| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-35009 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35010 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35011 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35012 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35039 | idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php... | E | |
| CVE-2024-35048 | An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user chang... | E | |
| CVE-2024-35049 | SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomple... | E | |
| CVE-2024-35050 | An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of... | E | |
| CVE-2024-35056 | NASA AIT-Core v2.5.2 was discovered to contain multiple SQL injection vulnerabilities via the query_... | | |
| CVE-2024-35057 | An issue in NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code via a crafted packet.... | | |
| CVE-2024-35058 | An issue in the API wait function of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary code... | | |
| CVE-2024-35059 | An issue in the Pickle Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary ... | | |
| CVE-2024-35060 | An issue in the YAML Python library of NASA AIT-Core v2.5.2 allows attackers to execute arbitrary co... | | |
| CVE-2024-35061 | NASA AIT-Core v2.5.2 was discovered to use unencrypted channels to exchange data over the network, a... | | |
| CVE-2024-35079 | An arbitrary file upload vulnerability in the uploadAudio method of inxedu v2024.4 allows attackers ... | | |
| CVE-2024-35080 | An arbitrary file upload vulnerability in the gok4 method of inxedu v2024.4 allows attackers to exec... | | |
| CVE-2024-35081 | LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary file deletion vulnerability via the file... | | |
| CVE-2024-35082 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in... | | |
| CVE-2024-35083 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in... | | |
| CVE-2024-35084 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in... | | |
| CVE-2024-35085 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in... | | |
| CVE-2024-35086 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in... | E | |
| CVE-2024-35090 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in... | | |
| CVE-2024-35091 | J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in... | | |
| CVE-2024-35099 | TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password pa... | | |
| CVE-2024-35102 | Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv-m8105) 8.6.2-1 allows a remote... | | |
| CVE-2024-35106 | NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer overflow at /boafrm/formIpQoS. Th... | | |
| CVE-2024-35108 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35109 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePr... | E | |
| CVE-2024-35110 | A reflected XSS vulnerability has been found in YzmCMS 7.1. The vulnerability exists in yzmphp/core/... | | |
| CVE-2024-35111 | IBM Control Center information disclosure | | |
| CVE-2024-35112 | IBM Control Center cross-site scripting | | |
| CVE-2024-35113 | IBM Control Center information disclosure | | |
| CVE-2024-35114 | IBM Control Center information disclosure | | |
| CVE-2024-35116 | IBM MQ denial of service | | |
| CVE-2024-35117 | IBM OpenPages with Watson information disclosure | | |
| CVE-2024-35118 | IBM MaaS360 information disclosure | | |
| CVE-2024-35119 | IBM InfoSphere Information Server information disclosure | | |
| CVE-2024-35122 | IBM i denial of service | | |
| CVE-2024-35124 | IBM OpenBMC authentication bypass | | |
| CVE-2024-35133 | IBM Security Verify Access HTTP open redirect | | |
| CVE-2024-35134 | IBM Analytics Content Hub information disclosure | | |
| CVE-2024-35136 | IBM Db2 denial of service | | |
| CVE-2024-35137 | IBM Security Access Manager Docker information disclosure | | |
| CVE-2024-35138 | IBM Security Verify Access cross-site request forgery | | |
| CVE-2024-35139 | IBM Security Access Manager Docker information disclosure | | |
| CVE-2024-35140 | IBM Security Verify Access privilege escalation | | |
| CVE-2024-35141 | IBM Security Verify Access privilege escalation | | |
| CVE-2024-35142 | IBM Security Verify Access privilege escalation | | |
| CVE-2024-35143 | IBM Planning Analytics Local missing authentication | | |
| CVE-2024-35144 | IBM Maximo Application Suite information disclosure | | |
| CVE-2024-35145 | IBM Maximo Application Suite cross-site scripting | | |
| CVE-2024-35146 | IBM Maximo Application Suite cross-site scripting | | |
| CVE-2024-35148 | IBM Maximo Application Suite SQL injection | | |
| CVE-2024-35150 | IBM Maximo Application Suite log manipulation | | |
| CVE-2024-35151 | IBM OpenPages information disclosure | | |
| CVE-2024-35152 | IBM Db2 denial of service | | |
| CVE-2024-35153 | IBM WebSphere Application Server cross-site scripting | | |
| CVE-2024-35154 | IBM WebSphere Application Server code execution | | |
| CVE-2024-35155 | IBM MQ information disclosure | | |
| CVE-2024-35156 | IBM MQ information disclosure | | |
| CVE-2024-35160 | IBM Watson Query on Cloud Pak for Data and IBM Db2 Big SQL on Cloud Pak for Data information disclosure | | |
| CVE-2024-35161 | Apache Traffic Server: Incomplete check for chunked trailer section allows request smuggling | | |
| CVE-2024-35162 | Path traversal vulnerability exists in Download Plugins and Themes from Dashboard versions prior to ... | | |
| CVE-2024-35165 | WordPress Gutenify plugin <= 1.4.0 - Sensitive Data Exposure via API vulnerability | S | |
| CVE-2024-35166 | WordPress FileBird – WordPress Media Library Folders & File Manager plugin <= 5.6.3 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-35167 | WordPress Envo's Elementor Templates & Widgets for WooCommerce plugin <=1.4.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35168 | WordPress WP Discourse plugin <= 2.5.1 - Broken Access Control vulnerability | S | |
| CVE-2024-35169 | WordPress All Bootstrap Blocks plugin <= 1.3.15 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35170 | WordPress Sticky banner plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35171 | WordPress Academy LMS plugin <= 1.9.25 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-35172 | WordPress ShortPixel Adaptive Images plugin <= 3.8.3 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2024-35173 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-35174 | WordPress Flo Forms plugin <= 1.0.42 - Broken Access Control vulnerability | | |
| CVE-2024-35175 | sshpiper's Enabling of Proxy Protocol without proper feature flagging allows faking source address | | |
| CVE-2024-35176 | REXML contains a denial of service vulnerability | | |
| CVE-2024-35177 | Improper Access Control in wazuh-agent | | |
| CVE-2024-35178 | Jupyter server on Windows discloses Windows user password hash | S | |
| CVE-2024-35179 | Unprivileged Stalwart Mail Server user can read files as root | | |
| CVE-2024-35180 | OMERO.web JSONP callback vulnerability | | |
| CVE-2024-35181 | GHSL-2024-013 Meshery SQL Injection vulnerability | | |
| CVE-2024-35182 | GHSL-2024-014 Meshery SQL Injection vulnerability | | |
| CVE-2024-35183 | wolfictl leaks GitHub tokens to remote non-GitHub git servers | | |
| CVE-2024-35184 | paperless-ngx's remote user auth via header works even when disabling it for API | | |
| CVE-2024-35185 | Denial of service of Minder Server with attacker-controlled REST endpoint | | |
| CVE-2024-35186 | gix traversal outside working tree enables arbitrary code execution | | |
| CVE-2024-35187 | Stalwart Mail Server has privilege escalation by design | | |
| CVE-2024-35189 | Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints in Fides | | |
| CVE-2024-35190 | Asterisk' res_pjsip_endpoint_identifier_ip: wrongly matches ALL unauthorized SIP requests | | |
| CVE-2024-35191 | verbb/formie Server-Side Template Injection for variable-enabled settings | | |
