CVE-2024-38xxx

There are 830 CVE in this subgroup.
Last updated: 
← Back to 2024
ID Summary Flags Max Score
CVE-2024-38002 The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through ...
CVE-2024-38010 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-38011 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-38013 Microsoft Windows Server Backup Elevation of Privilege Vulnerability
S
CVE-2024-38014 Windows Installer Elevation of Privilege Vulnerability
KEV S
CVE-2024-38015 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
S
CVE-2024-38016 Microsoft Office Visio Remote Code Execution Vulnerability
S
CVE-2024-38017 Microsoft Message Queuing Information Disclosure Vulnerability
S
CVE-2024-38018 Microsoft SharePoint Server Remote Code Execution Vulnerability
S
CVE-2024-38019 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
S
CVE-2024-38020 Microsoft Outlook Spoofing Vulnerability
S
CVE-2024-38021 Microsoft Outlook Remote Code Execution Vulnerability
S
CVE-2024-38022 Windows Image Acquisition Elevation of Privilege Vulnerability
S
CVE-2024-38023 Microsoft SharePoint Server Remote Code Execution Vulnerability
S
CVE-2024-38024 Microsoft SharePoint Server Remote Code Execution Vulnerability
S
CVE-2024-38025 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
S
CVE-2024-38027 Windows Line Printer Daemon Service Denial of Service Vulnerability
S
CVE-2024-38028 Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability
S
CVE-2024-38029 Microsoft OpenSSH for Windows Remote Code Execution Vulnerability
S
CVE-2024-38030 Windows Themes Spoofing Vulnerability
S
CVE-2024-38031 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
S
CVE-2024-38032 Microsoft Xbox Remote Code Execution Vulnerability
S
CVE-2024-38033 PowerShell Elevation of Privilege Vulnerability
S
CVE-2024-38034 Windows Filtering Platform Elevation of Privilege Vulnerability
S
CVE-2024-38036 BUG-000154827 - Reflected XSS in ArcGIS Experience Builder
CVE-2024-38037 BUG-000167983 - Unvalidated redirect in Portal for ArcGIS
CVE-2024-38038 BUG-000165732 - Reflected XSS in Portal for ArcGIS
CVE-2024-38039 BUG-000161683 - HTML injection vulnerability in Portal for ArcGIS.
CVE-2024-38040 BUG-000167984 - Portal for ArcGIS has a Local file inclusion (LFI) vulnerability
CVE-2024-38041 Windows Kernel Information Disclosure Vulnerability
S
CVE-2024-38043 PowerShell Elevation of Privilege Vulnerability
S
CVE-2024-38044 DHCP Server Service Remote Code Execution Vulnerability
S
CVE-2024-38045 Windows TCP/IP Remote Code Execution Vulnerability
S
CVE-2024-38046 PowerShell Elevation of Privilege Vulnerability
S
CVE-2024-38047 PowerShell Elevation of Privilege Vulnerability
S
CVE-2024-38048 Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability
S
CVE-2024-38049 Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability
S
CVE-2024-38050 Windows Workstation Service Elevation of Privilege Vulnerability
S
CVE-2024-38051 Windows Graphics Component Remote Code Execution Vulnerability
S
CVE-2024-38052 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
S
CVE-2024-38053 Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability
S
CVE-2024-38054 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
S
CVE-2024-38055 Microsoft Windows Codecs Library Information Disclosure Vulnerability
S
CVE-2024-38056 Microsoft Windows Codecs Library Information Disclosure Vulnerability
S
CVE-2024-38057 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
S
CVE-2024-38058 BitLocker Security Feature Bypass Vulnerability
S
CVE-2024-38059 Win32k Elevation of Privilege Vulnerability
S
CVE-2024-38060 Windows Imaging Component Remote Code Execution Vulnerability
S
CVE-2024-38061 DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability
S
CVE-2024-38062 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
S
CVE-2024-38063 Windows TCP/IP Remote Code Execution Vulnerability
S
CVE-2024-38064 Windows TCP/IP Information Disclosure Vulnerability
S
CVE-2024-38065 Secure Boot Security Feature Bypass Vulnerability
S
CVE-2024-38066 Windows Win32k Elevation of Privilege Vulnerability
S
CVE-2024-38067 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
S
CVE-2024-38068 Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability
S
CVE-2024-38069 Windows Enroll Engine Security Feature Bypass Vulnerability
S
CVE-2024-38070 Windows LockDown Policy (WLDP) Security Feature Bypass Vulnerability
S
CVE-2024-38071 Windows Remote Desktop Licensing Service Denial of Service Vulnerability
S
CVE-2024-38072 Windows Remote Desktop Licensing Service Denial of Service Vulnerability
S
CVE-2024-38073 Windows Remote Desktop Licensing Service Denial of Service Vulnerability
S
CVE-2024-38074 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
S
CVE-2024-38076 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
S
CVE-2024-38077 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
S
CVE-2024-38078 Xbox Wireless Adapter Remote Code Execution Vulnerability
S
CVE-2024-38079 Windows Graphics Component Elevation of Privilege Vulnerability
S
CVE-2024-38080 Windows Hyper-V Elevation of Privilege Vulnerability
KEV S
CVE-2024-38081 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
S
CVE-2024-38082 Microsoft Edge (Chromium-based) Spoofing Vulnerability
S
CVE-2024-38083 Microsoft Edge (Chromium-based) Spoofing Vulnerability
S
CVE-2024-38084 Microsoft OfficePlus Elevation of Privilege Vulnerability
S
CVE-2024-38085 Windows Graphics Component Elevation of Privilege Vulnerability
S
CVE-2024-38086 Azure Kinect SDK Remote Code Execution Vulnerability
S
CVE-2024-38087 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-38088 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
S
CVE-2024-38089 Microsoft Defender for IoT Elevation of Privilege Vulnerability
S
CVE-2024-38091 Microsoft WS-Discovery Denial of Service Vulnerability
S
CVE-2024-38092 Azure CycleCloud Elevation of Privilege Vulnerability
S
CVE-2024-38093 Microsoft Edge (Chromium-based) Spoofing Vulnerability
S
CVE-2024-38094 Microsoft SharePoint Remote Code Execution Vulnerability
KEV S
CVE-2024-38095 .NET and Visual Studio Denial of Service Vulnerability
S
CVE-2024-38097 Azure Monitor Agent Elevation of Privilege Vulnerability
S
CVE-2024-38098 Azure Connected Machine Agent Elevation of Privilege Vulnerability
S
CVE-2024-38099 Windows Remote Desktop Licensing Service Denial of Service Vulnerability
S
CVE-2024-38100 Windows File Explorer Elevation of Privilege Vulnerability
S
CVE-2024-38101 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
S
CVE-2024-38102 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
S
CVE-2024-38103 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
S
CVE-2024-38104 Windows Fax Service Remote Code Execution Vulnerability
S
CVE-2024-38105 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
S
CVE-2024-38106 Windows Kernel Elevation of Privilege Vulnerability
KEV S
CVE-2024-38107 Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
KEV S
CVE-2024-38108 Azure Stack Hub Spoofing Vulnerability
S
CVE-2024-38109 Azure Health Bot Elevation of Privilege Vulnerability
S
CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability
KEV S
CVE-2024-38114 Windows IP Routing Management Snapin Remote Code Execution Vulnerability
S
CVE-2024-38115 Windows IP Routing Management Snapin Remote Code Execution Vulnerability
S
CVE-2024-38116 Windows IP Routing Management Snapin Remote Code Execution Vulnerability
S
CVE-2024-38117 NTFS Elevation of Privilege Vulnerability
S
CVE-2024-38118 Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
S
CVE-2024-38119 Windows Network Address Translation (NAT) Remote Code Execution Vulnerability
S
CVE-2024-38120 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-38121 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-38122 Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability
S
CVE-2024-38123 Windows Bluetooth Driver Information Disclosure Vulnerability
S
CVE-2024-38124 Windows Netlogon Elevation of Privilege Vulnerability
S
CVE-2024-38125 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
S
CVE-2024-38126 Windows Network Address Translation (NAT) Denial of Service Vulnerability
S
CVE-2024-38127 Windows Hyper-V Elevation of Privilege Vulnerability
S
CVE-2024-38128 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-38129 Windows Kerberos Elevation of Privilege Vulnerability
S
CVE-2024-38130 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-38131 Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
S
CVE-2024-38132 Windows Network Address Translation (NAT) Denial of Service Vulnerability
S
CVE-2024-38133 Windows Kernel Elevation of Privilege Vulnerability
S
CVE-2024-38134 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
S
CVE-2024-38135 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
S
CVE-2024-38136 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
S
CVE-2024-38137 Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
S
CVE-2024-38138 Windows Deployment Services Remote Code Execution Vulnerability
