| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-36000 | mm/hugetlb: fix missing hugetlb_lock for resv uncharge | | |
| CVE-2024-36001 | netfs: Fix the pre-flush when appending to a file in writethrough mode | | |
| CVE-2024-36002 | dpll: fix dpll_pin_on_pin_register() for multiple parent pins | | |
| CVE-2024-36003 | ice: fix LAG and VF lock dependency in ice_reset_vf() | S | |
| CVE-2024-36004 | i40e: Do not use WQ_MEM_RECLAIM flag for workqueue | | |
| CVE-2024-36005 | netfilter: nf_tables: honor table dormant flag from netdev release event path | | |
| CVE-2024-36006 | mlxsw: spectrum_acl_tcam: Fix incorrect list API usage | | |
| CVE-2024-36007 | mlxsw: spectrum_acl_tcam: Fix warning during rehash | | |
| CVE-2024-36008 | ipv4: check for NULL idev in ip_route_use_hint() | S | |
| CVE-2024-36009 | ax25: Fix netdev refcount issue | | |
| CVE-2024-36010 | igb: Fix string truncation warnings in igb_set_fw_version | | |
| CVE-2024-36011 | Bluetooth: HCI: Fix potential null-ptr-deref | S | |
| CVE-2024-36012 | Bluetooth: msft: fix slab-use-after-free in msft_do_close() | S | |
| CVE-2024-36013 | Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() | S | |
| CVE-2024-36014 | drm/arm/malidp: fix a possible null pointer dereference | S | |
| CVE-2024-36015 | ppdev: Add an error check in register_device | | |
| CVE-2024-36016 | tty: n_gsm: fix possible out-of-bounds in gsm0_receive() | S | |
| CVE-2024-36017 | rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation | | |
| CVE-2024-36018 | nouveau/uvmm: fix addr/range calcs for remap operations | | |
| CVE-2024-36019 | regmap: maple: Fix cache corruption in regcache_maple_drop() | | |
| CVE-2024-36020 | i40e: fix vf may be used uninitialized in this function warning | | |
| CVE-2024-36021 | net: hns3: fix kernel crash when devlink reload during pf initialization | | |
| CVE-2024-36022 | drm/amdgpu: Init zone device and drm client after mode-1 reset on reload | | |
| CVE-2024-36023 | Julia Lawall reported this null pointer dereference, this should fix it. | S | |
| CVE-2024-36024 | drm/amd/display: Disable idle reallow as part of command/gpint execution | | |
| CVE-2024-36025 | scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() | | |
| CVE-2024-36026 | drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 | | |
| CVE-2024-36027 | btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer | | |
| CVE-2024-36028 | mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio() | | |
| CVE-2024-36029 | mmc: sdhci-msm: pervent access to suspended controller | | |
| CVE-2024-36030 | octeontx2-af: fix the double free in rvu_npc_freemem() | S | |
| CVE-2024-36031 | keys: Fix overwrite of key expiration on instantiation | S | |
| CVE-2024-36032 | Bluetooth: qca: fix info leak when fetching fw build id | | |
| CVE-2024-36033 | Bluetooth: qca: fix info leak when fetching board id | | |
| CVE-2024-36034 | SQL Injection | | |
| CVE-2024-36035 | SQL Injection | | |
| CVE-2024-36036 | Insufficient Access Control Vulnerability | | |
| CVE-2024-36037 | Insufficient Access Control Vulnerability | | |
| CVE-2024-36038 | Stored XSS | | |
| CVE-2024-36039 | PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not es... | | |
| CVE-2024-36041 | KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 all... | | |
| CVE-2024-36042 | Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to Authenticatio... | | |
| CVE-2024-36043 | question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imag... | | |
| CVE-2024-36046 | Infoblox NIOS through 8.6.4 executes with more privileges than required.... | | |
| CVE-2024-36047 | Infoblox NIOS through 8.6.4 and 9.x through 9.0.3 has Improper Input Validation.... | | |
| CVE-2024-36048 | QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.... | | |
| CVE-2024-36049 | Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetc... | | |
| CVE-2024-36050 | Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to r... | | |
| CVE-2024-36051 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-38365. Reason: This record is a du... | R | |
| CVE-2024-36052 | RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape s... | | |
| CVE-2024-36053 | In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command in... | | |
| CVE-2024-36054 | Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily... | | |
| CVE-2024-36055 | Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily... | | |
| CVE-2024-36056 | Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily... | | |
| CVE-2024-36059 | Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2.3.... | | |
| CVE-2024-36060 | EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacha... | | |
| CVE-2024-36061 | EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker... | | |
| CVE-2024-36062 | The com.callassistant.android (aka AI Call Assistant & Screener) application 1.174 for Android enabl... | | |
| CVE-2024-36063 | The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any ap... | | |
| CVE-2024-36064 | The NLL com.nll.cb (aka ACR Phone) application through 0.330-playStore-NoAccessibility-arm8 for Andr... | | |
| CVE-2024-36066 | The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compli... | M | |
| CVE-2024-36068 | An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1... | | |
| CVE-2024-36070 | tine before 2023.11.8, when an LDAP backend is used, allows anonymous remote attackers to obtain sen... | | |
| CVE-2024-36071 | Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the direc... | | |
| CVE-2024-36072 | Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote co... | | |
| CVE-2024-36073 | Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote co... | | |
| CVE-2024-36074 | Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote co... | | |
| CVE-2024-36075 | The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbi... | | |
| CVE-2024-36076 | Cross-Site WebSocket Hijacking in SysReptor from version 2024.28 to version 2024.30 causes attackers... | | |
| CVE-2024-36077 | Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privileg... | | |
| CVE-2024-36078 | In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissio... | | |
| CVE-2024-36079 | An issue was discovered in Vaultize 21.07.27. When uploading files, there is no check that the filen... | | |
| CVE-2024-36080 | Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded passwor... | | |
| CVE-2024-36081 | Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuratio... | | |
| CVE-2024-36082 | SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a r... | | |
| CVE-2024-36103 | OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 ... | | |
| CVE-2024-36104 | Apache OFBiz: Path traversal leading to a RCE | M | |
| CVE-2024-36105 | dbt allows Binding to an Unrestricted IP Address via socketsocket | | |
| CVE-2024-36106 | Argo CD allows authenticated users to enumerate clusters by name | S | |
| CVE-2024-36107 | Information disclosure in minio | | |
| CVE-2024-36108 | Multiple Broken Function-Level Authorization vulnerabilities in casgate | | |
| CVE-2024-36109 | Cross-site Scripting with Markdown rendering in CoCalc | | |
| CVE-2024-36110 | Cross-site scripting in ansibleguy-webui | | |