| CVE-2024-35192 | Trivy possibly leaks registry credential when scanning images from malicious registries | | |
| CVE-2024-35194 | Stacklok Minder vulnerable to denial of service from maliciously crafted templates | | |
| CVE-2024-35195 | Requests `Session` object does not verify requests after making first request with verify=False | | |
| CVE-2024-35196 | Slack integration leaks sensitive information in logs in Sentry | | |
| CVE-2024-35197 | gix refs and paths with reserved Windows device names access the devices | | |
| CVE-2024-35198 | TorchServe bypass allowed_urls configuration | | |
| CVE-2024-35199 | TorchServe gRPC Port Exposure | | |
| CVE-2024-35200 | NGINX HTTP/3 QUIC vulnerability | | |
| CVE-2024-35201 | Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow a... | | |
| CVE-2024-35202 | Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-hand... | S | |
| CVE-2024-35204 | Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery... | | |
| CVE-2024-35205 | The WPS Office (aka cn.wps.moffice_eng) application before 17.0.0 for Android fails to properly sani... | | |
| CVE-2024-35206 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | S | |
| CVE-2024-35207 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | S | |
| CVE-2024-35208 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | S | |
| CVE-2024-35209 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | S | |
| CVE-2024-35210 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | S | |
| CVE-2024-35211 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | S | |
| CVE-2024-35212 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V... | S | |
| CVE-2024-35213 | Vulnerability in SGI Image Codec Impacts BlackBerry QNX Software Development Platform (SDP) | | |
| CVE-2024-35214 | Vulnerability in CylanceOPTICS Windows Installer Package Impacts CylanceOPTICS for Windows | | |
| CVE-2024-35215 | NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Dev... | | |
| CVE-2024-35218 | Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane | S | |
| CVE-2024-35219 | OpenAPI Generator Online - Arbitrary File Read/Delete | | |
| CVE-2024-35220 | @fastify/session reuses destroyed session cookie | | |
| CVE-2024-35221 | Denial of service when publishing a package on rubygems.org | | |
| CVE-2024-35222 | iFrames Bypass Origin Checks for Tauri API Access Control | | |
| CVE-2024-35223 | Dapr API Token Exposure | | |
| CVE-2024-35224 | Stored Cross-Site Scripting (XSS) in OpenProject | | |
| CVE-2024-35225 | Jupyter Server Proxy has a reflected XSS issue in host parameter | S | |
| CVE-2024-35226 | PHP Code Injection by malicious attribute in extends-tag in Smarty | | |
| CVE-2024-35227 | Discourse vulnerable to DoS through Onebox | | |
| CVE-2024-35228 | Improper Handling of Insufficient Permissions in Wagtail | | |
| CVE-2024-35229 | ZKsync Era evaluation order of Yul function arguments | | |
| CVE-2024-35230 | Welcome and About GeoServer pages communicate version and revision information | E | |
| CVE-2024-35231 | rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter | | |
| CVE-2024-35232 | github.com/huandu/facebook may expose access_token in error message | | |
| CVE-2024-35234 | Discourse vulnerable to stored-dom XSS via Facebook Oneboxes | S | |
| CVE-2024-35235 | Cupsd Listen arbitrary chmod 0140777 | | |
| CVE-2024-35236 | Audiobookshelf Cross-Site-Scripting vulnerability via crafted ebooks | | |
| CVE-2024-35237 | MIT IdentiBot User-Kerberos Mapping Publicly Available | | |
| CVE-2024-35238 | Denial of service of Minder Server from maliciously crafted GitHub attestations | | |
| CVE-2024-35239 | Stored Cross-site Scripting on Components of Umbraco Forms | | |
| CVE-2024-35240 | Stored Cross-site Scripting on Print Functionality in Umbraco Commerce | | |
| CVE-2024-35241 | Composer vulnerable to command injection via malicious git branch name | | |
| CVE-2024-35242 | Composer vulnerable to command injection via malicious git/hg branch names | | |
| CVE-2024-35244 | There are several hidden accounts. Some of them are intended for maintenance engineers, and with the... | | |
| CVE-2024-35245 | Uncontrolled search path element in some Intel(R) PROSet/Wireless WiFi software for Windows before v... | | |
| CVE-2024-35246 | Westermo L210-F2G Lynx Improper Control of Interaction Frequency | M | |
| CVE-2024-35247 | fpga: region: add owner module and take its refcount | S | |
| CVE-2024-35248 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | S | |
| CVE-2024-35249 | Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability | S | |
| CVE-2024-35250 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | KEV S | |
| CVE-2024-35252 | Azure Storage Movement Client Library Denial of Service Vulnerability | S | |
| CVE-2024-35253 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | S | |
| CVE-2024-35254 | Azure Monitor Agent Elevation of Privilege Vulnerability | S | |
| CVE-2024-35255 | Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | S | |
| CVE-2024-35256 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | S | |
| CVE-2024-35260 | Microsoft Dataverse Remote Code Execution Vulnerability | | |
| CVE-2024-35261 | Azure Network Watcher VM Extension Elevation of Privilege Vulnerability | S | |
| CVE-2024-35263 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | S | |
| CVE-2024-35264 | .NET and Visual Studio Remote Code Execution Vulnerability | S | |
| CVE-2024-35265 | Windows Perception Service Elevation of Privilege Vulnerability | S | |
| CVE-2024-35266 | Azure DevOps Server Spoofing Vulnerability | S | |
| CVE-2024-35267 | Azure DevOps Server Spoofing Vulnerability | S | |
| CVE-2024-35270 | Windows iSCSI Service Denial of Service Vulnerability | S | |
| CVE-2024-35271 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | S | |
| CVE-2024-35272 | SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | S | |
| CVE-2024-35273 | A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.... | S | |
| CVE-2024-35274 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE... | S | |
| CVE-2024-35275 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet F... | S | |
| CVE-2024-35276 | A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through ... | S | |
| CVE-2024-35277 | A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15,... | S | |
| CVE-2024-35278 | A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet F... | S | |
| CVE-2024-35279 | A stack-based buffer overflow [CWE-121] vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.... | S | |
| CVE-2024-35280 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet F... | S | |
| CVE-2024-35281 | An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.... | S | |
| CVE-2024-35282 | A cleartext storage of sensitive information in memory vulnerability [CWE-316] affecting FortiClient... | S | |
| CVE-2024-35283 | A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could al... | | |
| CVE-2024-35284 | A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 cou... | | |
| CVE-2024-35285 | A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthentica... | | |
| CVE-2024-35286 | A vulnerability in NuPoint Messenger (NPM) of Mitel MiCollab through 9.8.0.33 allows an unauthentica... | | |
| CVE-2024-35287 | A vulnerability in the NuPoint Messenger (NPM) component of Mitel MiCollab through version 9.8 SP1 (... | | |
| CVE-2024-35288 | Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the M... | | |
| CVE-2024-35291 | Cross-site scripting vulnerability exists in Splunk Config Explorer versions prior to 1.7.16. If thi... | | |
| CVE-2024-35292 | A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versi... | | |
| CVE-2024-35293 | Schneider Elektronik Series 700 prone to missing authentication for critical reset function | | |
| CVE-2024-35294 | Schneider Elektronik Series 700 prone to missing authentication for traffic capture function | | |
