024-27785 | An improper neutralization of formula elements in a CSV File vulnerability [CWE-1236] in FortiAIOps ... | S | |
| CVE-2024-27789 | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.... | | |
| CVE-2024-27790 | Claris International has resolved an issue of potentially allowing unauthorized access to records st... | | |
| CVE-2024-27791 | The issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, tvOS ... | | |
| CVE-2024-27792 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in mac... | | |
| CVE-2024-27793 | The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Par... | | |
| CVE-2024-27794 | Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vu... | | |
| CVE-2024-27795 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2024-27796 | The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS... | | |
| CVE-2024-27798 | An authorization issue was addressed with improved state management. This issue is fixed in macOS So... | | |
| CVE-2024-27799 | This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.... | | |
| CVE-2024-27800 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.6.... | | |
| CVE-2024-27801 | The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17... | | |
| CVE-2024-27802 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ven... | | |
| CVE-2024-27803 | A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPad... | | |
| CVE-2024-27804 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17... | | |
| CVE-2024-27805 | An issue was addressed with improved validation of environment variables. This issue is fixed in mac... | | |
| CVE-2024-27806 | This issue was addressed with improved environment sanitization. This issue is fixed in macOS Ventur... | | |
| CVE-2024-27807 | The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, iOS 1... | | |
| CVE-2024-27808 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, visionOS 1.... | | |
| CVE-2024-27809 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2024-27810 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iP... | | |
| CVE-2024-27811 | The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17... | | |
| CVE-2024-27812 | The issue was addressed with improvements to the file handling protocol. This issue is fixed in visi... | | |
| CVE-2024-27813 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may b... | | |
| CVE-2024-27814 | This issue was addressed through improved state management. This issue is fixed in watchOS 10.5. A p... | | |
| CVE-2024-27815 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tv... | | |
| CVE-2024-27816 | A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, t... | | |
| CVE-2024-27817 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.7, macOS Mon... | | |
| CVE-2024-27818 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17... | | |
| CVE-2024-27819 | The issue was addressed by restricting options offered on a locked device. This issue is fixed in iO... | | |
| CVE-2024-27820 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 ... | | |
| CVE-2024-27821 | A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iP... | | |
| CVE-2024-27822 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.5. An... | | |
| CVE-2024-27823 | A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14.5, iOS ... | | |
| CVE-2024-27824 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.5. ... | | |
| CVE-2024-27825 | A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing res... | | |
| CVE-2024-27826 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.8, ... | | |
| CVE-2024-27827 | This issue was addressed through improved state management. This issue is fixed in macOS Sonoma 14.5... | | |
| CVE-2024-27828 | The issue was addressed with improved memory handling. This issue is fixed in visionOS 1.2, watchOS ... | | |
| CVE-2024-27829 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Pro... | | |
| CVE-2024-27830 | This issue was addressed through improved state management. This issue is fixed in tvOS 17.5, vision... | | |
| CVE-2024-27831 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in ma... | | |
| CVE-2024-27832 | The issue was addressed with improved checks. This issue is fixed in tvOS 17.5, visionOS 1.2, iOS 17... | | |
| CVE-2024-27833 | An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 17.5, ... | | |
| CVE-2024-27834 | The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS ... | | |
| CVE-2024-27835 | This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPad... | | |
| CVE-2024-27836 | The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5... | | |
| CVE-2024-27837 | A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in ma... | | |
| CVE-2024-27838 | The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and... | | |
| CVE-2024-27839 | A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixe... | | |
| CVE-2024-27840 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6.7, ... | | |
| CVE-2024-27841 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17... | | |
| CVE-2024-27842 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may b... | | |
| CVE-2024-27843 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app m... | | |
| CVE-2024-27844 | The issue was addressed with improved checks. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5... | | |
| CVE-2024-27845 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in iOS ... | | |
| CVE-2024-27847 | This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS... | | |
| CVE-2024-27848 | This issue was addressed with improved permissions checking. This issue is fixed in macOS Sonoma 14.... | | |
| CVE-2024-27849 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2024-27850 | This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in ... | | |
| CVE-2024-27851 | The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2,... | | |
| CVE-2024-27852 | A privacy issue was addressed with improved client ID handling for alternative app marketplaces. Thi... | | |
| CVE-2024-27853 | This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. A malicious... | | |
| CVE-2024-27855 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, macOS Ventur... | | |
| CVE-2024-27856 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 a... | | |