| CVE-2024-36111 | KubePi's JWT token validation has a defect | | |
| CVE-2024-36112 | Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects | | |
| CVE-2024-36113 | Discourse missing authorization checks for suspending admins/moderators | S | |
| CVE-2024-36114 | Decompressors can crash the JVM and leak memory content in Aircompressor | | |
| CVE-2024-36115 | Stored Cross site scripting in Reposilite artifacts | | |
| CVE-2024-36116 | Path traversal in Reposilite javadoc file expansion | E S | |
| CVE-2024-36117 | Path traversal while serving Reposilite javadoc expanded files | E S | |
| CVE-2024-36118 | Unauthorized viewing of workspace test cases in MeterSphere | | |
| CVE-2024-36119 | Password confirmation stored in plain text via registration form in statamic/cms | | |
| CVE-2024-36120 | javascript-deobfuscator crafted payload can lead to code execution | S | |
| CVE-2024-36121 | netty-incubator-codec-ohttp's BoringSSLAEADContext Repeats Nonces | E | |
| CVE-2024-36122 | Discourse doesn't limit reviewable user serializer payload | S | |
| CVE-2024-36123 | Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline | | |
| CVE-2024-36124 | iq80 Snappy has an out-of-bounds read when uncompressing data, leading to JVM crash | | |
| CVE-2024-36127 | apko Exposure of HTTP basic auth credentials in log output | | |
| CVE-2024-36128 | Directus is soft-locked by providing a string value to random string util | E S | |
| CVE-2024-36129 | OpenTelemetry Collector has a Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC | E S | |
| CVE-2024-36130 | An insufficient authorization vulnerability in web component of EPMM prior to 12.1.0.1 allows an una... | | |
| CVE-2024-36131 | An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authe... | | |
| CVE-2024-36132 | Insufficient verification of authentication controls in EPMM prior to 12.1.0.1 allows a remote attac... | | |
| CVE-2024-36136 | An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated a... | | |
| CVE-2024-36137 | A vulnerability has been identified in Node.js, affecting users of the experimental permission model... | | |
| CVE-2024-36138 | Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all ... | | |
| CVE-2024-36140 | A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). T... | | |
| CVE-2024-36141 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36142 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36143 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36144 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36146 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36147 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36148 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36149 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36150 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36151 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36152 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36153 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36154 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36155 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36156 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36157 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36158 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36159 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36160 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36161 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36162 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36163 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36164 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36165 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36166 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36167 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36168 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36169 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36170 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36171 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36172 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36173 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36174 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36175 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36176 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36177 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36178 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36179 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36180 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36181 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36182 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36183 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36184 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36185 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36186 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36187 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36188 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36189 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36190 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36191 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36192 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36193 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36194 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36195 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36196 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36197 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36198 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36199 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36200 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36201 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36202 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36203 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36204 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36205 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36206 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-36207 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36208 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36209 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36210 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-36211 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-36212 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36213 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36214 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36215 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36216 | Adobe Experience Manager | Cross-site Scripting (Reflected XSS) (CWE-79) | | |
| CVE-2024-36217 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36218 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36219 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36220 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36221 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36222 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36224 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36225 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36226 | Adobe Experience Manager | Improper Input Validation (CWE-20) | | |