| CVE-2024-35296 | Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests | | |
| CVE-2024-35297 | Cross-site scripting vulnerability exists in WP Booking versions prior to 2.4.5. If this vulnerabili... | | |
| CVE-2024-35298 | Improper authorization in handler for custom URL scheme issue in 'ZOZOTOWN' App for Android versions... | | |
| CVE-2024-35299 | In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate... | | |
| CVE-2024-35300 | In JetBrains TeamCity between 2024.03 and 2024.03.1 several stored XSS in the available updates page... | | |
| CVE-2024-35301 | In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the Git... | | |
| CVE-2024-35302 | In JetBrains TeamCity before 2023.11 stored XSS during restore from backup was possible... | | |
| CVE-2024-35303 | A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0012)... | | |
| CVE-2024-35304 | System command injection through Netflow function | S | |
| CVE-2024-35305 | Unauth Time-Based SQL Injection via API | S | |
| CVE-2024-35306 | OS Command injection in Ajax PHP files through HTTP Request | S | |
| CVE-2024-35307 | Argument Injection Leading to Remote Code Execution in Realtime Graph Extension | S | |
| CVE-2024-35308 | Post-auth Arbitrary File Read in the Server Plugins Section | S | |
| CVE-2024-35311 | Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.... | | |
| CVE-2024-35312 | In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka TR... | | |
| CVE-2024-35313 | In Tor Arti before 1.2.3, circuits sometimes incorrectly have a length of 3 (with full vanguards), a... | | |
| CVE-2024-35314 | A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solu... | | |
| CVE-2024-35315 | A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solu... | | |
| CVE-2024-35324 | Douchat 4.0.5 suffers from an arbitrary file upload vulnerability via Public/Plugins/webuploader/ser... | | |
| CVE-2024-35325 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-35326 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-35328 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-35329 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-35333 | A stack-buffer-overflow vulnerability exists in the read_charset_decl function of html2xhtml 1.3. Th... | | |
| CVE-2024-35338 | Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.... | E | |
| CVE-2024-35339 | Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac ... | E | |
| CVE-2024-35340 | Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the cmdi... | E | |
| CVE-2024-35341 | Certain Anpviz products allow unauthenticated users to download the running configuration of the dev... | | |
| CVE-2024-35342 | Certain Anpviz products allow unauthenticated users to modify or disable camera related settings suc... | | |
| CVE-2024-35343 | Certain Anpviz products allow unauthenticated users to download arbitrary files from the device's fi... | | |
| CVE-2024-35344 | Certain Anpviz products contain a hardcoded cryptographic key stored in the firmware of the device. ... | | |
| CVE-2024-35345 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability ... | E | |
| CVE-2024-35349 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability ... | E | |
| CVE-2024-35350 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability ... | E | |
| CVE-2024-35351 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability... | | |
| CVE-2024-35352 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability... | E | |
| CVE-2024-35353 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability ... | E | |
| CVE-2024-35354 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability ... | E | |
| CVE-2024-35355 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability ... | E | |
| CVE-2024-35356 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability ... | E | |
| CVE-2024-35357 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability ... | E | |
| CVE-2024-35358 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability ... | E | |
| CVE-2024-35359 | A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability ... | E | |
| CVE-2024-35361 | MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execu... | | |
| CVE-2024-35362 | Ecshop 3.6 is vulnerable to Cross Site Scripting (XSS) via ecshop/article_cat.php.... | E | |
| CVE-2024-35365 | FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of ... | | |
| CVE-2024-35366 | FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.... | | |
| CVE-2024-35367 | FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_s... | | |
| CVE-2024-35368 | FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkm... | | |
| CVE-2024-35369 | In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vu... | | |
| CVE-2024-35371 | Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability ste... | | |
| CVE-2024-35373 | Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.... | | |
| CVE-2024-35374 | Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/gen... | | |
| CVE-2024-35375 | There is an arbitrary file upload vulnerability on the media add .php page in the backend of the web... | | |
| CVE-2024-35384 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_arr... | E | |
| CVE-2024-35385 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_mk_... | E | |
| CVE-2024-35386 | An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_do_... | E | |
| CVE-2024-35387 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host p... | | |
| CVE-2024-35388 | TOTOLINK NR1800X v9.1.0u.6681_B20230703 was discovered to contain a stack overflow via the password ... | | |
| CVE-2024-35395 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability ... | | |
| CVE-2024-35396 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password for telnet in ... | | |
| CVE-2024-35397 | TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability ... | | |
| CVE-2024-35398 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc param... | | |
| CVE-2024-35399 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password p... | | |
| CVE-2024-35400 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc param... | | |
| CVE-2024-35401 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a command injection vulnerability v... | | |
| CVE-2024-35403 | TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc param... | | |
| CVE-2024-35409 | WeBid 1.1.2 is vulnerable to SQL Injection via admin/tax.php.... | E | |
| CVE-2024-35410 | wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/w... | | |
| CVE-2024-35418 | wac commit 385e1 was discovered to contain a heap overflow via the setup_call function at /wac-asan/... | | |
| CVE-2024-35419 | wac commit 385e1 was discovered to contain a heap overflow via the load_module function at /wac-asan... | | |
| CVE-2024-35420 | wac commit 385e1 was discovered to contain a heap overflow.... | | |
| CVE-2024-35421 | vmir e8117 was discovered to contain a segmentation violation via the wasm_parse_block function at /... | | |
| CVE-2024-35422 | vmir e8117 was discovered to contain a heap buffer overflow via the wasm_call function at /src/vmir_... | | |
| CVE-2024-35423 | vmir e8117 was discovered to contain a heap buffer overflow via the wasm_parse_section_functions fun... | | |
| CVE-2024-35424 | vmir e8117 was discovered to contain a segmentation violation via the import_function function at /s... | | |
| CVE-2024-35425 | vmir e8117 was discovered to contain a segmentation violation via the function_prepare_parse functio... | | |
| CVE-2024-35426 | vmir e8117 was discovered to contain a stack overflow via the init_local_vars function at /src/vmir_... | | |
| CVE-2024-35427 | vmir e8117 was discovered to contain a segmentation violation via the export_function function at /s... | | |
| CVE-2024-35428 | ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via BaseMediaFile. An authenticat... | E | |