S
CVE-2024-38139 Microsoft Dataverse Elevation of Privilege Vulnerability
S
CVE-2024-38140 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
S
CVE-2024-38141 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
S
CVE-2024-38142 Windows Secure Kernel Mode Elevation of Privilege Vulnerability
S
CVE-2024-38143 Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
S
CVE-2024-38144 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
S
CVE-2024-38145 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
S
CVE-2024-38146 Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability
S
CVE-2024-38147 Microsoft DWM Core Library Elevation of Privilege Vulnerability
S
CVE-2024-38148 Windows Secure Channel Denial of Service Vulnerability
S
CVE-2024-38149 BranchCache Denial of Service Vulnerability
S
CVE-2024-38150 Windows DWM Core Library Elevation of Privilege Vulnerability
S
CVE-2024-38151 Windows Kernel Information Disclosure Vulnerability
S
CVE-2024-38152 Windows OLE Remote Code Execution Vulnerability
S
CVE-2024-38153 Windows Kernel Elevation of Privilege Vulnerability
S
CVE-2024-38154 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-38155 Security Center Broker Information Disclosure Vulnerability
S
CVE-2024-38156 Microsoft Edge (Chromium-based) Spoofing Vulnerability
S
CVE-2024-38157 Azure IoT SDK Remote Code Execution Vulnerability
S
CVE-2024-38158 Azure IoT SDK Remote Code Execution Vulnerability
S
CVE-2024-38159 Windows Network Virtualization Remote Code Execution Vulnerability
S
CVE-2024-38160 Windows Network Virtualization Remote Code Execution Vulnerability
S
CVE-2024-38161 Windows Mobile Broadband Driver Remote Code Execution Vulnerability
S
CVE-2024-38162 Azure Connected Machine Agent Elevation of Privilege Vulnerability
S
CVE-2024-38163 Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-38164 GroupMe Elevation of Privilege Vulnerability
S
CVE-2024-38165 Windows Compressed Folder Tampering Vulnerability
S
CVE-2024-38166 Microsoft Dynamics 365 Cross-site Scripting Vulnerability
S
CVE-2024-38167 .NET and Visual Studio Information Disclosure Vulnerability
S
CVE-2024-38168 .NET and Visual Studio Denial of Service Vulnerability
S
CVE-2024-38169 Microsoft Office Visio Remote Code Execution Vulnerability
S
CVE-2024-38170 Microsoft Excel Remote Code Execution Vulnerability
S
CVE-2024-38171 Microsoft PowerPoint Remote Code Execution Vulnerability
S
CVE-2024-38172 Microsoft Excel Remote Code Execution Vulnerability
S
CVE-2024-38173 Microsoft Outlook Remote Code Execution Vulnerability
S
CVE-2024-38175 Azure Managed Instance for Apache Cassandra Elevation of Privilege Vulnerability
CVE-2024-38176 GroupMe Elevation of Privilege Vulnerability
S
CVE-2024-38177 Windows App Installer Spoofing Vulnerability
S
CVE-2024-38178 Scripting Engine Memory Corruption Vulnerability
KEV S
CVE-2024-38179 Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability
S
CVE-2024-38180 Windows SmartScreen Security Feature Bypass Vulnerability
S
CVE-2024-38182 Microsoft Dynamics 365 Elevation of Privilege Vulnerability
CVE-2024-38183 GroupMe Elevation of Privilege Vulnerability
S
CVE-2024-38184 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
S
CVE-2024-38185 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
S
CVE-2024-38186 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
S
CVE-2024-38187 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
S
CVE-2024-38188 Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
S
CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability
KEV S
CVE-2024-38190 Power Platform Information Disclosure Vulnerability
S
CVE-2024-38191 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
S
CVE-2024-38193 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
KEV E S
CVE-2024-38194 Azure Web Apps Elevation of Privilege Vulnerability
S
CVE-2024-38195 Azure CycleCloud Remote Code Execution Vulnerability
S
CVE-2024-38196 Windows Common Log File System Driver Elevation of Privilege Vulnerability
S
CVE-2024-38197 Microsoft Teams for iOS Spoofing Vulnerability
S
CVE-2024-38198 Windows Print Spooler Elevation of Privilege Vulnerability
S
CVE-2024-38199 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
S
CVE-2024-38200 Microsoft Office Spoofing Vulnerability
S
CVE-2024-38201 Azure Stack Hub Elevation of Privilege Vulnerability
S
CVE-2024-38202 Windows Update Stack Elevation of Privilege Vulnerability
S
CVE-2024-38203 Windows Package Library Manager Information Disclosure Vulnerability
S
CVE-2024-38204 Imagine Cup site Information Disclosure Vulnerability
S
CVE-2024-38206 Microsoft Copilot Studio Information Disclosure Vulnerability
S
CVE-2024-38207 Microsoft Edge (HTML-based) Memory Corruption Vulnerability
S
CVE-2024-38208 Microsoft Edge for Android Spoofing Vulnerability
S
CVE-2024-38209 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
S
CVE-2024-38210 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
S
CVE-2024-38211 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
S
CVE-2024-38212 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-38213 Windows Mark of the Web Security Feature Bypass Vulnerability
KEV S
CVE-2024-38214 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
S
CVE-2024-38215 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
S
CVE-2024-38216 Azure Stack Hub Elevation of Privilege Vulnerability
S
CVE-2024-38217 Windows Mark of the Web Security Feature Bypass Vulnerability
KEV E S
CVE-2024-38218 Microsoft Edge (HTML-based) Memory Corruption Vulnerability
CVE-2024-38219 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
S
CVE-2024-38220 Azure Stack Hub Elevation of Privilege Vulnerability
S
CVE-2024-38221 Microsoft Edge (Chromium-based) Spoofing Vulnerability
S
CVE-2024-38222 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
S
CVE-2024-38223 Windows Initial Machine Configuration Elevation of Privilege Vulnerability
S
CVE-2024-38225 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
S
CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability
KEV S
CVE-2024-38227 Microsoft SharePoint Server Remote Code Execution Vulnerability
S
CVE-2024-38228 Microsoft SharePoint Server Remote Code Execution Vulnerability
S
CVE-2024-38229 .NET and Visual Studio Remote Code Execution Vulnerability
S
CVE-2024-38230 Windows Standards-Based Storage Management Service Denial of Service Vulnerability
S
CVE-2024-38231 Windows Remote Desktop Licensing Service Denial of Service Vulnerability
S
CVE-2024-38232 Windows Networking Denial of Service Vulnerability
S
CVE-2024-38233 Windows Networking Denial of Service Vulnerability
S
CVE-2024-38234 Windows Networking Denial of Service Vulnerability
S
CVE-2024-38235 Windows Hyper-V Denial of Service Vulnerability
S
CVE-2024-38236 DHCP Server Service Denial of Service Vulnerability
S
CVE-2024-38237 Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
S
CVE-2024-38238 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
S
CVE-2024-38239 Windows Kerberos Elevation of Privilege Vulnerability
S
CVE-2024-38240 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
S
CVE-2024-38241 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
S
CVE-2024-38242 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
S
CVE-2024-38243 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
S
CVE-2024-38244 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
S
CVE-2024-38245 Kernel Streaming Service Driver Elevation of Privilege Vulnerability
S
CVE-2024-38246 Win32k Elevation of Privilege Vulnerability
S
CVE-2024-38247 Windows Graphics Component Elevation of Privilege Vulnerability
S
CVE-2024-38248 Windows Storage Elevation of Privilege Vulnerability
S
CVE-2024-38249 Windows Graphics Component Elevation of Privilege Vulnerability
S
CVE-2024-38250 Windows Graphics Component Elevation of Privilege Vulnerability
S
CVE-2024-38252 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
S
CVE-2024-38253 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
S
CVE-2024-38254 Windows Authentication Information Disclosure Vulnerability
S
CVE-2024-38255 SQL Server Native Client Remote Code Execution Vulnerability
S
CVE-2024-38256 Windows Kernel-Mode Driver Information Disclosure Vulnerability
S
CVE-2024-38257 Microsoft AllJoyn API Information Disclosure Vulnerability
S
CVE-2024-38258 Windows Remote Desktop Licensing Service Information Disclosure Vulnerability
S
CVE-2024-38259 Microsoft Management Console Remote Code Execution Vulnerability
S
CVE-2024-38260 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
S
CVE-2024-38261 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-38262 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
S
CVE-2024-38263 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
S
CVE-2024-38264 Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
S
CVE-2024-38265 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
S
CVE-2024-38266 An improper restriction of operations within the bounds of a memory buffer in the parameter type par...