| CVE-2024-36227 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36228 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36229 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36230 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36231 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36232 | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | | |
| CVE-2024-36233 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36234 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36235 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36236 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36238 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36239 | Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) | | |
| CVE-2024-36241 | /playbook add slash command allows viewing arbitrary post contents | S | |
| CVE-2024-36242 | Protection mechanism failure in the SPP for some Intel(R) Processors may allow an authenticated user... | | |
| CVE-2024-36243 | Arkcompiler Ets Runtime has an out-of-bounds read vulnerability | | |
| CVE-2024-36244 | net/sched: taprio: extend minimum interval restriction to entire cycle too | | |
| CVE-2024-36245 | Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.... | | |
| CVE-2024-36246 | Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exp... | | |
| CVE-2024-36247 | Improper access control in Intel(R) RAID Web Console all versions may allow an authenticated user to... | | |
| CVE-2024-36248 | API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected ... | | |
| CVE-2024-36249 | Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple... | | |
| CVE-2024-36250 | MFA Code Replay | S | |
| CVE-2024-36251 | The web interface of the affected devices process some crafted HTTP requests improperly, leading to ... | | |
| CVE-2024-36252 | Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline... | | |
| CVE-2024-36253 | Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an auth... | | |
| CVE-2024-36254 | Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MF... | | |
| CVE-2024-36255 | Post actions can run playbook checklist task commands | S | |
| CVE-2024-36257 | Lack of permission check when updating the profile picture of a remote user (shared channels enabled) | S | |
| CVE-2024-36258 | A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functio... | | |
| CVE-2024-36259 | Improper access control in mail module of Odoo Community 17.0 and Odoo Enterprise 17.0 allows remote... | E M | |
| CVE-2024-36260 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability | | |
| CVE-2024-36261 | Improper access control in Intel(R) RAID Web Console software all versions may allow an authenticate... | | |
| CVE-2024-36262 | Race condition in some Intel(R) System Security Report and System Resources Defense firmware may all... | | |
| CVE-2024-36263 | Apache Submarine Server Core: SQL injection | S | |
| CVE-2024-36264 | Apache Submarine Commons Utils: default secret | S | |
| CVE-2024-36265 | Apache Submarine Server Core: authorization bypass | | |
| CVE-2024-36266 | A vulnerability has been identified in PowerSys (All versions < V3.11). The affected application ins... | | |
| CVE-2024-36267 | Path traversal vulnerability exists in Redmine DMSF Plugin versions prior to 3.1.4. If this vulnerab... | | |
| CVE-2024-36268 | Apache InLong TubeMQ Client: Remote Code Execution vulnerability | | |
| CVE-2024-36270 | netfilter: tproxy: bail out if IP has been disabled on the device | S | |
| CVE-2024-36272 | A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M... | | |
| CVE-2024-36274 | Out-of-bounds write in the Intel(R) 800 Series Ethernet Driver for Intel(R) Ethernet Adapter Complet... | | |
| CVE-2024-36275 | NULL pointer dereference in some Intel(R) Optane(TM) PMem Management software versions before CR_MGM... | | |
| CVE-2024-36276 | Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an ... | S | |
| CVE-2024-36277 | Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App v... | | |
| CVE-2024-36278 | Arkcompiler Ets Runtime has a type confusion vulnerability | | |
| CVE-2024-36279 | Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue e... | | |
| CVE-2024-36280 | Uncontrolled search path for some Intel(R) High Level Synthesis Compiler software before version 24.... | | |
| CVE-2024-36281 | net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules | S | |
| CVE-2024-36282 | Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update softw... | | |
| CVE-2024-36283 | Uncontrolled search path for the Intel(R) Thread Director Visualizer software before version 1.0.1 m... | | |
| CVE-2024-36284 | Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow ... | | |
| CVE-2024-36285 | Race condition in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before ... | | |
| CVE-2024-36286 | netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() | S | |
| CVE-2024-36287 | Bypass of TCC restrictions on macOS | S | |
| CVE-2024-36288 | SUNRPC: Fix loop termination condition in gss_free_in_token_pages() | S | |
| CVE-2024-36289 | Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions p... | | |
| CVE-2024-36290 | A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000... | | |
| CVE-2024-36291 | Uncontrolled search path for some Intel(R) Chipset Software Installation Utility before version 10.1... | | |
| CVE-2024-36292 | Improper buffer restrictions for some Intel(R) Data Center GPU Flex Series for Windows driver before... | | |
| CVE-2024-36293 | Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R... | | |
| CVE-2024-36294 | Insecure inherited permissions for some Intel(R) DSA software before version 24.3.26.8 may allow an ... | | |
| CVE-2024-36295 | A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M3... | | |
| CVE-2024-36302 | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at... | | |
| CVE-2024-36303 | An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local at... | | |
| CVE-2024-36304 | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agen... | | |
| CVE-2024-36305 | A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker t... | | |
| CVE-2024-36306 | A link following vulnerability in the Trend Micro Apex One and Apex One as a Service Damage Cleanup ... | | |
| CVE-2024-36307 | A security agent link following vulnerability in Trend Micro Apex One and Apex One as a Service coul... | | |
| CVE-2024-36321 | Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privi... | | |
| CVE-2024-36328 | Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentia... | | |
| CVE-2024-36336 | Integer overflow within the AMD NPU Driver could allow a local attacker to write out of bounds, pote... | | |
| CVE-2024-36337 | Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentia... | | |
| CVE-2024-36339 | A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve... | | |
| CVE-2024-36340 | A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create... | | |
| CVE-2024-36353 | Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU t... | | |
