| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-42000 | Unauthorized Access to view channels' details | S | |
| CVE-2024-42001 | Vonets WiFi Bridges Forced Browsing | M | |
| CVE-2024-42004 | A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 fo... | | |
| CVE-2024-42005 | An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and valu... | S | |
| CVE-2024-42006 | Keyfactor AWS Orchestrator through 2.0 allows Information Disclosure.... | | |
| CVE-2024-42007 | SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files.... | | |
| CVE-2024-42008 | A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and... | | |
| CVE-2024-42009 | A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a rem... | | |
| CVE-2024-42010 | mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading S... | | |
| CVE-2024-42011 | The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat.... | | |
| CVE-2024-42012 | GRAU DATA Blocky before 3.1 stores passwords encrypted rather than hashed. At the login screen, the ... | | |
| CVE-2024-42013 | In GRAU DATA Blocky before 3.1, Blocky-Gui has a Client-Side Enforcement of Server-Side Security vul... | | |
| CVE-2024-42017 | An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web int... | | |
| CVE-2024-42018 | An issue was discovered in Atos Eviden SMC xScale before 1.6.6. During initialization of nodes, some... | | |
| CVE-2024-42019 | A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service servic... | | |
| CVE-2024-42020 | A Cross-site-scripting (XSS) vulnerability exists in the Reporter Widgets that allows HTML injection... | | |
| CVE-2024-42021 | An improper access control vulnerability allows an attacker with valid access tokens to access saved... | | |
| CVE-2024-42022 | An incorrect permission assignment vulnerability allows an attacker to modify product configuration ... | | |
| CVE-2024-42023 | An improper access control vulnerability allows low-privileged users to execute code with Administra... | | |
| CVE-2024-42024 | A vulnerability that allows an attacker in possession of the Veeam ONE Agent service account credent... | | |
| CVE-2024-42025 | A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Ne... | | |
| CVE-2024-42027 | The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, al... | | |
| CVE-2024-42028 | A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Ne... | | |
| CVE-2024-42029 | xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS ... | | |
| CVE-2024-42030 | Access permission verification vulnerability in the content sharing pop-up module Impact: Successful... | | |
| CVE-2024-42031 | Access permission verification vulnerability in the Settings module. Impact: Successful exploitation... | | |
| CVE-2024-42032 | Access permission verification vulnerability in the Contacts module Impact: Successful exploitation ... | | |
| CVE-2024-42033 | Access control vulnerability in the security verification module mpact: Successful exploitation of t... | | |
| CVE-2024-42034 | LaunchAnywhere vulnerability in the account module. Impact: Successful exploitation of this vulnerab... | | |
| CVE-2024-42035 | Permission control vulnerability in the App Multiplier module Impact:Successful exploitation of this... | | |
| CVE-2024-42036 | Access permission verification vulnerability in the Notepad module Impact: Successful exploitation o... | | |
| CVE-2024-42037 | Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this ... | | |
| CVE-2024-42038 | Vulnerability of PIN enhancement failures in the screen lock module Impact: Successful exploitation ... | | |
| CVE-2024-42039 | Access control vulnerability in the SystemUI module Impact: Successful exploitation of this vulnerab... | | |
| CVE-2024-42040 | Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (38... | | |
| CVE-2024-42041 | The com.videodownload.browser.videodownloader (aka AppTool-Browser-Video All Video Downloader) appli... | | |
| CVE-2024-42049 | TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a ne... | | |
| CVE-2024-42050 | The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with wea... | | |
| CVE-2024-42051 | The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with wea... | | |
| CVE-2024-42052 | The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with wea... | | |
| CVE-2024-42053 | The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with wea... | | |
| CVE-2024-42054 | Cervantes through 0.5-alpha accepts insecure file uploads.... | S | |
| CVE-2024-42055 | Cervantes through 0.5-alpha allows stored XSS.... | S | |