CVE-2024-38267 An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parse...
CVE-2024-38268 An improper restriction of operations within the bounds of a memory buffer in the MAC address parser...
CVE-2024-38269 An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing h...
CVE-2024-38270 An insufficient entropy vulnerability caused by the improper use of a randomness function with low e...
CVE-2024-38271 Denial of Service in Quick Share
S
CVE-2024-38272 Auth Bypass in Quick Share
S
CVE-2024-38273 moodle: BigBlueButton web service leaks meeting joining information to users who should not have access
CVE-2024-38274 moodle: stored XSS via calendar's event title when deleting the event
CVE-2024-38275 moodle: HTTP authorization header is preserved between "emulated redirects"
CVE-2024-38276 moodle: CSRF risks due to misuse of confirm_sesskey
S
CVE-2024-38277 moodle: QR login key and auto-login key for the Moodle mobile app should be generated as separate keys
CVE-2024-38278 A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0), RUGGEDCOM RMC...
CVE-2024-38279 Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
S
CVE-2024-38280 Cleartext Storage in a File or on Disk in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
S
CVE-2024-38281 Use of Hard-coded Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
S
CVE-2024-38282 Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
S
CVE-2024-38283 Missing Encryption of Sensitive Data in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
S
CVE-2024-38284 Authentication Bypass by Capture-replay in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
S
CVE-2024-38285 Insufficiently Protected Credentials in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)
S
CVE-2024-38286 Apache Tomcat: Denial of Service
CVE-2024-38287 The password-reset mechanism in the Forgot Password functionality in R-HUB TurboMeeting through 8.x ...
CVE-2024-38288 A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeti...
E
CVE-2024-38289 A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMee...
E
CVE-2024-38290 In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditi...
CVE-2024-38291 In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could l...
CVE-2024-38292 In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal i...
CVE-2024-38293 ALCASAR before 3.6.1 allows CSRF and remote code execution in activity.php....
CVE-2024-38294 ALCASAR before 3.6.1 allows email_registration_back.php remote code execution....
CVE-2024-38295 ALCASAR before 3.6.1 allows still_connected.php remote code execution....
CVE-2024-38296 Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12...
CVE-2024-38301 Dell Alienware Command Center, version 5.7.3.0 and prior, contains an improper access control vulner...
CVE-2024-38302 Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerabi...
CVE-2024-38303 Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Valid...
CVE-2024-38304 Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Loc...
CVE-2024-38305 Dell SupportAssist for Home PCs Installer exe version 4.0.3 contains a privilege escalation vulnerab...
CVE-2024-38306 btrfs: protect folio::private when attaching extent buffer folios
CVE-2024-38307 Improper input validation in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability ...
CVE-2024-38308 Advantech ADAM-5550 Cross-site Scripting
S
CVE-2024-38309 There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELL...
CVE-2024-38310 Improper access control in some Intel(R) Graphics Driver software installers may allow an authentica...
CVE-2024-38311 Apache Traffic Server: Request smuggling via pipelining after a chunked message body
CVE-2024-38312 When browsing private tabs, some data related to location history or webpage thumbnails could be per...
CVE-2024-38313 In certain scenarios a malicious website could attempt to display a fake location URL bar which coul...
CVE-2024-38314 IBM Maximo Application Suite - Monitor Component information disclosure
CVE-2024-38315 IBM Aspera Shares session fixation
CVE-2024-38316 IBM Aspera Shares Denial of Service
CVE-2024-38317 IBM Aspera Shares Cross-Site Scripting
CVE-2024-38318 IBM Aspera Shares HTML injection
CVE-2024-38319 IBM Security SOAR code execution
CVE-2024-38320 IBM Storage Protect for Virtual Environments: Data Protection for VMware information disclosure
CVE-2024-38321 IBM Business Automation Workflow information disclosure
CVE-2024-38322 IBM Storage Defender information disclosure
CVE-2024-38324 IBM Storage Defender improper certificate validation
CVE-2024-38325 IBM Storage Defender information disclosure
CVE-2024-38329 IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass
CVE-2024-38330 IBM i privilege escalation
CVE-2024-38337 IBM Sterling Secure Proxy improper input validation
CVE-2024-38341 IBM Sterling Secure Proxy information disclosure
S
CVE-2024-38344 A cross-site request forgery vulnerability exists in WP Tweet Walls versions prior to 1.0.4. If this...
CVE-2024-38345 A cross-site request forgery vulnerability exists in Sola Testimonials versions prior to 3.0.0. If t...
CVE-2024-38346 Apache CloudStack: Unauthenticated cluster service port leads to remote execution
S
CVE-2024-38347 CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection v...
E
CVE-2024-38348 CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection v...
E
CVE-2024-38351 Password auth and OAuth2 unverified email linking
CVE-2024-38352 Rejected reason: CVE was assigned in error....
R
CVE-2024-38353 CodiMD - Missing Image Access Controls and Unauthorized Image Access
CVE-2024-38354 Cross-site Scripting in Hackmd.io Notes lead by HTML Injection
E
CVE-2024-38355 Unhandled 'error' event in socket.io
CVE-2024-38356 TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
CVE-2024-38357 TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
CVE-2024-38358 Symlink bypasses filesystem sandbox in wasmer
CVE-2024-38359 Lightning Network Daemon Onion Bomb
CVE-2024-38360 Denial of service via Watched Words in Discourse
CVE-2024-38361 Permissions processing error in spacedb
CVE-2024-38363 Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte
CVE-2024-38364 DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
CVE-2024-38365 btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
CVE-2024-38366 CoacoaPods trunk RCE in email verification system rfc-822
E
CVE-2024-38367 CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking
E S
CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods
S
CVE-2024-38369 XWiki programming rights may be inherited by inclusion
CVE-2024-38370 GLPI allows API document download without rights
CVE-2024-38371 Insufficient access control for OAuth2 Device Code flow in authentik
CVE-2024-38372 Undici vulnerable to data leak when using response.arrayBuffer()
CVE-2024-38373 FreeRTOS-Plus-TCP Buffer Over-Read in DNS Response Parser
CVE-2024-38374 Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
CVE-2024-38375 @fastly/js-compute use-after-free in some host call implementations
CVE-2024-38379 Apache Allura: Stored authenticated XSS
CVE-2024-38380 Millbeck Communications Proroute H685t-w Cross-site Scripting.