| CVE-2024-36358 | A link following vulnerability in Trend Micro Deep Security 20.x agents below build 20.0.1-3180 coul... | | |
| CVE-2024-36359 | A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance (... | | |
| CVE-2024-36360 | OS command injection vulnerability exists in awkblog v0.0.1 (commit hash:7b761b192d0e0dc3eef0f30630e... | | |
| CVE-2024-36361 | Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the... | | |
| CVE-2024-36362 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal al... | | |
| CVE-2024-36363 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code i... | | |
| CVE-2024-36364 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in P... | | |
| CVE-2024-36365 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party age... | | |
| CVE-2024-36366 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via... | | |
| CVE-2024-36367 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party r... | | |
| CVE-2024-36368 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth prov... | | |
| CVE-2024-36369 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker... | | |
| CVE-2024-36370 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connect... | | |
| CVE-2024-36371 | In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible... | | |
| CVE-2024-36372 | In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible... | | |
| CVE-2024-36373 | In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible... | | |
| CVE-2024-36374 | In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible... | | |
| CVE-2024-36375 | In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be expo... | | |
| CVE-2024-36376 | In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to t... | | |
| CVE-2024-36377 | In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions... | | |
| CVE-2024-36378 | In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tok... | | |
| CVE-2024-36383 | An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafte... | | |
| CVE-2024-36384 | Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is related to notification messages.... | | |
| CVE-2024-36387 | Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2 | | |
| CVE-2024-36388 | MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function | | |
| CVE-2024-36389 | MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values | | |
| CVE-2024-36390 | MileSight DeviceHub - CWE-20 Improper Input Validation | | |
| CVE-2024-36391 | MileSight DeviceHub - CWE-320: Key Management Errors | | |
| CVE-2024-36392 | MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | | |
| CVE-2024-36393 | SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | S | |
| CVE-2024-36394 | SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | S | |
| CVE-2024-36395 | Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | S | |
| CVE-2024-36396 | Verint - CWE-434: Unrestricted Upload of File with Dangerous Type | S | |
| CVE-2024-36397 | Vantiva - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | S | |
| CVE-2024-36398 | A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application exe... | | |
| CVE-2024-36399 | Kanboard affected by Project Takeover via IDOR in ProjectPermissionController | E S | |
| CVE-2024-36400 | nano-id is unable to generate the correct character set | E S | |
| CVE-2024-36401 | Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver | KEV E S | |
| CVE-2024-36402 | Unauthenticated writes to the media repository allow planting of problematic content in Matrix Media Repo | | |
| CVE-2024-36403 | Denial of service/high operating costs through unauthenticated downloads in Matrix Media Repo | | |
| CVE-2024-36404 | GeoTools Remote Code Execution (RCE) vulnerability in evaluating XPath expressions | | |
| CVE-2024-36405 | Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options | | |
| CVE-2024-36406 | SuiteCRM vulnerable to open redirects | | |
| CVE-2024-36407 | SuiteCRM unauthenticated user password reset on php7 | | |
| CVE-2024-36408 | SuiteCRM authenticated SQL Injection in Alerts | | |
| CVE-2024-36409 | SuiteCRM authenticated SQL Injection in TreeData entrypoint | | |
| CVE-2024-36410 | SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller | | |
| CVE-2024-36411 | SuiteCRM authenticated SQL Injection in EmailUIAjax displayView controller | | |
| CVE-2024-36412 | SuiteCRM unauthenticated SQL Injection | | |
| CVE-2024-36413 | SuiteCRM authenticated Reflected Cross-Site Scripting | | |
| CVE-2024-36414 | SuiteCRM authenticated Server-Side Request Forgery | | |
| CVE-2024-36415 | SuiteCRM Improper Control of Filename for Include Statement in PHP and Unrestricted Upload of File with Dangerous content leads to authenticated remote code execution | | |
| CVE-2024-36416 | SuiteCRM v4 API Excessive log data DOS | | |
| CVE-2024-36417 | SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame | | |
| CVE-2024-36418 | SuiteCRM authenticated RCE using connectors | | |
| CVE-2024-36419 | SuiteCRM-Core Host Header Injection in /legacy | | |
| CVE-2024-36420 | GHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-file | E | |
| CVE-2024-36421 | GHSL-2023-234: Flowise Cors Misconfiguration in packages/server/src/index.ts | E | |
| CVE-2024-36422 | GHSL-2023-245: Flowise xss in api/v1/chatflows/id | E | |
| CVE-2024-36423 | GHSL-2023-246: Flowise xss in /api/v1/public-chatflows/id | E | |
| CVE-2024-36424 | K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows local users to cause a denial of servic... | | |
| CVE-2024-36426 | In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and m... | | |
| CVE-2024-36427 | The file-serving function in TARGIT Decision Suite before 24.06.19002 (TARGIT Decision Suite 2024 – ... | | |
| CVE-2024-36428 | OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection.... | | |
| CVE-2024-36432 | An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-... | | |
| CVE-2024-36433 | An arbitrary memory write vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH... | | |
| CVE-2024-36434 | An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherbo... | | |
| CVE-2024-36435 | An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 m... | | |
| CVE-2024-36437 | The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Andro... | | |
| CVE-2024-36438 | eLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an... | | |
| CVE-2024-36439 | Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web i... | | |
| CVE-2024-36440 | An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /e... | | |
| CVE-2024-36441 | Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection t... | | |
| CVE-2024-36442 | cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gai... | | |
| CVE-2024-36443 | Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole fi... | | |
| CVE-2024-36444 | cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an unauthenticated attacker to g... | | |
| CVE-2024-36445 | Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without au... | | |
| CVE-2024-36446 | The provisioning manager component of Mitel MiVoice MX-ONE through 7.6 SP1 could allow an authentica... | | |
| CVE-2024-36448 | Apache IoTDB Workbench: SSRF Vulnerability (EOL) | | |