| CVE-2024-27857 | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in vi... | | |
| CVE-2024-27858 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia... | | |
| CVE-2024-27859 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17... | | |
| CVE-2024-27860 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An a... | | |
| CVE-2024-27861 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An a... | | |
| CVE-2024-27862 | A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.6... | | |
| CVE-2024-27863 | An information disclosure issue was addressed with improved private data redaction for log entries. ... | | |
| CVE-2024-27867 | An authentication issue was addressed with improved state management. This issue is fixed in AirPods... | | |
| CVE-2024-27869 | The issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Seq... | | |
| CVE-2024-27871 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14... | | |
| CVE-2024-27872 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 1... | | |
| CVE-2024-27873 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iO... | | |
| CVE-2024-27874 | This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS... | | |
| CVE-2024-27875 | A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.... | | |
| CVE-2024-27876 | A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7, iOS... | | |
| CVE-2024-27877 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6, mac... | | |
| CVE-2024-27878 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS So... | | |
| CVE-2024-27879 | The issue was addressed with improved bounds checks. This issue is fixed in iOS 17.7 and iPadOS 17.7... | | |
| CVE-2024-27880 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS... | | |
| CVE-2024-27881 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fi... | | |
| CVE-2024-27882 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma ... | | |
| CVE-2024-27883 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma ... | | |
| CVE-2024-27884 | This issue was addressed with a new entitlement. This issue is fixed in macOS Sonoma 14.5, watchOS 1... | | |
| CVE-2024-27885 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sonoma 1... | | |
| CVE-2024-27886 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4. An... | | |
| CVE-2024-27887 | A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14... | | |
| CVE-2024-27888 | A permissions issue was addressed by removing vulnerable code and adding additional checks. This iss... | | |
| CVE-2024-27889 | Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). | S | |
| CVE-2024-27894 | Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying | | |
| CVE-2024-27895 | Vulnerability of permission control in the window module. Successful exploitation of this vulnerabil... | | |
| CVE-2024-27896 | Input verification vulnerability in the log module. Impact: Successful exploitation of this vulnerab... | | |
| CVE-2024-27897 | Input verification vulnerability in the call module. Impact: Successful exploitation of this vulnera... | | |
| CVE-2024-27898 | Server-Side Request Forgery in SAP NetWeaver | | |
| CVE-2024-27899 | Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine | | |
| CVE-2024-27900 | Missing Authorization check in SAP ABAP Platform | | |
| CVE-2024-27901 | Directory Traversal vulnerability in SAP Asset Accounting | | |
| CVE-2024-27902 | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI) | | |
| CVE-2024-27903 | OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which... | | |
| CVE-2024-27905 | Apache Aurora: padding oracle can allow construction an authentication cookie | | |
| CVE-2024-27906 | Apache Airflow: Dag Code and Import Error Permissions Ignored | S | |
| CVE-2024-27907 | A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected app... | | |
| CVE-2024-27908 | A buffer overflow vulnerability was reported in the HTTPS service of some Lenovo Printers that could... | S | |
| CVE-2024-27909 | A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that cou... | S | |
| CVE-2024-27910 | A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to... | S | |
| CVE-2024-27911 | A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to... | S | |
| CVE-2024-27912 | A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker ... | S | |
| CVE-2024-27913 | ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause ... | S | |
| CVE-2024-27914 | Reflected Cross-Site Scripting (XSS) in search engine when debug mode is enabled in GLPI | S | |
| CVE-2024-27915 | Sulu grants access to pages regardless of role permissions | S | |
| CVE-2024-27916 | `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user | | |
| CVE-2024-27917 | Shopware's session is persistent in Cache for 404 pages | | |
| CVE-2024-27918 | Coder's OIDC authentication allows email with partially matching domain to register | | |
| CVE-2024-27919 | HTTP/2: memory exhaustion due to CONTINUATION frame flood | | |
| CVE-2024-27920 | Unsigned code template execution through workflows in projectdiscovery/nuclei | | |
| CVE-2024-27921 | Grav File Upload Path Traversal vulnerability | E S | |
| CVE-2024-27922 | HTTP Handling Vulnerability in the Bare server | | |
| CVE-2024-27923 | Remote Code Execution by uploading a phar file using frontmatter | E S | |
| CVE-2024-27926 | RSSHub Cross-site Scripting vulnerability caused by internal media proxy | | |
| CVE-2024-27927 | RSSHub vulnerable to SSRF in /mastodon, /zjoi, and /m4 | | |
| CVE-2024-27929 | Use After Free in SixLabors.ImageSharp | E | |
| CVE-2024-27930 | Sensitive fields access through dropdowns in GLPI | E S | |
| CVE-2024-27931 | Insufficient permission checking in `Deno.makeTemp*` APIs | E | |
| CVE-2024-27932 | Deno's improper suffix match testing for DENO_AUTH_TOKENS | E S | |
| CVE-2024-27933 | Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass | E S | |
| CVE-2024-27934 | *const c_void / ExternalPointer unsoundness leading to use-after-free | E | |
| CVE-2024-27935 | Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination | E S | |
| CVE-2024-27936 | Deno interactive permission prompt spoofing via improper ANSI stripping | E S | |
| CVE-2024-27937 | glpi Users emails enumeration | E S | |