| CVE-2024-35429 | ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via eventRecord.... | E | |
| CVE-2024-35430 | In ZKTeco ZKBio CVSecurity v6.1.1 an authenticated user can bypass password checks while exporting d... | | |
| CVE-2024-35431 | ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Directory Traversal via photoBase64. An unauthenticat... | | |
| CVE-2024-35432 | ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An auth... | | |
| CVE-2024-35433 | ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Incorrect Access Control. An authenticated user, with... | | |
| CVE-2024-35434 | Irontec Sngrep v1.8.1 was discovered to contain a heap buffer overflow via the function rtp_check_pa... | | |
| CVE-2024-35451 | LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF.... | | |
| CVE-2024-35468 | A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1... | | |
| CVE-2024-35469 | A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 a... | E | |
| CVE-2024-35474 | A Directory Traversal vulnerability in iceice666 ResourcePack Server before v1.0.8 allows a remote a... | | |
| CVE-2024-35475 | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or b... | | |
| CVE-2024-35492 | Cesanta Mongoose commit b316989 was discovered to contain a NULL pointer dereference via the scpy fu... | | |
| CVE-2024-35495 | An Information Disclosure vulnerability in the Telemetry component in TP-Link Kasa KP125M V1.0.0 and... | | |
| CVE-2024-35498 | A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web... | E | |
| CVE-2024-35504 | A cross-site scripting (XSS) vulnerability in the login page of FineSoft v8.0 allows attackers to ex... | | |
| CVE-2024-35510 | An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows a... | E | |
| CVE-2024-35511 | phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the "username" parame... | E | |
| CVE-2024-35512 | An issue in hmq v1.5.5 allows attackers to cause a Denial of Service (DoS) via crafted requests.... | | |
| CVE-2024-35515 | Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.... | | |
| CVE-2024-35517 | Netgear XR1000 v1.0.0.64 is vulnerable to command injection in usb_remote_smb_conf.cgi via the share... | | |
| CVE-2024-35518 | Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri p... | | |
| CVE-2024-35519 | Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to c... | | |
| CVE-2024-35520 | Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 param... | | |
| CVE-2024-35522 | Netgear EX3700 ' AC750 WiFi Range Extender Essentials Edition before 1.0.0.98 contains an authentica... | E | |
| CVE-2024-35526 | An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to access sensit... | | |
| CVE-2024-35527 | An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core f... | | |
| CVE-2024-35532 | An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea 2022.12, 2022.13, and 20... | | |
| CVE-2024-35537 | TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely han... | E | |
| CVE-2024-35538 | Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers ... | E | |
| CVE-2024-35539 | Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting funct... | E | |
| CVE-2024-35540 | A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute arbi... | E | |
| CVE-2024-35545 | MAP-OS v4.45.0 and earlier was discovered to contain a cross-site scripting (XSS) vulnerability.... | | |
| CVE-2024-35548 | A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain... | | |
| CVE-2024-35550 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35551 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35552 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35553 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35554 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35555 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35556 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35557 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35558 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35559 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35560 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35561 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-35563 | CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via th... | | |
| CVE-2024-35570 | An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of i... | | |
| CVE-2024-35571 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function form... | E | |
| CVE-2024-35576 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function form... | E | |
| CVE-2024-35578 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the functi... | E | |
| CVE-2024-35579 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function for... | E | |
| CVE-2024-35580 | Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function f... | E | |
| CVE-2024-35581 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allow... | E | |
| CVE-2024-35582 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allow... | E | |
| CVE-2024-35583 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allow... | E | |
| CVE-2024-35584 | SQL injection vulnerabilities were discovered in Ajax.php, ForWindow.php, ForExport.php, Modules.php... | | |
| CVE-2024-35591 | An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via... | | |
| CVE-2024-35592 | An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to exe... | | |
| CVE-2024-35593 | An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows atta... | | |
| CVE-2024-35595 | An arbitrary file upload vulnerability in the File Preview function of Xintongda OA v2023.12.30.1 al... | | |
| CVE-2024-35618 | PingCAP TiDB v7.5.1 was discovered to contain a NULL pointer dereference via the component SortedRow... | | |
| CVE-2024-35621 | A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows att... | | |
| CVE-2024-35627 | tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting (XSS) vulnerability via... | | |
| CVE-2024-35628 | WordPress Photo Gallery by 10Web plugin <= 1.8.25 - Broken Access Control vulnerability | S | |
| CVE-2024-35629 | WordPress Easy Digital Downloads – Recent Purchases plugin <= 1.0.2 - Remote File Inclusion vulnerability | | |
| CVE-2024-35630 | WordPress WP TripAdvisor Review Slider plugin <= 12.6 - SQL Injection vulnerability | S | |
| CVE-2024-35631 | WordPress FV Flowplayer Video Player plugin <= 7.5.45.7212 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35632 | WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-35633 | WordPress Blocksy Companion plugin <= 2.0.42 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2024-35634 | Woocommerce – Recent Purchases plugin <= 1.0.1 - File Inclusion vulnerability | | |
| CVE-2024-35635 | WordPress Ninja Tables plugin <= 5.0.9 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2024-35636 | WordPress Uploadcare File Uploader and Adaptive Delivery plugin <= 3.0.11 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-35637 | WordPress Church Admin plugin <= 4.3.6 - Server Side Request Forgery (SSRF) vulnerability | S | |
| CVE-2024-35638 | WordPress ActiveDEMAND plugin <= 0.2.43 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-35639 | WordPress Simple Spoiler plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35640 | WordPress Safety Exit plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35641 | WordPress Just Writing Statistics plugin <= 4.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35642 | WordPress Site Favicon plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35643 | WordPress WP Back Button plugin <= 1.1.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35645 | WordPress Random Banner plugin <= 4.2.8 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35646 | WordPress Smartarget Message Bar plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35647 | WordPress Global Notification Bar plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35649 | WordPress Save as PDF Plugin by Pdfcrowd plugin <= 3.2.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35650 | WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability | S | |