| CVE-2024-36450 | Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this ... | | |
| CVE-2024-36451 | Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module ... | | |
| CVE-2024-36452 | Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003... | | |
| CVE-2024-36453 | Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and... | | |
| CVE-2024-36454 | Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earl... | | |
| CVE-2024-36455 | Symantec Privileged Access Manager Remote Command Execution vulnerability | | |
| CVE-2024-36456 | Symantec Privileged Access Manager Remote Command Execution vulnerability | | |
| CVE-2024-36457 | Symantec Privileged Access Manager Authentication Bypass vulnerability | | |
| CVE-2024-36458 | Symantec Privileged Access Manager Privilege Escalation vulnerability | | |
| CVE-2024-36459 | Cross-Site Scripting Vulnerability in Symantec SiteMinder Web Agent | S | |
| CVE-2024-36460 | Front-end audit log shows passwords in plaintext | | |
| CVE-2024-36461 | Direct access to memory pointers within the JS engine for modification | | |
| CVE-2024-36462 | Allocation of resources without limits or throttling (uncontrolled resource consumption) | | |
| CVE-2024-36463 | The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use i... | | |
| CVE-2024-36464 | Media Types: Office365, SMTP passwords are unencrypted and visible in plaintext when exported | | |
| CVE-2024-36465 | SQL injection in Zabbix API | | |
| CVE-2024-36466 | Unauthenticated Zabbix frontend takeover when SSO is being used | M | |
| CVE-2024-36467 | Authentication privilege escalation via user groups due to missing authorization checks | | |
| CVE-2024-36468 | Stack buffer overflow in zbx_snmp_cache_handle_engineid | | |
| CVE-2024-36469 | User enumeration via timing attack in Zabbix web interface | | |
| CVE-2024-36470 | In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was po... | | |
| CVE-2024-36471 | Apache Allura: sensitive information exposure via DNS rebinding | | |
| CVE-2024-36472 | In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmatio... | | |
| CVE-2024-36473 | Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwri... | | |
| CVE-2024-36474 | An integer overflow vulnerability exists in the Compound Document Binary File format parser of the G... | | |
| CVE-2024-36475 | FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an act... | | |
| CVE-2024-36476 | RDMA/rtrs: Ensure 'ib_sge list' is accessible | S | |
| CVE-2024-36477 | tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer | S | |
| CVE-2024-36478 | null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' | S | |
| CVE-2024-36479 | fpga: bridge: add owner module and take its refcount | S | |
| CVE-2024-36480 | Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. I... | | |
| CVE-2024-36481 | tracing/probes: fix error check in parse_btf_field() | S | |
| CVE-2024-36482 | Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privile... | S | |
| CVE-2024-36484 | net: relax socket state check at accept time. | | |
| CVE-2024-36485 | SQL Injection | | |
| CVE-2024-36488 | Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated use... | | |
| CVE-2024-36489 | tls: fix missing memory barrier in tls_init | S | |
| CVE-2024-36491 | FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. allow an admin... | | |
| CVE-2024-36492 | Existing local user overwritten by malicious remote | S | |
| CVE-2024-36493 | A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionalit... | | |
| CVE-2024-36494 | Reflected Cross Site Scripting | S | |
| CVE-2024-36495 | Read/Write Permissions for Everyone on Configuration File | S | |
| CVE-2024-36496 | Hardcoded Credentials | E S | |
| CVE-2024-36497 | Unhashed Storage of Password | S | |
| CVE-2024-36498 | Stored cross site scripting | S | |
| CVE-2024-36499 | Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation... | | |
| CVE-2024-36500 | Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnera... | | |
| CVE-2024-36501 | Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulne... | | |
| CVE-2024-36502 | Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnera... | | |
| CVE-2024-36503 | Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulner... | | |
| CVE-2024-36504 | An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.... | S | |
| CVE-2024-36505 | An improper access control vulnerability [CWE-284] in FortiOS 7.4.0 through 7.4.3, 7.2.5 through 7.2... | S | |
| CVE-2024-36506 | An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClient... | S | |
| CVE-2024-36507 | A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0,... | S | |
| CVE-2024-36508 | An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE... | S | |
| CVE-2024-36509 | An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497... | S | |
| CVE-2024-36510 | An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.... | S | |
| CVE-2024-36511 | An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Applic... | S | |
| CVE-2024-36512 | An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiM... | S | |
| CVE-2024-36513 | A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and... | S | |
| CVE-2024-36514 | SQL Injection | | |
| CVE-2024-36515 | SQL Injection | | |
| CVE-2024-36516 | SQL Injection | | |
| CVE-2024-36517 | SQL Injection | | |
| CVE-2024-36518 | SQL Injection | | |
| CVE-2024-36522 | Apache Wicket: Remote code execution via XSLT injection | | |
| CVE-2024-36523 | An access control issue in Wvp GB28181 Pro 2.0 allows users to continue to access information in the... | | |
| CVE-2024-36526 | ZKTeco ZKBio CVSecurity v6.1.1 was discovered to contain a hardcoded cryptographic key.... | | |
| CVE-2024-36527 | puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit th... | | |
| CVE-2024-36528 | nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before have a Deserialization vulnerability... | | |
| CVE-2024-36531 | nukeviet v.4.5 and before and nukeviet-egov v.1.2.02 and before are vulnerable to arbitrary code exe... | | |
| CVE-2024-36532 | Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privile... | | |
| CVE-2024-36533 | Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privil... | | |
| CVE-2024-36534 | Insecure permissions in hwameistor v0.14.3 allows attackers to access sensitive data and escalate pr... | | |
| CVE-2024-36535 | Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privi... | | |
| CVE-2024-36536 | Insecure permissions in fabedge v0.8.1 allows attackers to access sensitive data and escalate privil... | | |
| CVE-2024-36537 | Insecure permissions in cert-manager v1.14.4 allows attackers to access sensitive data and escalate ... | | |
| CVE-2024-36538 | Insecure permissions in chaos-mesh v2.6.3 allows attackers to access sensitive data and escalate pri... | | |
| CVE-2024-36539 | Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privi... | | |
| CVE-2024-36540 | Insecure permissions in external-secrets v0.9.16 allows attackers to access sensitive data and escal... | | |
| CVE-2024-36541 | Insecure permissions in logging-operator v4.6.0 allows attackers to access sensitive data and escala... | | |