S
CVE-2024-38381 nfc: nci: Fix uninit-value in nci_rx_work
S
CVE-2024-38382 Ability Runtime has an out-of-bounds read permission bypass vulnerability
CVE-2024-38383 Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before ...
S
CVE-2024-38384 blk-cgroup: fix list corruption from reorder of WRITE ->lqueued
S
CVE-2024-38385 genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()
S
CVE-2024-38386 Arkcompiler Ets Runtime has an out-of-bounds write vulnerability
CVE-2024-38387 Uncontrolled search path in the Intel(R) Graphics Driver installers for versions 15.40 and 15.45 may...
CVE-2024-38388 ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
S
CVE-2024-38389 There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0...
CVE-2024-38390 drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails
S
CVE-2024-38391 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-38392 Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of reso...
CVE-2024-38394 Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0...
CVE-2024-38395 In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remo...
CVE-2024-38396 An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report...
CVE-2024-38397 Buffer Over-read in WLAN Host Communication
CVE-2024-38399 Use After Free in Graphics
CVE-2024-38401 Use After Free in Qualcomm IPC
S
CVE-2024-38402 Use After Free in DSP Services
S
CVE-2024-38403 Buffer Over-read in WLAN Firmware
S
CVE-2024-38404 Buffer Over-read in Multi Mode Call Processor
CVE-2024-38405 Buffer Over-read in WLAN Host
S
CVE-2024-38406 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera
S
CVE-2024-38407 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera
S
CVE-2024-38408 Cryptographic Issues in BT Controller
S
CVE-2024-38409 Buffer Copy Without Checking Size of Input in WLAN Windows Host
S
CVE-2024-38410 Stack-based Buffer Overflow in WLAN Windows Host
S
CVE-2024-38411 Use After Free in Computer Vision
S
CVE-2024-38412 Use After Free in Computer Vision
S
CVE-2024-38413 Improper Input Validation in Computer Vision
S
CVE-2024-38414 Buffer Over-read in Computer Vision
S
CVE-2024-38415 Use After Free in Computer Vision
S
CVE-2024-38416 Buffer Over-read in Audio
S
CVE-2024-38417 Buffer Over-read in Automotive Multimedia
S
CVE-2024-38418 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Linux
S
CVE-2024-38419 Use After Free in Automotive GPU
S
CVE-2024-38420 Improper Input Validation in Hypervisor
CVE-2024-38421 Use After Free in Graphics Linux
S
CVE-2024-38422 Integer Overflow to Buffer Overflow in Audio
S
CVE-2024-38423 Buffer Copy Without Checking Size of Input in Graphics Linux
S
CVE-2024-38424 Use After Free in GPS
S
CVE-2024-38425 Improper Authorization in Performance
CVE-2024-38426 Improper Authentication in Modem
CVE-2024-38427 In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequen...
CVE-2024-38428 url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and th...
S
CVE-2024-38429 Matrix - CWE-552: Files or Directories Accessible to External Parties
S
CVE-2024-38430 Matrix - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
S
CVE-2024-38431 Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy
S
CVE-2024-38432 Matrix – Tafnit v8 CWE-646: Reliance on File Name or Extension of Externally-Supplied File
S
CVE-2024-38433 Nuvoton - CWE-305: Authentication Bypass by Primary Weakness
S
CVE-2024-38434 Unitronics Vision PLC - CWE-676: Use of Potentially Dangerous Function
S
CVE-2024-38435 Unitronics Vision PLC - CWE-703: Improper Check or Handling of Exceptional Conditions
S
CVE-2024-38436 Commugen SOX 365 – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
S
CVE-2024-38437 D-Link - CWE-288: Authentication Bypass Using an Alternate Path or Channel
S
CVE-2024-38438 D-Link - CWE-294: Authentication Bypass by Capture-replay
S
CVE-2024-38439 Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of se...
E S
CVE-2024-38440 Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmenta...
E
CVE-2024-38441 Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of se...
E
CVE-2024-38443 C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3f has a segmentation fault for...
CVE-2024-38446 NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restric...
CVE-2024-38447 NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request for...
CVE-2024-38448 htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untr...
CVE-2024-38449 A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and po...
CVE-2024-38453 The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NO...
CVE-2024-38454 ExpressionEngine before 7.4.11 allows XSS....
S
CVE-2024-38456 HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an ...
CVE-2024-38457 Xenforo before 2.2.16 allows CSRF....
E S
CVE-2024-38458 Xenforo before 2.2.16 allows code injection....
E S
CVE-2024-38459 langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL...
CVE-2024-38460 In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption fea...
E
CVE-2024-38461 irodsServerMonPerf in iRODS before 4.3.2 attempts to proceed with use of a path even if it is not a ...
CVE-2024-38462 iRODS before 4.3.2 provides an msiSendMail function with a problematic dependency on the mail binary...
S
CVE-2024-38465 Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the respo...
CVE-2024-38466 Shenzhen Guoxin Synthesis image system before 8.3.0 has a 123456Qw default password....
CVE-2024-38467 Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized user information retrieval v...
CVE-2024-38468 Shenzhen Guoxin Synthesis image system before 8.3.0 allows unauthorized password resets via the rese...
CVE-2024-38469 zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability...
E
CVE-2024-38470 zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability...
E
CVE-2024-38471 Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to exec...
CVE-2024-38472 Apache HTTP Server on WIndows UNC SSRF
CVE-2024-38473 Apache HTTP Server proxy encoding problem
CVE-2024-38474 Apache HTTP Server weakness with encoded question marks in backreferences
CVE-2024-38475 Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path.
KEV S
CVE-2024-38476 Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
CVE-2024-38477 Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request
CVE-2024-38479 Apache Traffic Server: Cache key plugin is vulnerable to cache poisoning attack
CVE-2024-38480 "Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external...
CVE-2024-38481 Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A pr...
CVE-2024-38482 CloudLink, versions 7.1.x and 8.x, contain an Improper check or handling of Exceptional Conditions V...
CVE-2024-38483 Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. ...
CVE-2024-38485 Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-pr...
CVE-2024-38486 Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an I...
CVE-2024-38488 Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Ex...
CVE-2024-38489 Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A pri...
CVE-2024-38490 Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A p...
CVE-2024-38491 Symantec Privileged Access Manager SQL Injection vulnerability
CVE-2024-38492 Symantec Privileged Access Manager Remote Command Execution vulnerability
CVE-2024-38493 Symantec Privileged Access Manager Reflected Cross Site Scripting vulnerability
CVE-2024-38494 Symantec Privileged Access Manager Remote Command Execution vulnerability
CVE-2024-38495 Symantec Privileged Access Manager User Enumeration vulnerability
CVE-2024-38496 Symantec Privileged Access Manager Insecure Direct Object Reference vulnerability
CVE-2024-38499 Improper Privilege Management Vulnerability in CA Client Automation 14.5
CVE-2024-38501 Pepperl+Fuchs: Device Master ICDM-RX/* XSS vulnerability allows HTML injection
CVE-2024-38502 Pepperl+Fuchs: Device Master ICDM-RX/* XSS vulnerability allows stored XSS
CVE-2024-38503 Apache Syncope: HTML tags can be injected into Console or Enduser text fields
CVE-2024-38504 In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to ...