| CVE-2024-35651 | WordPress WP Flow Plus plugin <= 5.2.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35652 | WordPress Event Tickets with Ticket Scanner plugin <= 2.3.1 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35653 | WordPress Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages plugin <= 45.8.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35654 | WordPress Responsive theme <= 5.0.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35655 | WordPress Brave – Interactive Content plugin <= 0.6.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35656 | WordPress Elementor Pro <= 3.21.2 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35657 | WordPress WP-Recall plugin <= 16.26.6 - Cross Site Request Forgery (CSRF) vulnerability | | |
| CVE-2024-35658 | WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability | S | |
| CVE-2024-35659 | WordPress KiviCare plugin <= 3.6.2 - Insecure Direct Object References (IDOR) vulnerability | | |
| CVE-2024-35660 | WordPress Master Addons for Elementor plugin <= 2.0.5.4.1 - Broken Access Control on API vulnerability | S | |
| CVE-2024-35661 | WordPress Upload Fields for WPForms plugin <= 1.0.2 - Broken Access Control vulnerability | | |
| CVE-2024-35662 | WordPress Simple COD Fees for WooCommerce plugin <= 2.0.2 - Broken Access Control vulnerability | | |
| CVE-2024-35663 | WordPress WP Translate plugin <= 5.3.0 - Broken Access Control vulnerability | | |
| CVE-2024-35664 | WordPress WPvivid Backup for MainWP plugin <= 0.9.32 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35665 | WordPress Insert Post Ads plugin <= 1.3.2 - Broken Access Control vulnerability | | |
| CVE-2024-35666 | WordPress Themesflat Addons For Elementor plugin <= 2.1.2 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35667 | WordPress Shopping Cart & eCommerce Store plugin <= 5.5.19 - Broken Access Control vulnerability | S | |
| CVE-2024-35668 | WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Brevo plugin <= 3.1.77 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35669 | WordPress Debug Log Manager plugin <= 2.3.1 - Broken Access Control vulnerability | S | |
| CVE-2024-35670 | WordPress Integrate Google Drive plugin <= 1.3.93 - Broken Access Control vulnerability | S | |
| CVE-2024-35671 | WordPress MJ Update History plugin <= 1.0.4 - Broken Access Control vulnerability | | |
| CVE-2024-35672 | WordPress Netgsm plugin <= 2.9.19 - Broken Access Control vulnerability | S | |
| CVE-2024-35673 | WordPress Pure Chat plugin <= 2.22 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-35674 | WordPress Unlimited Elements For Elementor plugin <= 1.5.109 - Broken Access Control vulnerability | S | |
| CVE-2024-35675 | WordPress Advanced Woo Labels plugin <= 1.93 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35676 | WordPress Recurring PayPal Donations plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35677 | WordPress MegaMenu plugin <= 2.3.12 - Unauthenticated Local File Inclusion vulnerability | S | |
| CVE-2024-35678 | WordPress Contact Form to DB by BestWebSoft plugin <= 1.7.2 - SQL Injection vulnerability | S | |
| CVE-2024-35679 | WordPress GiveWP plugin <= 3.12.0 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35680 | WordPress YITH WooCommerce Product Add-Ons plugin <= 4.9.2 - Content Injection vulnerability | S | |
| CVE-2024-35681 | WordPress wpDiscuz plugin <= 7.6.18 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35682 | WordPress Otter Blocks PRO plugin <= 2.6.11 - Authenticated Sensitive Data Exposure vulnerability | S | |
| CVE-2024-35683 | WordPress Leyka plugin <= 3.31.1 - Broken Access Control vulnerability | S | |
| CVE-2024-35684 | WordPress ElasticPress plugin <= 5.1.0 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-35685 | WordPress Radcliffe 2 theme <= 2.0.17 - Broken Access Control vulnerability | S | |
| CVE-2024-35686 | WordPress Sensei LMS plugin <= 4.23.1 - Broken Access Control vulnerability | S | |
| CVE-2024-35687 | WordPress Link Library plugin <= 7.6.3 - Reflected Cross-Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35688 | WordPress Master Addons for Elementor plugin <= 2.0.5.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35689 | WordPress Analytify plugin <= 5.2.3 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-35691 | WordPress Widget Options - Extended plugin <= 5.1.0 - Multiple Data Exposure Vulnerability | S | |
| CVE-2024-35692 | WordPress GDPR/CCPA Cookie Consent Banner plugin <= 3.2 - Broken Access Control vulnerability | S | |
| CVE-2024-35693 | WordPress 12 Step Meeting List plugin <= 3.14.33 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35694 | WordPress WPMobile.App plugin <= 11.41 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35695 | WordPress WP Docs plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35696 | WordPress WP Docs plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35697 | WordPress Eduma theme <= 5.4.7 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35698 | WordPress YITH WooCommerce Tab Manager plugin <= 1.35.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35699 | WordPress HT Feed plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35700 | WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability | S | |
| CVE-2024-35701 | WordPress PropertyHive plugin <= 2.0.13 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35702 | WordPress Master Addons for Elementor plugin <= 2.0.6.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35703 | WordPress Sina Extension for Elementor plugin <= 3.5.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35704 | WordPress BlockArt Blocks plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35705 | WordPress Block for Font Awesome plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35706 | WordPress Heateor Social Login WordPress plugin <= 1.1.32 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35707 | WordPress Heateor Social Login WordPress plugin <= 1.1.32 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35708 | WordPress Rife Free theme <= 2.4.19 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35709 | WordPress The Plus Addons for Elementor plugin <= 5.5.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35710 | WordPress Podlove Web Player plugin <= 5.7.3 - Sensitive Data Exposure vulnerability | S | |
| CVE-2024-35711 | WordPress Event theme <= 1.2.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35712 | WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability | S | |
| CVE-2024-35713 | WordPress Testimonial Carousel For Elementor plugin <= 10.1.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35714 | WordPress Idyllic theme <= 1.1.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35715 | WordPress Bloglo and Blogvi themes affected by Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35716 | WordPress Copymatic plugin <= 1.9 - Broken Access Control vulnerability | S | |
| CVE-2024-35717 | WordPress Media Slider plugin <= 1.3.9 - Broken Access Control vulnerability | S | |
| CVE-2024-35718 | WordPress Newsletters plugin <= 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35719 | WordPress RestroPress plugin <= 3.1.2.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35720 | WordPress Album Gallery – WordPress Gallery plugin <= 1.5.7 - Broken Access Control vulnerability | S | |
| CVE-2024-35721 | WordPress Image Gallery plugin <= 1.4.5 - Broken Access Control vulnerability | S | |
| CVE-2024-35722 | WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.4.0 - Broken Access Control vulnerability | S | |
| CVE-2024-35723 | WordPress Dashboard To-Do List plugin <= 1.2.0 - Broken Access Control vulnerability | S | |