| CVE-2024-36542 | Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privilege... | | |
| CVE-2024-36543 | Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier all... | | |
| CVE-2024-36547 | idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/v... | E | |
| CVE-2024-36548 | idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal... | E | |
| CVE-2024-36549 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_dea... | E | |
| CVE-2024-36550 | idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_dea... | E | |
| CVE-2024-36553 | Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h is vulnerable to MI... | | |
| CVE-2024-36554 | Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWat... | | |
| CVE-2024-36555 | Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_... | | |
| CVE-2024-36556 | Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h, and Forever KidsWat... | | |
| CVE-2024-36557 | The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_1... | | |
| CVE-2024-36558 | Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h suffers from Cleart... | | |
| CVE-2024-36568 | Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbra... | E | |
| CVE-2024-36569 | Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editC... | E | |
| CVE-2024-36572 | Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause ot... | E | |
| CVE-2024-36573 | almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via ... | | |
| CVE-2024-36574 | A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via m... | | |
| CVE-2024-36575 | A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via glo... | | |
| CVE-2024-36577 | apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty.... | | |
| CVE-2024-36578 | akbr update 1.0.0 is vulnerable to Prototype Pollution via update/index.js.... | | |
| CVE-2024-36580 | A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code.... | | |
| CVE-2024-36581 | A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary cod... | | |
| CVE-2024-36582 | alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of... | | |
| CVE-2024-36583 | A Prototype Pollution issue in byondreal accessor <= 1.0.0 allows an attacker to execute arbitrary c... | | |
| CVE-2024-36586 | An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via ove... | | |
| CVE-2024-36587 | Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to esc... | | |
| CVE-2024-36588 | An issue in Annonshop.app DecentralizeJustice/ anonymousLocker commit 2b2b4 allows attackers to send... | | |
| CVE-2024-36589 | An issue in Annonshop.app DecentralizeJustice/anonymousLocker commit 2b2b4 to ba9fd and Decentralize... | | |
| CVE-2024-36597 | Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter ... | E | |
| CVE-2024-36598 | An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code... | | |
| CVE-2024-36599 | A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary ... | | |
| CVE-2024-36600 | Buffer Overflow Vulnerability in libcdio v2.1.0 allows an attacker to execute arbitrary code via a c... | | |
| CVE-2024-36604 | Tenda O3V2 v1.0.0.12(3880) was discovered to contain a Blind Command Injection via stpEn parameter i... | E | |
| CVE-2024-36610 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2024-36611 | In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, w... | | |
| CVE-2024-36612 | Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers.... | S | |
| CVE-2024-36613 | FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an inte... | | |
| CVE-2024-36615 | FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if... | | |
| CVE-2024-36616 | An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers t... | | |
| CVE-2024-36617 | FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder.... | | |
| CVE-2024-36618 | FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an ... | | |
| CVE-2024-36619 | FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for a... | | |
| CVE-2024-36620 | moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.... | | |
| CVE-2024-36621 | moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The... | | |
| CVE-2024-36622 | In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.... | | |
| CVE-2024-36623 | moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be ... | | |
| CVE-2024-36624 | Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_an... | | |
| CVE-2024-36625 | Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui... | | |
| CVE-2024-36626 | In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Too... | | |
| CVE-2024-36647 | A stored cross-site scripting (XSS) vulnerability in Church CRM v5.8.0 allows attackers to execute a... | | |
| CVE-2024-36650 | TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cg... | | |
| CVE-2024-36656 | In MintHCM 4.0.3, a registered user can execute arbitrary JavaScript code and achieve a reflected Cr... | | |
| CVE-2024-36667 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/... | E | |
| CVE-2024-36668 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/t... | E | |
| CVE-2024-36669 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/t... | E | |
| CVE-2024-36670 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/v... | E | |
| CVE-2024-36671 | nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the getnum ... | | |
| CVE-2024-36673 | Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login... | E | |
| CVE-2024-36674 | LyLme_spage v1.9.5 is vulnerable to Cross Site Scripting (XSS) via admin/link.php.... | | |
| CVE-2024-36675 | LyLme_spage v1.9.5 is vulnerable to Server-Side Request Forgery (SSRF) via the get_head function.... | E | |
| CVE-2024-36676 | Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system us... | | |
| CVE-2024-36677 | In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a gues... | | |
| CVE-2024-36678 | In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest ... | E | |
| CVE-2024-36679 | In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perfo... | | |
| CVE-2024-36680 | In the module "Facebook" (pkfacebook) <=1.0.1 from Promokit.eu for PrestaShop, a guest can perform S... | | |
| CVE-2024-36681 | SQL Injection vulnerability in the module "Isotope" (pk_isotope) <=1.7.3 from Promokit.eu for Presta... | | |
| CVE-2024-36682 | In the module "Theme settings" (pk_themesettings) <= 1.8.8 from Promokit.eu for PrestaShop, a guest ... | | |
| CVE-2024-36683 | SQL injection vulnerability in the module "Products Alert" (productsalert) before 1.7.4 from Smart M... | | |
| CVE-2024-36684 | In the module "Custom links" (pk_customlinks) <= 2.3 from Promokit.eu for PrestaShop, a guest can pe... | | |
| CVE-2024-36691 | Insecure permissions in the AdminController.AjaxSave() method of PPGo_Jobs v2.8.0 allows authenticat... | | |
| CVE-2024-36694 | OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Functio... | E | |
| CVE-2024-36699 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by ... | R | |
| CVE-2024-36702 | libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function ... | | |
| CVE-2024-36728 | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.... | E | |
| CVE-2024-36729 | TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary.... | E | |