CVE-2024-38505 In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site...
CVE-2024-38506 In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto...
CVE-2024-38507 In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible...
CVE-2024-38508 A privilege escalation vulnerability was discovered in the web interface or SSH captive command shel...
S
CVE-2024-38509 A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC use...
S
CVE-2024-38510 A privilege escalation vulnerability was discovered in the SSH captive command shell interface that ...
S
CVE-2024-38511 A privilege escalation vulnerability was discovered in an upload processing functionality of XCC tha...
S
CVE-2024-38512 A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC use...
S
CVE-2024-38513 Fiber Session Middleware Token Injection Vulnerability
CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)
CVE-2024-38515 Rejected reason: This CVE is a duplicate of CVE-2024-38374....
R
CVE-2024-38516 Aimeos HTML client may potentially reveal sensitive information in error log
CVE-2024-38517 Tencent RapidJSON include/rapidjson/reader.h GenericReader::ParseNumber() Function Template Exponent Parsing Integer Underflow
CVE-2024-38518 bbb-web API additional parameters considered
CVE-2024-38519 yt-dlp and youtube-dl vulnerable to file system modification and RCE through improper file-extension sanitization
CVE-2024-38520 SoftEther VPN with L2TP - 2.75x Amplification
CVE-2024-38521 Persistent Cross-Site Scripting (XSS) in hushline inbox
E
CVE-2024-38522 CSP bypass in Hush Line
E S
CVE-2024-38523 Hush Line OTP issue
CVE-2024-38525 dd-trace-cpp malformed unicode header values may cause crash
CVE-2024-38526 pdoc embeds link to malicious CDN if math mode is enabled
CVE-2024-38527 Cross-site Scripting in ZenUML
CVE-2024-38528 Unlimited number of NTS-KE connections can crash ntpd-rs server
CVE-2024-38529 Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
E S
CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"
E S
CVE-2024-38531 Nix sandbox escape
CVE-2024-38532 TEST_KEY used in example dcp_tool reference implementation
CVE-2024-38533 ZKsync Era invalid stack addressing conversion
CVE-2024-38534 Suricata modbus: txs without responses are never freed
S
CVE-2024-38535 Suricata http2: oom from duplicate headers
S
CVE-2024-38536 Suricata http/range: NULL-ptr deref when http.memcap is reached
E
CVE-2024-38537 Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
CVE-2024-38538 net: bridge: xmit: make sure we have at least eth header len bytes
S
CVE-2024-38539 RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw
S
CVE-2024-38540 bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
S
CVE-2024-38541 of: module: add buffer overflow check in of_modalias()
S
CVE-2024-38542 RDMA/mana_ib: boundary check before installing cq callbacks
S
CVE-2024-38543 lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
S
CVE-2024-38544 RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
CVE-2024-38545 RDMA/hns: Fix UAF for cq async event
S
CVE-2024-38546 drm: vc4: Fix possible null pointer dereference
S
CVE-2024-38547 media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries
S
CVE-2024-38548 drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
S
CVE-2024-38549 drm/mediatek: Add 0 size check to mtk_drm_gem_obj
S
CVE-2024-38550 ASoC: kirkwood: Fix potential NULL dereference
S
CVE-2024-38551 ASoC: mediatek: Assign dummy when codec not specified for a DAI link
S
CVE-2024-38552 drm/amd/display: Fix potential index out of bounds in color transformation function
S
CVE-2024-38553 net: fec: remove .ndo_poll_controller to avoid deadlocks
S
CVE-2024-38554 ax25: Fix reference count leak issue of net_device
S
CVE-2024-38555 net/mlx5: Discard command completions in internal error
S
CVE-2024-38556 net/mlx5: Add a timeout to acquire the command queue semaphore
S
CVE-2024-38557 net/mlx5: Reload only IB representors upon lag disable/enable
S
CVE-2024-38558 net: openvswitch: fix overwriting ct original tuple for ICMPv6
CVE-2024-38559 scsi: qedf: Ensure the copied buf is NUL terminated
S
CVE-2024-38560 scsi: bfa: Ensure the copied buf is NUL terminated
S
CVE-2024-38561 kunit: Fix kthread reference
S
CVE-2024-38562 wifi: nl80211: Avoid address calculations via out of bounds array indexing
S
CVE-2024-38563 wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature
S
CVE-2024-38564 bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE
CVE-2024-38565 wifi: ar5523: enable proper endpoint verification
CVE-2024-38566 bpf: Fix verifier assumptions about socket->sk
CVE-2024-38567 wifi: carl9170: add a proper sanity check for endpoints
CVE-2024-38568 drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group
S
CVE-2024-38569 drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group
S
CVE-2024-38570 gfs2: Fix potential glock use-after-free on unmount
S
CVE-2024-38571 thermal/drivers/tsens: Fix null pointer dereference
S
CVE-2024-38572 wifi: ath12k: fix out-of-bound access of qmi_invoke_handler()
CVE-2024-38573 cppc_cpufreq: Fix possible null pointer dereference
S
CVE-2024-38574 libbpf: Prevent null-pointer dereference when prog to load has no BTF
S
CVE-2024-38575 wifi: brcmfmac: pcie: handle randbuf allocation failure
S
CVE-2024-38576 rcu: Fix buffer overflow in print_cpu_stall_info()
S
CVE-2024-38577 rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
S
CVE-2024-38578 ecryptfs: Fix buffer size for tag 66 packet
CVE-2024-38579 crypto: bcm - Fix pointer arithmetic
CVE-2024-38580 epoll: be better about file lifetimes
CVE-2024-38581 drm/amdgpu/mes: fix use-after-free issue
S
CVE-2024-38582 nilfs2: fix potential hang in nilfs_detach_log_writer()
S
CVE-2024-38583 nilfs2: fix use-after-free of timer for log writer thread
S
CVE-2024-38584 net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe()
S
CVE-2024-38585 tools/nolibc/stdlib: fix memory error in realloc()
CVE-2024-38586 r8169: Fix possible ring buffer corruption on fragmented Tx packets.
CVE-2024-38587 speakup: Fix sizeof() vs ARRAY_SIZE() bug
S
CVE-2024-38588 ftrace: Fix possible use-after-free issue in ftrace_location()
S
CVE-2024-38589 netrom: fix possible dead-lock in nr_rt_ioctl()
S
CVE-2024-38590 RDMA/hns: Modify the print level of CQE error
S
CVE-2024-38591 RDMA/hns: Fix deadlock on SRQ async events.