| CVE-2024-27938 | SMTP Smuggling in Postal | E S | |
| CVE-2024-27939 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected system... | | |
| CVE-2024-27940 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected system... | | |
| CVE-2024-27941 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected client... | | |
| CVE-2024-27942 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected system... | | |
| CVE-2024-27943 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected system... | | |
| CVE-2024-27944 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected system... | | |
| CVE-2024-27945 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The bulk import fea... | | |
| CVE-2024-27946 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). Downloading files o... | | |
| CVE-2024-27947 | A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected system... | | |
| CVE-2024-27948 | WordPress Atahualpa Theme <= 3.7.24 is vulnerable to Cross Site Request Forgery (CSRF) | | |
| CVE-2024-27949 | WordPress Sirv Plugin <= 7.2.0 is vulnerable to Server Side Request Forgery (SSRF) | S | |
| CVE-2024-27950 | WordPress Sirv Plugin <= 7.2.0 is vulnerable to Broken Access Control | S | |
| CVE-2024-27951 | WordPress Multiple Page Generator Plugin <= 3.4.0 - Auth. Remote Code Execution (RCE) vulnerability | S | |
| CVE-2024-27952 | WordPress Advanced Sermons plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27953 | WordPress Cryptocurrency Widgets – Price Ticker & Coins List Plugin <= 2.6.8 is vulnerable to Broken Access Control | S | |
| CVE-2024-27954 | WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary File Download and SSRF vulnerability | S | |
| CVE-2024-27955 | WordPress Automatic plugin <= 3.92.0 - CSRF to Privilege Escalation vulnerability | S | |
| CVE-2024-27956 | WordPress Automatic plugin <= 3.92.0 - Unauthenticated Arbitrary SQL Execution vulnerability | S | |
| CVE-2024-27957 | WordPress Pie Register plugin <= 3.8.3.1 - Unauthenticated Arbitrary File Upload vulnerability | | |
| CVE-2024-27958 | WordPress Visualizer plugin <= 3.10.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27959 | WordPress APIExperts Square for WooCommerce plugin <= 4.2.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27960 | WordPress Email Subscription Popup plugin <= 1.2.20 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27961 | WordPress AntiSpam for Contact Form 7 plugin <= 0.6.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27962 | WordPress wp-mpdf plugin <= 3.7.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27963 | WordPress Crisp – Live Chat and Chatbot plugin <= 0.44 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27964 | WordPress Zippy plugin <= 1.6.9 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-27965 | WordPress WPFunnels plugin <= 3.0.6 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27966 | WordPress Quiz And Survey Master plugin <= 8.2.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27967 | WordPress DSGVO All in one for WP plugin <= 4.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-27968 | WordPress Super Page Cache for Cloudflare plugin <= 4.7.5 - Cross Site Request Forgery (CSRF) to XSS vulnerability | S | |
| CVE-2024-27969 | WordPress Free Downloads WooCommerce plugin <= 3.5.8.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27970 | WordPress WP SendFox plugin <= 1.3.0 - Broken Access Control vulnerability | S | |
| CVE-2024-27971 | WordPress Premmerce Permalink Manager for WooCommerce plugin <= 2.3.10 - Local File Inclusion vulnerability | S | |
| CVE-2024-27972 | WordPress WP Fusion Lite plugin <= 3.41.24 - Auth. Remote Code Execution (RCE) vulnerability | S | |
| CVE-2024-27974 | Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Se... | | |
| CVE-2024-27975 | An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 all... | | |
| CVE-2024-27976 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote aut... | | |
| CVE-2024-27977 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote aut... | | |
| CVE-2024-27978 | A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before ... | | |
| CVE-2024-27980 | Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a mali... | | |
| CVE-2024-27981 | A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Ne... | | |
| CVE-2024-27982 | The team has identified a critical vulnerability in the http server of the most recent version of No... | | |
| CVE-2024-27983 | An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of H... | | |
| CVE-2024-27984 | A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote aut... | | |
| CVE-2024-27985 | WordPress PropertyHive plugin <= 2.0.9 - PHP Object Injection vulnerability | S | |
| CVE-2024-27986 | WordPress Livemesh Addons for Elementor Plugin <= 8.3.5 is vulnerable to Cross Site Scripting (XSS) | S | |
| CVE-2024-27987 | WordPress Give plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27988 | WordPress WEN Responsive Columns plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27989 | WordPress WP Responsive Tabs horizontal vertical and accordion Tabs plugin <= 1.1.17 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27990 | WordPress The Moneytizer plugin <= 9.5.20 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27991 | WordPress SupportCandy plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27992 | WordPress Link Whisper Free plugin <= 0.6.8 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27993 | WordPress Calendarista Basic Edition plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27994 | WordPress YITH WooCommerce Product Add-Ons plugin <= 4.5.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27995 | WordPress ARMember plugin <= 4.0.23 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27996 | WordPress Survey Maker plugin <= 4.0.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27997 | WordPress Visual Composer plugin <= 45.6.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27998 | WordPress Barcode Scanner and Inventory manager plugin <= 1.5.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-27999 | WordPress Preview E-mails for WooCommerce plugin <= 2.2.1 - Reflected Cross Site Scripting (XSS) vulnerability | S |