| CVE-2024-35724 | WordPress Bosa Elementor Addons and Templates for WooCommerce plugin <= 1.0.12 - Broken Access Control vulnerability | S | |
| CVE-2024-35725 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.6 - Broken Access Control vulnerability | S | |
| CVE-2024-35726 | WordPress WooBuddy plugin <= 3.4.19 - Broken Access Control vulnerability | S | |
| CVE-2024-35727 | WordPress Extra Product Options for WooCommerce plugin <= 3.0.6 - Broken Access Control vulnerability | S | |
| CVE-2024-35728 | WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability | S | |
| CVE-2024-35729 | WordPress Tickera – WordPress Event Ticketing plugin <= 3.5.2.6 - Broken Access Control vulnerability | S | |
| CVE-2024-35730 | WordPress Active Products Tables for WooCommerce plugin <= 1.0.6.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35731 | WordPress Kenta Gutenberg Blocks plugin <= 1.3.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35732 | WordPress YITH Custom Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35733 | WordPress Auto Coupons for WooCommerce plugin <= 3.0.14 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35734 | WordPress WP Time Slots Booking Form plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35735 | WordPress WP Time Slots Booking Form plugin <= 1.2.11 - Broken Access Control vulnerability | S | |
| CVE-2024-35736 | WordPress Visualizer plugin <= 3.11.1 - SQL Injection vulnerability | S | |
| CVE-2024-35737 | WordPress WP Visitors Tracker plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35738 | WordPress Kognetiks Chatbot for WordPress plugin <= 1.9.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35739 | WordPress The Post Grid plugin <= 7.7.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35740 | WordPress Pixgraphy theme <= 1.3.8 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35741 | WordPress Awesome Support plugin <= 6.1.7 - Broken Access Control vulnerability | S | |
| CVE-2024-35742 | WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability | | |
| CVE-2024-35743 | WordPress SC filechecker plugin <= 0.6 - Arbitrary File Deletion vulnerability | | |
| CVE-2024-35744 | WordPress Upunzipper plugin <= 1.0.0 - Arbitrary File Deletion vulnerability | | |
| CVE-2024-35745 | WordPress Strategery Migrations plugin <= 1.0 - Arbitrary File Deletion vulnerability | | |
| CVE-2024-35746 | WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability | | |
| CVE-2024-35747 | WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability | | |
| CVE-2024-35748 | WordPress WooCommerce Dropshipping plugin <= 5.0.4 - Unauthenticated Arbitrary Email Sending vulnerability | | |
| CVE-2024-35749 | WordPress Under Construction / Maintenance Mode from Acurax plugin <= 2.6 - IP Bypass vulnerability | | |
| CVE-2024-35750 | WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - SQL Injection vulnerability | | |
| CVE-2024-35751 | WordPress Woody code snippets plugin <= 2.4.10 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35752 | WordPress Stellissimo Text Box plugin 1.1.4 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35753 | WordPress TemplatesNext OnePager plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35754 | WordPress Ovic Importer plugin <= 1.6.3 - Arbitrary File Download vulnerability | | |
| CVE-2024-35755 | WordPress Weather Widget Pro plugin <= 1.1.40 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35756 | WordPress Tooltip CK plugin <= 2.2.15 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35757 | WordPress Easy Age Verify plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35758 | WordPress Interface theme <= 3.1.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35759 | WordPress WP Job Portal plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35760 | WordPress WP Job Portal – A Complete Job Board plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35761 | WordPress Online Booking & Scheduling Calendar for WordPress by vcita plugin <= 4.4.0 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35762 | WordPress Serious Slider plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35763 | WordPress Excellent theme <= 1.2.9 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35764 | WordPress Church Admin plugin <= 4.4.4 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35765 | WordPress Greenshift – animation and page builder blocks plugin <= 8.8.9.1 - Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35766 | WordPress WPPizza – A Restaurant Plugin plugin <= 3.18.13 - Reflected Cross Site Scripting (XSS) vulnerability | S | |
| CVE-2024-35767 | WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability | S | |
| CVE-2024-35768 | WordPress Page Builder: Live Composer plugin <= 1.5.42 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35769 | WordPress Slideshow SE plugin <= 2.5.17 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35770 | WordPress Vimeography plugin <= 2.4.1 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-35771 | WordPress Customizr theme <= 4.4.21 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-35772 | WordPress Hueman theme <= 3.7.24 - Cross Site Request Forgery (CSRF) vulnerability | S | |
| CVE-2024-35773 | WordPress Comment Reply Email plugin <= 1.3 - CSRF to Stored XSS vulnerability | S | |
| CVE-2024-35774 | WordPress DImage 360 plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35775 | WordPress Slider by Soliloquy plugin <= 2.7.6 - Broken Access Control to XSS vulnerability | S | |
| CVE-2024-35776 | WordPress phpinfo() WP plugin <= 5.0 - Unauthenticated Data Exposure vulnerability | | |
| CVE-2024-35777 | WordPress WooCommerce plugin <= 8.9.2 - Content Injection vulnerability | S | |
| CVE-2024-35778 | WordPress Slideshow SE plugin <= 2.5.17 - Auth. Limited Local File Inclusion vulnerability | S | |
| CVE-2024-35779 | WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ Shortcode Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35780 | WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ PHP Object Injection vulnerability | | |
| CVE-2024-35781 | WordPress Word Balloon plugin <= 4.21.1 - Local File Inclusion vulnerability | S | |
| CVE-2024-35782 | WordPress Cowidgets – Elementor Addons plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability | | |
| CVE-2024-35783 | A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server... | | |
| CVE-2024-35784 | btrfs: fix deadlock with fiemap and extent locking | S | |
| CVE-2024-35785 | tee: optee: Fix kernel panic caused by incorrect error handling | | |
| CVE-2024-35786 | drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf | S | |
| CVE-2024-35787 | md/md-bitmap: fix incorrect usage for sb_index | | |
| CVE-2024-35788 | drm/amd/display: Fix bounds check for dcn35 DcfClocks | S | |
| CVE-2024-35789 | wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes | | |
| CVE-2024-35790 | usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group | S | |
| CVE-2024-35791 | KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() | | |
| CVE-2024-35792 | crypto: rk3288 - Fix use after free in unprepare | S | |
| CVE-2024-35793 | debugfs: fix wait/cancellation handling during remove | | |
| CVE-2024-35794 | dm-raid: really frozen sync_thread during suspend | | |
| CVE-2024-35795 | drm/amdgpu: fix deadlock while reading mqd from debugfs | S | |
| CVE-2024-35796 | net: ll_temac: platform_get_resource replaced by wrong function | | |
| CVE-2024-35797 | mm: cachestat: fix two shmem bugs | | |
| CVE-2024-35798 | btrfs: fix race in read_extent_buffer_pages() | | |
| CVE-2024-35799 | drm/amd/display: Prevent crash when disable stream | | |
| CVE-2024-35800 | efi: fix panic in kdump kernel | | |
| CVE-2024-35801 | x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD | | |
| CVE-2024-35802 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-35803 | x86/efistub: Call mixed mode boot services on the firmware's stack | | |