S
CVE-2024-38592 drm/mediatek: Init `ddp_comp` with devm_kcalloc()
CVE-2024-38593 net: micrel: Fix receiving the timestamp in the frame for lan8841
CVE-2024-38594 net: stmmac: move the EST lock to struct stmmac_priv
CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port
CVE-2024-38596 af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
CVE-2024-38597 eth: sungem: remove .ndo_poll_controller to avoid deadlocks
S
CVE-2024-38598 md: fix resync softlockup when bitmap size is less than array size
S
CVE-2024-38599 jffs2: prevent xattr node from overflowing the eraseblock
CVE-2024-38600 ALSA: Fix deadlocks with kctl removals at disconnection
S
CVE-2024-38601 ring-buffer: Fix a race between readers and resize checks
CVE-2024-38602 ax25: Fix reference count leak issues of ax25_dev
S
CVE-2024-38603 drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()
S
CVE-2024-38604 block: refine the EOF check in blkdev_iomap_begin
CVE-2024-38605 ALSA: core: Fix NULL module pointer assignment at card init
S
CVE-2024-38606 crypto: qat - validate slices count returned by FW
S
CVE-2024-38607 macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
CVE-2024-38608 net/mlx5e: Fix netif state handling
S
CVE-2024-38609 wifi: mt76: connac: check for null before dereferencing
S
CVE-2024-38610 drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map()
CVE-2024-38611 media: i2c: et8ek8: Don't strip remove function when driver is builtin
CVE-2024-38612 ipv6: sr: fix invalid unregister error path
S
CVE-2024-38613 m68k: Fix spinlock race in kernel thread creation
CVE-2024-38614 openrisc: traps: Don't send signals to kernel mode threads
CVE-2024-38615 cpufreq: exit() callback is optional
CVE-2024-38616 wifi: carl9170: re-fix fortified-memset warning
S
CVE-2024-38617 kunit/fortify: Fix mismatched kvalloc()/vfree() usage
CVE-2024-38618 ALSA: timer: Set lower bound of start tick time
CVE-2024-38619 usb-storage: alauda: Check whether the media is initialized
CVE-2024-38620 Bluetooth: HCI: Remove HCI_AMP support
CVE-2024-38621 media: stk1160: fix bounds checking in stk1160_copy_video()
CVE-2024-38622 drm/msm/dpu: Add callback function pointer check before its call
CVE-2024-38623 fs/ntfs3: Use variable length array instead of fixed size
S
CVE-2024-38624 fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow
CVE-2024-38625 fs/ntfs3: Check 'folio' pointer for NULL
S
CVE-2024-38626 fuse: clear FR_SENT when re-adding requests into pending list
CVE-2024-38627 stm class: Fix a double free in stm_register_device()
S
CVE-2024-38628 usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.
S
CVE-2024-38629 dmaengine: idxd: Avoid unnecessary destruction of file_ida
CVE-2024-38630 watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
S
CVE-2024-38631 iio: adc: PAC1934: fix accessing out of bounds array index
S
CVE-2024-38632 vfio/pci: fix potential memory leak in vfio_intx_enable()
S
CVE-2024-38633 serial: max3100: Update uart_driver_registered on driver removal
S
CVE-2024-38634 serial: max3100: Lock port->lock when calling uart_handle_cts_change()
CVE-2024-38635 soundwire: cadence: fix invalid PDI offset
CVE-2024-38636 f2fs: multidev: fix to recognize valid zero block address
CVE-2024-38637 greybus: lights: check return of get_channel_from_mode
CVE-2024-38638 QTS, QuTS hero
S
CVE-2024-38640 Download Station
S
CVE-2024-38641 QTS, QuTS hero
S
CVE-2024-38642 QuMagie
S
CVE-2024-38643 Notes Station 3
S
CVE-2024-38644 Notes Station 3
S
CVE-2024-38645 Notes Station 3
S
CVE-2024-38646 Notes Station 3
S
CVE-2024-38647 QNAP AI Core
S
CVE-2024-38649 An out-of-bounds write in IPsec of Ivanti Connect Secure before version 22.7R2.1(Not Applicable to 9...
CVE-2024-38650 An authentication bypass vulnerability can allow a low privileged attacker to access the NTLM hash o...
CVE-2024-38651 A code injection vulnerability can allow a low-privileged user to overwrite files on that VSPC serve...
CVE-2024-38652 Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenti...
CVE-2024-38653 XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read ...
CVE-2024-38654 Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authent...
CVE-2024-38655 Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.9 and Ivanti Policy S...
CVE-2024-38656 Argument injection in Ivanti Connect Secure before version 22.7R2.2 and 9.1R18.9 and Ivanti Policy S...
CVE-2024-38657 External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy S...
CVE-2024-38658 There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (...
CVE-2024-38659 enic: Validate length of nl attributes in enic_set_vf_port
CVE-2024-38660 Protection mechanism failure in the SPP for some Intel(R) Xeon(R) processor family (E-Core) may allo...
CVE-2024-38661 s390/ap: Fix crash in AP internal function modify_bitmap()
S
CVE-2024-38662 bpf: Allow delete from sockmap/sockhash only if update is allowed
S
CVE-2024-38663 blk-cgroup: fix list corruption from resetting io stat
CVE-2024-38664 drm: zynqmp_dpsub: Always register bridge
S
CVE-2024-38665 Out-of-bounds write in some Intel(R) Graphics Drivers may allow an authenticated user to potentially...
CVE-2024-38666 An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functional...
CVE-2024-38667 riscv: prevent pt_regs corruption for secondary idle threads
S
CVE-2024-38668 Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard Edition software for Windows be...
S
CVE-2024-38669 WordPress Predictive Search for WooCommerce plugin <= 6.0.1 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-38670 WordPress Team Members plugin <= 5.3.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38671 WordPress WP GoToWebinar plugin <= 15.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38672 WordPress AdPush plugin <= 1.50 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-38673 WordPress Multisite Content Copier/Updater plugin <= 1.5.0 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-38674 WordPress SKT Addons for Elementor plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38675 WordPress Arkhe Blocks plugin 2.22.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38676 WordPress Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.13 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38677 WordPress REVIEWS.io plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38678 WordPress Calendar.online / Kalender.digital – Plugin plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38679 WordPress Animated Typed JS Shortcode plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38680 WordPress Appmaker plugin <= 1.36.12 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-38681 WordPress Magical Addons For Elementor plugin <= 1.1.41 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38682 WordPress Post Layouts for Gutenberg plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38683 WordPress WooCommerce Report plugin <= 1.4.5 - Reflected Cross Site Scripting (XSS) vulnerability
CVE-2024-38684 WordPress SlingBlocks plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38685 WordPress WP Announcement plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38686 WordPress FancyPost plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38687 WordPress Sky Addons for Elementor plugin <= 2.5.5 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38688 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority....