| CVE-2024-36730 | Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Servi... | | |
| CVE-2024-36732 | An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an ... | | |
| CVE-2024-36734 | Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Servi... | | |
| CVE-2024-36735 | OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is f... | | |
| CVE-2024-36736 | An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calcula... | | |
| CVE-2024-36737 | Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Servi... | | |
| CVE-2024-36740 | An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when ind... | | |
| CVE-2024-36742 | An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a... | | |
| CVE-2024-36743 | An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an ... | | |
| CVE-2024-36745 | An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inpu... | | |
| CVE-2024-36751 | An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service (ReDoS... | | |
| CVE-2024-36755 | D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmwar... | | |
| CVE-2024-36760 | A stack overflow vulnerability was found in version 1.18.0 of rhai. The flaw position is: (/ SRC/rha... | | |
| CVE-2024-36761 | naga v0.14.0 was discovered to contain a stack overflow via the component /wgsl/parse/mod.rs.... | E | |
| CVE-2024-36773 | A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitra... | E | |
| CVE-2024-36774 | An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary c... | E | |
| CVE-2024-36775 | A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitra... | E | |
| CVE-2024-36779 | Sourcecodester Stock Management System v1.0 is vulnerable to SQL Injection via editCategories.php.... | E | |
| CVE-2024-36782 | TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc... | | |
| CVE-2024-36783 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection via the host_tim... | | |
| CVE-2024-36787 | An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication ... | | |
| CVE-2024-36788 | Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. T... | E | |
| CVE-2024-36789 | An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that ... | | |
| CVE-2024-36790 | Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext.... | | |
| CVE-2024-36792 | An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows at... | | |
| CVE-2024-36795 | Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URL... | | |
| CVE-2024-36800 | A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive informat... | E | |
| CVE-2024-36801 | A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive informat... | E | |
| CVE-2024-36802 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-36811 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-37295. Reason: This candidat... | R | |
| CVE-2024-36814 | An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers... | | |
| CVE-2024-36819 | MAP-OS 4.45.0 and earlier is vulnerable to Cross-Site Scripting (XSS). This vulnerability allows mal... | | |
| CVE-2024-36821 | Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate pr... | E | |
| CVE-2024-36823 | The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, le... | | |
| CVE-2024-36827 | An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of ebookmeta befor... | | |
| CVE-2024-36829 | Incorrect access control in Teldat M1 v11.00.05.50.01 allows attackers to obtain sensitive informati... | | |
| CVE-2024-36831 | A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIR... | | |
| CVE-2024-36832 | A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial ... | | |
| CVE-2024-36837 | SQL Injection vulnerability in CRMEB v.5.2.2 allows a remote attacker to obtain sensitive informatio... | | |
| CVE-2024-36840 | SQL Injection vulnerability in Boelter Blue System Management v.1.3 allows a remote attacker to exec... | | |
| CVE-2024-36842 | An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Nu... | | |
| CVE-2024-36843 | libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function.... | E | |
| CVE-2024-36844 | libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulne... | E | |
| CVE-2024-36845 | An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a ... | E | |
| CVE-2024-36856 | RMQTT Broker 0.4.0 allows remote attackers to cause a Denial of Service (daemon crash) via a certain... | | |
| CVE-2024-36857 | Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/readFileS... | E | |
| CVE-2024-36858 | An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows ... | E | |
| CVE-2024-36877 | Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B76... | | |
| CVE-2024-36880 | Bluetooth: qca: add missing firmware sanity checks | | |
| CVE-2024-36881 | mm/userfaultfd: reset ptes when close() for wr-protected ones | S | |
| CVE-2024-36882 | mm: use memalloc_nofs_save() in page_cache_ra_order() | S | |
| CVE-2024-36883 | net: fix out-of-bounds access in ops_init | | |
| CVE-2024-36884 | iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() | S | |
| CVE-2024-36885 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-36886 | tipc: fix UAF in error path | | |
| CVE-2024-36887 | e1000e: change usleep_range to udelay in PHY mdic access | | |
| CVE-2024-36888 | workqueue: Fix selection of wake_cpu in kick_pool() | S | |
| CVE-2024-36889 | mptcp: ensure snd_nxt is properly initialized on connect | | |
| CVE-2024-36890 | mm/slab: make __free(kfree) accept error pointers | | |
| CVE-2024-36891 | maple_tree: fix mas_empty_area_rev() null pointer dereference | S | |
| CVE-2024-36892 | mm/slub: avoid zeroing outside-object freepointer for single free | | |
| CVE-2024-36893 | usb: typec: tcpm: Check for port partner validity before consuming it | S | |
| CVE-2024-36894 | usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete | S | |
| CVE-2024-36895 | usb: gadget: uvc: use correct buffer size when parsing configfs lists | | |
| CVE-2024-36896 | USB: core: Fix access violation during port device removal | S | |
| CVE-2024-36897 | drm/amd/display: Atom Integrated System Info v2_2 for DCN35 | S | |
| CVE-2024-36898 | gpiolib: cdev: fix uninitialised kfifo | | |
| CVE-2024-36899 | gpiolib: cdev: Fix use after free in lineinfo_changed_notify | S | |
| CVE-2024-36900 | net: hns3: fix kernel crash when devlink reload during initialization | | |
| CVE-2024-36901 | ipv6: prevent NULL dereference in ip6_output() | S | |
| CVE-2024-36902 | ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() | S | |
| CVE-2024-36903 | ipv6: Fix potential uninit-value access in __ip6_make_skb() | S | |
| CVE-2024-36904 | tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). | | |
| CVE-2024-36905 | tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets | | |
| CVE-2024-36906 | ARM: 9381/1: kasan: clear stale stack poison | | |
| CVE-2024-36907 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-36908 | blk-iocost: do not WARN if iocg was already offlined | | |
| CVE-2024-36909 | Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted | | |
| CVE-2024-36910 | uio_hv_generic: Don't free decrypted memory | S | |
| CVE-2024-36911 | hv_netvsc: Don't free decrypted memory | | |
| CVE-2024-36912 | Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl | S | |