| CVE-2024-35804 | KVM: x86: Mark target gfn of emulated atomic instruction as dirty | | |
| CVE-2024-35805 | dm snapshot: fix lockup in dm_exception_table_exit | | |
| CVE-2024-35806 | soc: fsl: qbman: Always disable interrupts when taking cgr_lock | S | |
| CVE-2024-35807 | ext4: fix corruption during on-line resize | | |
| CVE-2024-35808 | md/dm-raid: don't call md_reap_sync_thread() directly | | |
| CVE-2024-35809 | PCI/PM: Drain runtime-idle callbacks before driver removal | | |
| CVE-2024-35810 | drm/vmwgfx: Fix the lifetime of the bo cursor memory | | |
| CVE-2024-35811 | wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach | S | |
| CVE-2024-35812 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-35813 | mmc: core: Avoid negative index with array access | | |
| CVE-2024-35814 | swiotlb: Fix double-allocation of slots due to broken alignment handling | | |
| CVE-2024-35815 | fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion | | |
| CVE-2024-35816 | firewire: ohci: prevent leak of left-over IRQ on unbind | | |
| CVE-2024-35817 | drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag | | |
| CVE-2024-35818 | LoongArch: Define the __io_aw() hook as mmiowb() | | |
| CVE-2024-35819 | soc: fsl: qbman: Use raw spinlock for cgr_lock | | |
| CVE-2024-35820 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-35821 | ubifs: Set page uptodate in the correct place | | |
| CVE-2024-35822 | usb: udc: remove warning when queue disabled ep | | |
| CVE-2024-35823 | vt: fix unicode buffer corruption when deleting characters | S | |
| CVE-2024-35824 | misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume | | |
| CVE-2024-35825 | usb: gadget: ncm: Fix handling of zero block length packets | | |
| CVE-2024-35826 | block: Fix page refcounts for unaligned buffers in __bio_release_pages() | | |
| CVE-2024-35827 | io_uring/net: fix overflow check in io_recvmsg_mshot_prep() | S | |
| CVE-2024-35828 | wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() | S | |
| CVE-2024-35829 | drm/lima: fix a memleak in lima_heap_alloc | S | |
| CVE-2024-35830 | media: tc358743: register v4l2 async device only after successful setup | | |
| CVE-2024-35831 | io_uring: Fix release of pinned pages when __io_uaddr_map fails | | |
| CVE-2024-35832 | bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit | | |
| CVE-2024-35833 | dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA | S | |
| CVE-2024-35834 | xsk: recycle buffer in case Rx queue was full | | |
| CVE-2024-35835 | net/mlx5e: fix a double-free in arfs_create_groups | S | |
| CVE-2024-35836 | dpll: fix pin dump crash for rebound module | | |
| CVE-2024-35837 | net: mvpp2: clear BM pool before initialization | | |
| CVE-2024-35838 | wifi: mac80211: fix potential sta-link leak | | |
| CVE-2024-35839 | netfilter: bridge: replace physindev with physinif in nf_bridge_info | | |
| CVE-2024-35840 | mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() | | |
| CVE-2024-35841 | net: tls, fix WARNIING in __sk_msg_free | | |
| CVE-2024-35842 | ASoC: mediatek: sof-common: Add NULL check for normal_link string | | |
| CVE-2024-35843 | iommu/vt-d: Use device rbtree in iopf reporting path | S | |
| CVE-2024-35844 | f2fs: compress: fix reserve_cblocks counting error when out of space | | |
| CVE-2024-35845 | wifi: iwlwifi: dbg-tlv: ensure NUL termination | S | |
| CVE-2024-35846 | mm: zswap: fix shrinker NULL crash with cgroup_disable=memory | S | |
| CVE-2024-35847 | irqchip/gic-v3-its: Prevent double free on error | S | |
| CVE-2024-35848 | eeprom: at24: fix memory corruption race condition | | |
| CVE-2024-35849 | btrfs: fix information leak in btrfs_ioctl_logical_to_ino() | S | |
| CVE-2024-35850 | Bluetooth: qca: fix NULL-deref on non-serdev setup | S | |
| CVE-2024-35851 | Bluetooth: qca: fix NULL-deref on non-serdev suspend | S | |
| CVE-2024-35852 | mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work | S | |
| CVE-2024-35853 | mlxsw: spectrum_acl_tcam: Fix memory leak during rehash | S | |
| CVE-2024-35854 | mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash | S | |
| CVE-2024-35855 | mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update | S | |
| CVE-2024-35856 | Bluetooth: btusb: mediatek: Fix double free of skb in coredump | S | |
| CVE-2024-35857 | icmp: prevent possible NULL dereferences from icmp_build_probe() | S | |
| CVE-2024-35858 | net: bcmasp: fix memory leak when bringing down interface | S | |
| CVE-2024-35859 | block: fix module reference leakage from bdev_open_by_dev error path | S | |
| CVE-2024-35860 | bpf: support deferring bpf_link dealloc to after RCU grace period | | |
| CVE-2024-35861 | smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() | S | |
| CVE-2024-35862 | smb: client: fix potential UAF in smb2_is_network_name_deleted() | S | |
| CVE-2024-35863 | smb: client: fix potential UAF in is_valid_oplock_break() | S | |
| CVE-2024-35864 | smb: client: fix potential UAF in smb2_is_valid_lease_break() | S | |
| CVE-2024-35865 | smb: client: fix potential UAF in smb2_is_valid_oplock_break() | S | |
| CVE-2024-35866 | smb: client: fix potential UAF in cifs_dump_full_key() | S | |
| CVE-2024-35867 | smb: client: fix potential UAF in cifs_stats_proc_show() | S | |
| CVE-2024-35868 | smb: client: fix potential UAF in cifs_stats_proc_write() | S | |
| CVE-2024-35869 | smb: client: guarantee refcounted children from parent session | S | |
| CVE-2024-35870 | smb: client: fix UAF in smb2_reconnect_server() | S | |
| CVE-2024-35871 | riscv: process: Fix kernel gp leakage | | |
| CVE-2024-35872 | mm/secretmem: fix GUP-fast succeeding on secretmem folios | | |
| CVE-2024-35873 | riscv: Fix vector state restore in rt_sigreturn() | | |
| CVE-2024-35874 | aio: Fix null ptr deref in aio_complete() wakeup | S | |
| CVE-2024-35875 | x86/coco: Require seeding RNG with RDRAND on CoCo systems | | |
| CVE-2024-35876 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-35877 | x86/mm/pat: fix VM_PAT handling in COW mappings | | |
| CVE-2024-35878 | of: module: prevent NULL pointer dereference in vsnprintf() | S | |
| CVE-2024-35879 | of: dynamic: Synchronize of_changeset_destroy() with the devlink removals | | |
| CVE-2024-35880 | io_uring/kbuf: hold io_buffer_list reference over mmap | | |
| CVE-2024-35881 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-35882 | SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP | S | |
| CVE-2024-35883 | spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe | S | |
| CVE-2024-35884 | udp: do not accept non-tunnel GSO skbs landing in a tunnel | | |
| CVE-2024-35885 | mlxbf_gige: stop interface during shutdown | S | |
| CVE-2024-35886 | ipv6: Fix infinite recursion in fib6_dump_done(). | | |
| CVE-2024-35887 | ax25: fix use-after-free bugs caused by ax25_ds_del_timer | S | |
| CVE-2024-35888 | erspan: make sure erspan_base_hdr is present in skb->head | S | |
| CVE-2024-35889 | idpf: fix kernel panic on unknown packet types | S | |
| CVE-2024-35890 | gro: fix ownership transfer | | |
| CVE-2024-35891 | net: phy: micrel: Fix potential null pointer dereference | S | |
| CVE-2024-35892 | net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() | | |
| CVE-2024-35893 | net/sched: act_skbmod: prevent kernel-infoleak | | |
| CVE-2024-35894 | mptcp: prevent BPF accessing lowat from a subflow socket. | S | |
| CVE-2024-35895 | bpf, sockmap: Prevent lock inversion deadlock in map delete elem | S | |
| CVE-2024-35896 | netfilter: validate user input for expected length | S | |
| CVE-2024-35897 | netfilter: nf_tables: discard table flag update with pending basechain deletion | | |
| CVE-2024-35898 | netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() | S | |
| CVE-2024-35899 | netfilter: nf_tables: flush pending destroy work before exit_net release | S | |
| CVE-2024-35900 | netfilter: nf_tables: reject new basechain after table flag update | | |