R
CVE-2024-38689 WordPress Simple Popup plugin <= 4.4 - Cross-Site Scripting (XSS) vulnerability
S
CVE-2024-38690 WordPress iPanorama 360 plugin <= 1.8.3 - Broken Access Control vulnerability
S
CVE-2024-38691 WordPress Metorik plugin <= 1.7.1 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-38692 WordPress spiffy-calendar plugin <= 4.9.11 - SQL Injection vulnerability
S
CVE-2024-38693 WordPress WP User Frontend plugin <= 4.0.7 - SQL Injection vulnerability
S
CVE-2024-38694 WordPress Moloni plugin <= 4.7.4 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38695 WordPress WP GoToWebinar plugin <= 15.6 - Broken Access Control vulnerability
S
CVE-2024-38696 WordPress Zoho CRM Lead Magnet plugin <= 1.7.8.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38697 WordPress Goftino plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38698 WordPress SKT Skill Bar plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38699 WordPress Wallet System for WooCommerce plugin <= 2.5.13 - Sensitive Data Exposure via Exported File vulnerability
S
CVE-2024-38700 WordPress WPCS – WordPress Currency Switcher Professional plugin <= 1.2.0.3 - Arbitrary Shortcode Execution vulnerability
CVE-2024-38701 WordPress Academy LMS plugin <= 2.0.4 - Broken Access Control vulnerability
S
CVE-2024-38702 WordPress Product Delivery Date for WooCommerce – Lite plugin <= 2.7.2 - Broken Access Control vulnerability
S
CVE-2024-38703 WordPress WP Event Aggregator plugin <= 1.7.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38704 WordPress Team Manager plugin <= 2.1.12 - Local File Inclusion vulnerability
S
CVE-2024-38705 WordPress ElementInvader Addons for Elementor plugin <= 1.2.4 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38706 WordPress HT Mega plugin <= 2.5.7 - JSON Path Traversal vulnerability
S
CVE-2024-38707 WordPress EmbedPress plugin <= 4.0.4 - Broken Access Control vulnerability
S
CVE-2024-38708 WordPress Barcode Scanner and Inventory manager plugin <= 1.6.1 - SQL Injection vulnerability
S
CVE-2024-38709 WordPress GD Rating System plugin <= 3.6 - Local File Inclusion vulnerability
S
CVE-2024-38710 WordPress Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin <= 2.0.6.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38711 WordPress Link Library plugin <= 7.7.1 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38712 WordPress Qi Blocks plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38713 WordPress WP Photo Album Plus plugin <= 8.8.02.002 - Authenticated Stored Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38714 WordPress WP Fast Total Search <= 1.68.232 - Broken Access Control vulnerability
S
CVE-2024-38715 WordPress ExS Widgets plugin <= 0.3.1 - Local File Inclusion vulnerability
CVE-2024-38716 WordPress Events Calendar for Google plugin <= 2.1.0 - Local File Inclusion vulnerability
CVE-2024-38717 WordPress Booking Ultra Pro Appointments Booking Calendar plugin <= 1.1.13 - Local File Inclusion vulnerability
CVE-2024-38718 WordPress Download Button for Elementor plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38719 WordPress Auto Featured Image plugin <= 4.1.2 - Broken Access Control vulnerability
S
CVE-2024-38720 WordPress EazyDocs plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38721 WordPress EazyDocs plugin <= 2.5.0 - Broken Access Control vulnerability
S
CVE-2024-38722 WordPress Job Board Manager plugin <= 2.1.57 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38723 WordPress Get Use APIs – JSON Content Importer plugin <= 1.5.6 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-38724 WordPress Contact Form 7 Summary and Print plugin <= 1.2.5 - Cross Site Request Forgery (CSRF) to XSS vulnerability
S
CVE-2024-38725 WordPress Admin Dashboard RSS Feed plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38726 WordPress Product Designer plugin <= 1.0.33 - Arbitrary Content Deletion vulnerability
S
CVE-2024-38727 WordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Broken Access Control vulnerability
S
CVE-2024-38728 WordPress Seraphinite Post .DOCX Source plugin <= 2.16.9 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-38729 WordPress MBE eShip plugin <= 2.1.2 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-38730 WordPress Magical Addons For Elementor plugin <= 1.1.41 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-38731 WordPress i-amaze theme <= 1.3.7 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-38732 WordPress Patricia Blog theme <= 1.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-38733 WordPress Meks Video Importer plugin <= 1.0.12 - Broken Access Control vulnerability
S
CVE-2024-38734 WordPress Import Spreadsheets from Microsoft Excel plugin <= 10.1.4 - Arbitrary File Upload vulnerability
CVE-2024-38735 WordPress Event post plugin <= 5.9.5 - Local File Inclusion vulnerability
CVE-2024-38736 WordPress Realtyna Organic IDX plugin <= 4.14.13 - Arbitrary File Upload vulnerability
CVE-2024-38737 WordPress ReDi Restaurant Reservation plugin <= 24.0422 - Broken Access Control vulnerability
S
CVE-2024-38738 WordPress Change From Email plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38739 WordPress OnePress theme <= 2.3.8 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38740 WordPress Packlink PRO shipping module plugin <= 3.4.6 - Broken Access Control vulnerability
S
CVE-2024-38741 WordPress Amazing Hover Effects plugin <= 2.4.9 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38742 WordPress MBE eShip plugin <= 2.1.2 - Sensitive Data Exposure vulnerability
CVE-2024-38743 WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control vulnerability
S
CVE-2024-38744 WordPress Plum: Spin Wheel & Email Pop-up plugin <= 2.0 - Broken Access Control to Unauth Stored XSS vulnerability
S
CVE-2024-38745 WordPress Wholesale Suite plugin <= 2.1.12 - Broken Access Control vulnerability
S
CVE-2024-38746 WordPress MakeStories (for Google Web Stories) plugin <= 3.0.3 - Arbitrary File Download and SSRF vulnerability
S
CVE-2024-38747 WordPress HitPay Payment Gateway for WooCommerce plugin <= 4.1.3 - Sensitive Data Exposure via Log File vulnerability
S
CVE-2024-38748 WordPress EleForms plugin <= 2.9.9.9 - Broken Access Control vulnerability
S
CVE-2024-38749 WordPress Olive One Click Demo Import plugin <= 1.1.2 - Sensitive Data Exposure vulnerability
CVE-2024-38750 WordPress Advanced post slider plugin <= 3.0.0 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38751 WordPress AdsforWP plugin <= 1.9.28 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-38752 WordPress Zoho Campaigns plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38753 WordPress Animated Rotating Words Plugin <= 5.6 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-38754 WordPress Tagbox plugin <= 3.3 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-38755 WordPress DirectoryPress plugin <= 3.6.10 - SQL Injection vulnerability
CVE-2024-38756 WordPress Coming Soon Page – Responsive Coming Soon & Maintenance Mode plugin <= 1.6.3 - Sensitive Data Exposure vulnerability
CVE-2024-38757 WordPress Typebot plugin <= 3.6.0 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38758 WordPress WappPress plugin <= 6.0.4 - Blind Server Side Request Forgery (SSRF) vulnerability
CVE-2024-38759 WordPress Search & Replace plugin <= 3.2.2 - Deserialization of untrusted data vulnerability
S
CVE-2024-38760 WordPress Send Users Email plugin <= 1.5.1 - Sensitive Data Exposure vulnerability
S
CVE-2024-38761 WordPress Zephyr Project Manager plugin <= 3.3.99 - Sensitive Data Exposure via Export File vulnerability
S
CVE-2024-38762 WordPress Event Tickets and Registration plugin <= 5.11.0.4 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-38763 WordPress Popularis Verse theme <= 1.1.1 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-38764 WordPress i-transform theme <= 3.0.9 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-38765 WordPress Oceanic theme <= 1.0.48 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-38766 WordPress Matomo Analytics plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) leading to Notice Dismissal vulnerability
S
CVE-2024-38767 WordPress BSK PDF Manager plugin <= 3.6 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38768 WordPress The Pack Elementor addons plugin <= 2.0.8.6 - Local File Inclusion vulnerability
S
CVE-2024-38769 WordPress Arconix Shortcodes plugin <= 2.1.11 - Broken Access Control vulnerability
S
CVE-2024-38770 WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.20 - Authentication Bypass and Privilege Escalation Vulnerability
S
CVE-2024-38771 WordPress Atarim plugin <= 4.0 - Broken Access Control vulnerability
S
CVE-2024-38772 WordPress JetWidgets for Elementor and WooCommerce plugin <= 1.1.7 - Contributor+ Limited Local File Inclusion vulnerability
S
CVE-2024-38773 WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability
S
CVE-2024-38774 WordPress Security Optimizer plugin <= 1.5.0 - Broken Access Control vulnerability
S
CVE-2024-38775 WordPress CTX Feed plugin <= 6.5.6 - Arbitrary Options Update vulnerability
S
CVE-2024-38776 WordPress WP GoToWebinar plugin <= 15.7 - CSRF to XSS vulnerability
S
CVE-2024-38777 WordPress Titan Anti-spam & Security plugin <= 7.3.6 - Broken Access Control vulnerability
S
CVE-2024-38778 WordPress WP Fast Total Search <= 1.69.234 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-38780 dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
S
CVE-2024-38781 WordPress CopySafe Web Protection plugin <= 3.15 - Reflected Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38782 WordPress Leaflet Maps Marker plugin <= 3.12.9 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38783 WordPress Arconix FAQ plugin <= 1.9.4 - Broken Access Control vulnerability
S
CVE-2024-38784 WordPress Livemesh Addons for Beaver Builder plugin <= 3.6.1 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38785 WordPress Gutenverse plugin <= 1.9.2 - Cross Site Scripting (XSS) vulnerability
S
CVE-2024-38786 WordPress CoziPress theme <= 1.0.30 - Cross Site Scripting (XSS) vulnerability
CVE-2024-38787 WordPress Import and export users and customers plugin <= 1.26.8 - Sensitive Information via Imported File vulnerability
S
CVE-2024-38788 WordPress UiPress lite plugin <= 3.4.06 - SQL Injection vulnerability
S
CVE-2024-38789 WordPress Telegram Bot & Channel plugin <= 3.8.2 - Cross Site Request Forgery (CSRF) vulnerability
CVE-2024-38790 WordPress Smartsupp plugin <= 3.6 - Cross Site Request Forgery (CSRF) vulnerability
S
CVE-2024-38791 WordPress AI ENGINE plugin <= 2.4.7 - Server Side Request Forgery (SSRF) vulnerability
S
CVE-2024-38792 WordPress ConveyThis Translate plugin <= 234 - Non-arbitrary Options Update vulnerability
S
CVE-2024-38793 WordPress Best Restaurant Menu by Pricelisto plugin <= 1.4.1 - SQL Injection vulnerability
S
CVE-2024-38794 WordPress Custom Query Blocks plugin <= 5.2.0 - Broken Access Control vulnerability
S
CVE-2024-38795 WordPress ListingPro plugin <= 2.9.4 - Unauthenticated SQL Injection vulnerability
CVE-2024-38796 Integer overflow in PeCoffLoaderRelocateImage
CVE-2024-38797 Out-of-bounds Read in HashPeImageByType()
CVE-2024-38806 UAA Failure to Remove Shadow User’s Access
CVE-2024-38807 CVE-2024-38807: Signature Forgery Vulnerability in Spring Boot's Loader
CVE-2024-38808 CVE-2024-38808: Spring Expression DoS Vulnerability
CVE-2024-38809 Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to D...