| CVE-2024-36913 | Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails | S | |
| CVE-2024-36914 | drm/amd/display: Skip on writeback when it's not applicable | | |
| CVE-2024-36915 | nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies | | |
| CVE-2024-36916 | blk-iocost: avoid out of bounds shift | | |
| CVE-2024-36917 | block: fix overflow in blk_ioctl_discard() | | |
| CVE-2024-36918 | bpf: Check bloom filter map value size | | |
| CVE-2024-36919 | scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload | | |
| CVE-2024-36920 | scsi: mpi3mr: Avoid memcpy field-spanning write WARNING | | |
| CVE-2024-36921 | wifi: iwlwifi: mvm: guard against invalid STA ID on removal | S | |
| CVE-2024-36922 | wifi: iwlwifi: read txq->read_ptr under lock | | |
| CVE-2024-36923 | fs/9p: fix uninitialized values during inode evict | S | |
| CVE-2024-36924 | scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() | S | |
| CVE-2024-36925 | swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y | S | |
| CVE-2024-36926 | powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE | S | |
| CVE-2024-36927 | ipv4: Fix uninit-value access in __ip_make_skb() | S | |
| CVE-2024-36928 | s390/qeth: Fix kernel panic after setting hsuid | S | |
| CVE-2024-36929 | net: core: reject skb_copy(_expand) for fraglist GSO skbs | | |
| CVE-2024-36930 | spi: fix null pointer dereference within spi_sync | S | |
| CVE-2024-36931 | s390/cio: Ensure the copied buf is NUL terminated | S | |
| CVE-2024-36932 | thermal/debugfs: Prevent use-after-free from occurring after cdev removal | S | |
| CVE-2024-36933 | nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). | | |
| CVE-2024-36934 | bna: ensure the copied buf is NUL terminated | | |
| CVE-2024-36935 | ice: ensure the copied buf is NUL terminated | S | |
| CVE-2024-36936 | efi/unaccepted: touch soft lockup during memory accept | | |
| CVE-2024-36937 | xdp: use flags field to disambiguate broadcast redirect | | |
| CVE-2024-36938 | bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue | S | |
| CVE-2024-36939 | nfs: Handle error of rpc_proc_register() in nfs_net_init(). | | |
| CVE-2024-36940 | pinctrl: core: delete incorrect free in pinctrl_enable() | S | |
| CVE-2024-36941 | wifi: nl80211: don't free NULL coalescing rule | S | |
| CVE-2024-36942 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-36943 | fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan | | |
| CVE-2024-36944 | Reapply "drm/qxl: simplify qxl_fence_wait" | S | |
| CVE-2024-36945 | net/smc: fix neighbour and rtable leak in smc_ib_find_route() | | |
| CVE-2024-36946 | phonet: fix rtm_phonet_notify() skb allocation | | |
| CVE-2024-36947 | qibfs: fix dentry leak | | |
| CVE-2024-36948 | drm/xe/xe_migrate: Cast to output precision before multiplying operands | | |
| CVE-2024-36949 | amd/amdkfd: sync all devices to wait all processes being evicted | | |
| CVE-2024-36950 | firewire: ohci: mask bus reset interrupts between ISR and bottom half | | |
| CVE-2024-36951 | drm/amdkfd: range check cp bad op exception interrupts | | |
| CVE-2024-36952 | scsi: lpfc: Move NPIV's transport unregistration to after resource clean up | | |
| CVE-2024-36953 | KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() | | |
| CVE-2024-36954 | tipc: fix a possible memleak in tipc_buf_append | S | |
| CVE-2024-36955 | ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() | S | |
| CVE-2024-36956 | thermal/debugfs: Free all thermal zone debug memory on zone removal | | |
| CVE-2024-36957 | octeontx2-af: avoid off-by-one read from userspace | | |
| CVE-2024-36958 | NFSD: Fix nfsd4_encode_fattr4() crasher | | |
| CVE-2024-36959 | pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() | S | |
| CVE-2024-36960 | drm/vmwgfx: Fix invalid reads in fence signaled events | S | |
| CVE-2024-36961 | thermal/debugfs: Fix two locking issues with thermal zone debug | | |
| CVE-2024-36962 | net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs | | |
| CVE-2024-36963 | tracefs: Reset permissions on remount if permissions are options | | |
| CVE-2024-36964 | fs/9p: only translate RWX permissions for plain 9P2000 | | |
| CVE-2024-36965 | remoteproc: mediatek: Make sure IPI buffer fits in L2TCM | S | |
| CVE-2024-36966 | erofs: reliably distinguish block based and fscache mode | | |
| CVE-2024-36967 | KEYS: trusted: Fix memory leak in tpm2_key_encode() | S | |
| CVE-2024-36968 | Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() | S | |
| CVE-2024-36969 | drm/amd/display: Fix division by zero in setup_dsc_config | S | |
| CVE-2024-36970 | wifi: iwlwifi: Use request_module_nowait | S | |
| CVE-2024-36971 | net: fix __dst_negative_advice() race | KEV S | |
| CVE-2024-36972 | af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock. | S | |
| CVE-2024-36973 | misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe() | S | |
| CVE-2024-36974 | net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP | | |
| CVE-2024-36975 | KEYS: trusted: Do not use WARN when encode fails | | |
| CVE-2024-36976 | Revert "media: v4l2-ctrls: show all owned controls in log_status" | S | |
| CVE-2024-36977 | usb: dwc3: Wait unconditionally after issuing EndXfer command | | |
| CVE-2024-36978 | net: sched: sch_multiq: fix possible OOB write in multiq_tune() | S | |
| CVE-2024-36979 | net: bridge: mst: fix vlan use-after-free | S | |
| CVE-2024-36980 | An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functional... | E | |
| CVE-2024-36981 | An out-of-bounds read vulnerability exists in the OpenPLC Runtime EtherNet/IP PCCC parser functional... | E | |
| CVE-2024-36982 | Denial of Service through null pointer reference in “cluster/config” REST endpoint | | |
| CVE-2024-36983 | Command Injection using External Lookups | | |
| CVE-2024-36984 | Remote Code Execution through Serialized Session Payload in Splunk Enterprise on Windows | | |
| CVE-2024-36985 | Remote Code Execution (RCE) through an external lookup due to “copybuckets.py“ script in the “splunk_archiver“ application in Splunk Enterprise | | |
| CVE-2024-36986 | Risky command safeguards bypass through Search ID query in Analytics Workspace | M | |
| CVE-2024-36987 | Insecure File Upload in the indexing/preview REST endpoint | | |
| CVE-2024-36989 | Low-privileged user could create notifications in Splunk Web Bulletin Messages | | |
| CVE-2024-36990 | Denial of Service (DoS) on the datamodel/web REST endpoint | E | |
| CVE-2024-36991 | Path Traversal on the “/modules/messaging/“ endpoint in Splunk Enterprise on Windows | | |
| CVE-2024-36992 | Persistent Cross-site Scripting (XSS) in Dashboard Elements | | |
| CVE-2024-36993 | Persistent Cross-site Scripting (XSS) in Web Bulletin | E | |
| CVE-2024-36994 | Persistent Cross-site Scripting (XSS) in Dashboard Elements | | |
| CVE-2024-36995 | Low-privileged user could create experimental items | | |
| CVE-2024-36996 | Information Disclosure of user names | | |
| CVE-2024-36997 | Persistent Cross-site Scripting (XSS) in conf-web/settings REST endpoint | | |
| CVE-2024-36999 | Multiple ZDI Vulnerabilities in Autodesk AutoCAD and certain AutoCAD-based products | |