| CVE-2024-35901 | net: mana: Fix Rx DMA datasize and skb_over_panic | | |
| CVE-2024-35902 | net/rds: fix possible cp null dereference | S | |
| CVE-2024-35903 | x86/bpf: Fix IP after emitting call depth accounting | | |
| CVE-2024-35904 | selinux: avoid dereference of garbage after mount failure | S | |
| CVE-2024-35905 | bpf: Protect against int overflow for stack access size | S | |
| CVE-2024-35906 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-35907 | mlxbf_gige: call request_irq() after NAPI initialized | S | |
| CVE-2024-35908 | tls: get psock ref after taking rxlock to avoid leak | | |
| CVE-2024-35909 | net: wwan: t7xx: Split 64bit accesses to fix alignment issues | | |
| CVE-2024-35910 | tcp: properly terminate timers for kernel sockets | | |
| CVE-2024-35911 | ice: fix memory corruption bug with suspend and rebuild | | |
| CVE-2024-35912 | wifi: iwlwifi: mvm: rfi: fix potential response leaks | | |
| CVE-2024-35913 | wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF | | |
| CVE-2024-35914 | nfsd: Fix error cleanup path in nfsd_rename() | | |
| CVE-2024-35915 | nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet | S | |
| CVE-2024-35916 | dma-buf: Fix NULL pointer dereference in sanitycheck() | S | |
| CVE-2024-35917 | s390/bpf: Fix bpf_plt pointer arithmetic | | |
| CVE-2024-35918 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-35919 | media: mediatek: vcodec: adding lock to protect encoder context list | S | |
| CVE-2024-35920 | media: mediatek: vcodec: adding lock to protect decoder context list | S | |
| CVE-2024-35921 | media: mediatek: vcodec: Fix oops when HEVC init fails | S | |
| CVE-2024-35922 | fbmon: prevent division by zero in fb_videomode_from_videomode() | S | |
| CVE-2024-35923 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-35924 | usb: typec: ucsi: Limit read size on v1.2 | | |
| CVE-2024-35925 | block: prevent division by zero in blk_rq_stat_sum() | S | |
| CVE-2024-35926 | crypto: iaa - Fix async_disable descriptor leak | | |
| CVE-2024-35927 | drm: Check output polling initialized before disabling | | |
| CVE-2024-35928 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-35929 | rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() | S | |
| CVE-2024-35930 | scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() | S | |
| CVE-2024-35931 | drm/amdgpu: Skip do PCI error slot reset during RAS recovery | | |
| CVE-2024-35932 | drm/vc4: don't check if plane->state->fb == state->fb | | |
| CVE-2024-35933 | Bluetooth: btintel: Fix null ptr deref in btintel_read_version | S | |
| CVE-2024-35934 | net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() | | |
| CVE-2024-35935 | btrfs: send: handle path ref underflow in header iterate_inode_ref() | | |
| CVE-2024-35936 | btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() | | |
| CVE-2024-35937 | wifi: cfg80211: check A-MSDU format more carefully | S | |
| CVE-2024-35938 | wifi: ath11k: decrease MHI channel buffer length to 8KB | | |
| CVE-2024-35939 | dma-direct: Leak pages on dma_set_decrypted() failure | | |
| CVE-2024-35940 | pstore/zone: Add a null pointer check to the psz_kmsg_read | S | |
| CVE-2024-35941 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-35942 | pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain | | |
| CVE-2024-35943 | pmdomain: ti: Add a null pointer check to the omap_prm_domain_init | | |
| CVE-2024-35944 | VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() | | |
| CVE-2024-35945 | net: phy: phy_device: Prevent nullptr exceptions on ISR | S | |
| CVE-2024-35946 | wifi: rtw89: fix null pointer access when abort scan | S | |
| CVE-2024-35947 | dyndbg: fix old BUG_ON in >control parser | S | |
| CVE-2024-35948 | bcachefs: Check for journal entries overruning end of sb clean section | S | |
| CVE-2024-35949 | btrfs: make sure that WRITTEN is set on all metadata blocks | | |
| CVE-2024-35950 | drm/client: Fully protect modes[] with dev->mode_config.mutex | | |
| CVE-2024-35951 | drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() | | |
| CVE-2024-35952 | drm/ast: Fix soft lockup | | |
| CVE-2024-35953 | accel/ivpu: Fix deadlock in context_xa | S | |
| CVE-2024-35954 | scsi: sg: Avoid sg device teardown race | S | |
| CVE-2024-35955 | kprobes: Fix possible use-after-free issue on kprobe registration | S | |
| CVE-2024-35956 | btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations | | |
| CVE-2024-35957 | iommu/vt-d: Fix WARN_ON in iommu probe path | | |
| CVE-2024-35958 | net: ena: Fix incorrect descriptor free behavior | | |
| CVE-2024-35959 | net/mlx5e: Fix mlx5e_priv_init() cleanup flow | | |
| CVE-2024-35960 | net/mlx5: Properly link new fs rules into the tree | S | |
| CVE-2024-35961 | net/mlx5: Register devlink first under devlink lock | | |
| CVE-2024-35962 | netfilter: complete validation of user input | | |
| CVE-2024-35963 | Bluetooth: hci_sock: Fix not validating setsockopt user input | | |
| CVE-2024-35964 | Bluetooth: ISO: Fix not validating setsockopt user input | | |
| CVE-2024-35965 | Bluetooth: L2CAP: Fix not validating setsockopt user input | | |
| CVE-2024-35966 | Bluetooth: RFCOMM: Fix not validating setsockopt user input | | |
| CVE-2024-35967 | Bluetooth: SCO: Fix not validating setsockopt user input | | |
| CVE-2024-35968 | pds_core: Fix pdsc_check_pci_health function to use work thread | S | |
| CVE-2024-35969 | ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr | S | |
| CVE-2024-35970 | af_unix: Clear stale u->oob_skb. | S | |
| CVE-2024-35971 | net: ks8851: Handle softirqs at the end of IRQ thread to fix hang | | |
| CVE-2024-35972 | bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() | S | |
| CVE-2024-35973 | geneve: fix header validation in geneve[6]_xmit_skb | S | |
| CVE-2024-35974 | block: fix q->blkg_list corruption during disk rebind | | |
| CVE-2024-35975 | octeontx2-pf: Fix transmit scheduler resource leak | S | |
| CVE-2024-35976 | xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING | S | |
| CVE-2024-35977 | platform/chrome: cros_ec_uart: properly fix race condition | S | |
| CVE-2024-35978 | Bluetooth: Fix memory leak in hci_req_sync_complete() | S | |
| CVE-2024-35979 | raid1: fix use-after-free for original bio in raid1_write_request() | S | |
| CVE-2024-35980 | arm64: tlb: Fix TLBI RANGE operand | S | |
| CVE-2024-35981 | virtio_net: Do not send RSS key if it is not supported | S | |
| CVE-2024-35982 | batman-adv: Avoid infinite loop trying to resize local TT | S | |
| CVE-2024-35983 | bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS | S | |
| CVE-2024-35984 | i2c: smbus: fix NULL function pointer dereference | S | |
| CVE-2024-35985 | sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf() | S | |
| CVE-2024-35986 | phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered | S | |
| CVE-2024-35987 | riscv: Fix loading 64-bit NOMMU kernels past the start of RAM | | |
| CVE-2024-35988 | riscv: Fix TASK_SIZE on 64-bit NOMMU | | |
| CVE-2024-35989 | dmaengine: idxd: Fix oops during rmmod on single-CPU platforms | S | |
| CVE-2024-35990 | dma: xilinx_dpdma: Fix locking | S | |
| CVE-2024-35991 | dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue | | |
| CVE-2024-35992 | phy: marvell: a3700-comphy: Fix out of bounds read | S | |
| CVE-2024-35993 | mm: turn folio_test_hugetlb into a PageType | | |
| CVE-2024-35994 | firmware: qcom: uefisecapp: Fix memory related IO errors and crashes | | |
| CVE-2024-35995 | ACPI: CPPC: Use access_width over bit_width for system memory accesses | | |
| CVE-2024-35996 | cpu: Re-enable CPU mitigations by default for !X86 architectures | | |
| CVE-2024-35997 | HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up | S | |
| CVE-2024-35998 | smb3: fix lock ordering potential deadlock in cifs_sync_mid_result | S | |
| CVE-2024-35999 | smb3: missing lock when picking channel | S |