CVE-2024-38810 Missing Authorization When Using @AuthorizeReturnObject
CVE-2024-38811 Code-execution vulnerability
CVE-2024-38812 Heap-overflow vulnerability
KEV
CVE-2024-38813 Privilege escalation vulnerability
KEV
CVE-2024-38814 An authenticated SQL injection vulnerability in VMware HCX was privately reported to VMware. A mali...
CVE-2024-38815 VMware NSX contains a content spoofing vulnerability.  An unauthenticated malicious actor may be ab...
CVE-2024-38816 CVE-2024-38816: Path traversal vulnerability in functional web frameworks
CVE-2024-38817 VMware NSX contains a command injection vulnerability.  A malicious actor with access to the NSX Ed...
CVE-2024-38818 VMware NSX contains a local privilege escalation vulnerability.  An authenticated malicious actor m...
CVE-2024-38819 Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn ...
CVE-2024-38820 CVE-2024-38820: Spring Framework DataBinder Case Sensitive Match Exception
CVE-2024-38821 Authorization Bypass of Static Resources in WebFlux Applications
CVE-2024-38826 CVE-2024-38826 Cloud Controller Denial of Service Attack
CVE-2024-38827 Spring Security Authorization Bypass for Case Sensitive Comparisons
CVE-2024-38828 CVE-2024-38828: DoS via Spring MVC controller method with byte[] parameter
CVE-2024-38829 Spring LDAP sensitive data exposure for case-sensitive comparisons
CVE-2024-38830 Local privilege escalation vulnerability
CVE-2024-38831 Local privilege escalation vulnerability (CVE-2024-38831)
CVE-2024-38832 Stored cross-site scripting vulnerability (CVE-2024-38832)
CVE-2024-38833 Stored cross-site scripting vulnerability (CVE-2024-38833)
CVE-2024-38834 Stored cross-site scripting vulnerability (CVE-2024-38834)
CVE-2024-38856 Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code
KEV S
CVE-2024-38857 Reflected links in visuals facilitate phishing attacks
CVE-2024-38858 Cross-site scripting in Robotmk logs view
CVE-2024-38859 XSS in view page with SLA column
CVE-2024-38860 Reflected links in error message facilitate phishing attacks
CVE-2024-38861 Lack of TLS validation in plugin MikroTik on Checkmk Exchange
CVE-2024-38862 SNMP and IMPI secrets written to audit log
CVE-2024-38863 CSRF token leaked in URL parameters
CVE-2024-38864 User-Readable Private Key in Windows Agent
CVE-2024-38865 Livestatus command injection in RestAPI
CVE-2024-38866 Livestatus Injection in dynmaps
CVE-2024-38867 A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6...
CVE-2024-38868 Incorrect Authorization
CVE-2024-38869 Incorrect Authorization
CVE-2024-38870 Stored XSS
CVE-2024-38871 SQL Injection
CVE-2024-38872 SQL Injection
CVE-2024-38873 An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extens...
CVE-2024-38874 An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 fo...
CVE-2024-38875 An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc wer...
CVE-2024-38876 A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivi...
M
CVE-2024-38877 A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivi...
M
CVE-2024-38878 A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivi...
M
CVE-2024-38879 A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivi...
M
CVE-2024-38881 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la...
CVE-2024-38882 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la...
CVE-2024-38883 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la...
CVE-2024-38884 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la...
CVE-2024-38885 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la...
CVE-2024-38886 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la...
CVE-2024-38887 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la...
E
CVE-2024-38888 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la...
CVE-2024-38889 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la...
CVE-2024-38890 An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and po...
CVE-2024-38891 An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly la...
CVE-2024-38892 An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportA...
CVE-2024-38894 WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchli...
CVE-2024-38895 WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information....
CVE-2024-38896 WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin...
CVE-2024-38897 WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information....
CVE-2024-38902 H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow,...
E
CVE-2024-38903 H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary command...
E
CVE-2024-38909 Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthori...
CVE-2024-38910 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a ...
CVE-2024-38920 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain ...
CVE-2024-38921 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain ...
E
CVE-2024-38922 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a ...
E
CVE-2024-38923 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain ...
E
CVE-2024-38924 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain ...
E
CVE-2024-38925 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain ...
E
CVE-2024-38926 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain ...
E
CVE-2024-38927 Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain ...
E
CVE-2024-38944 An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute ar...
CVE-2024-38949 Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via...
CVE-2024-38950 Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via...
CVE-2024-38951 A buffer overflow in PX4-Autopilot v1.12.3 allows attackers to cause a Denial of Service (DoS) via a...
CVE-2024-38952 PX4-Autopilot v1.14.3 was discovered to contain a buffer overflow via the topic_name parameter at /l...
CVE-2024-38953 phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the fra...
E
CVE-2024-38959 Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 al...
CVE-2024-38963 Nopcommerce 4.70.1 is vulnerable to Cross Site Scripting (XSS) via the combined "AddProductReview.Ti...
CVE-2024-38970 vaeThink 1.0.2 is vulnerable to Information Disclosure via the system backend,access management admi...
CVE-2024-38971 vaeThink 1.0.2 is vulnerable to stored Cross Site Scripting (XSS) in the system backend....
CVE-2024-38972 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary we...
E
CVE-2024-38983 Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary cod...
E
CVE-2024-38984 Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or...
E
CVE-2024-38985 janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype polluti...
E
CVE-2024-38986 Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a D...
E
CVE-2024-38987 aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep....
CVE-2024-38988 alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.un...
E
CVE-2024-38989 izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. T...
CVE-2024-38990 Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep....
CVE-2024-38991 akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. T...
CVE-2024-38992 airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function register...
CVE-2024-38993 rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty....
CVE-2024-38994 amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. ...
CVE-2024-38996 ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype poll...
E
CVE-2024-38997 adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function ext...
CVE-2024-38998 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2024-38999 jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.