| CVE-2024-42056 | Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent... | | |
| CVE-2024-42057 | A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions fro... | | |
| CVE-2024-42058 | A null pointer dereference vulnerability in Zyxel ATP series firmware versions from V4.32 through V5... | | |
| CVE-2024-42059 | A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V5.... | | |
| CVE-2024-42060 | A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.... | | |
| CVE-2024-42061 | A reflected cross-site scripting (XSS) vulnerability in the CGI program "dynamic_script.cgi" of Zyxe... | | |
| CVE-2024-42062 | Apache CloudStack: User Key Exposure to Domain Admins | S | |
| CVE-2024-42063 | bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode | S | |
| CVE-2024-42064 | drm/amd/display: Skip pipe if the pipe idx not set properly | S | |
| CVE-2024-42065 | drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init | S | |
| CVE-2024-42066 | drm/xe: Fix potential integer overflow in page size calculation | S | |
| CVE-2024-42067 | bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro() | S | |
| CVE-2024-42068 | bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() | S | |
| CVE-2024-42069 | net: mana: Fix possible double free in error handling path | S | |
| CVE-2024-42070 | netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers | S | |
| CVE-2024-42071 | ionic: use dev_consume_skb_any outside of napi | S | |
| CVE-2024-42072 | bpf: Fix may_goto with negative offset. | S | |
| CVE-2024-42073 | mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems | S | |
| CVE-2024-42074 | ASoC: amd: acp: add a null check for chip_pdev structure | S | |
| CVE-2024-42075 | bpf: Fix remap of arena. | S | |
| CVE-2024-42076 | net: can: j1939: Initialize unused data in j1939_send_one() | S | |
| CVE-2024-42077 | ocfs2: fix DIO failure due to insufficient transaction credits | S | |
| CVE-2024-42078 | nfsd: initialise nfsd_info.mutex early. | S | |
| CVE-2024-42079 | gfs2: Fix NULL pointer dereference in gfs2_log_flush | S | |
| CVE-2024-42080 | RDMA/restrack: Fix potential invalid address access | S | |
| CVE-2024-42081 | drm/xe/xe_devcoredump: Check NULL before assignments | S | |
| CVE-2024-42082 | xdp: Remove WARN() from __xdp_reg_mem_model() | S | |
| CVE-2024-42083 | ionic: fix kernel panic due to multi-buffer handling | S | |
| CVE-2024-42084 | ftruncate: pass a signed offset | | |
| CVE-2024-42085 | usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock | S | |
| CVE-2024-42086 | iio: chemical: bme680: Fix overflows in compensate() functions | | |
| CVE-2024-42087 | drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep | | |
| CVE-2024-42088 | ASoC: mediatek: mt8195: Add platform entry for ETDM1_OUT_BE dai link | | |
| CVE-2024-42089 | ASoC: fsl-asoc-card: set priv->pdev before using it | S | |
| CVE-2024-42090 | pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER | S | |
| CVE-2024-42091 | drm/xe: Check pat.ops before dumping PAT settings | | |
| CVE-2024-42092 | gpio: davinci: Validate the obtained number of IRQs | | |
| CVE-2024-42093 | net/dpaa2: Avoid explicit cpumask var allocation on stack | S | |
| CVE-2024-42094 | net/iucv: Avoid explicit cpumask var allocation on stack | S | |
| CVE-2024-42095 | serial: 8250_omap: Implementation of Errata i2310 | | |
| CVE-2024-42096 | x86: stop playing stack games in profile_pc() | | |
| CVE-2024-42097 | ALSA: emux: improve patch ioctl data validation | | |
| CVE-2024-42098 | crypto: ecdh - explicitly zeroize private_key | | |
| CVE-2024-42099 | s390/dasd: Fix invalid dereferencing of indirect CCW data pointer | | |
| CVE-2024-42100 | clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common | | |
| CVE-2024-42101 | drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes | S | |
| CVE-2024-42102 | Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" | S | |
| CVE-2024-42103 | btrfs: fix adding block group to a reclaim list and the unused list during reclaim | | |
| CVE-2024-42104 | nilfs2: add missing check for inode numbers on directory entries | S | |
| CVE-2024-42105 | nilfs2: fix inode number range checks | | |
| CVE-2024-42106 | inet_diag: Initialize pad field in struct inet_diag_req_v2 | S | |
| CVE-2024-42107 | ice: Don't process extts if PTP is disabled | S | |
| CVE-2024-42108 | net: rswitch: Avoid use-after-free in rswitch_poll() | S | |
| CVE-2024-42109 | netfilter: nf_tables: unconditionally flush pending work before notifier | S | |
| CVE-2024-42110 | net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() | | |
| CVE-2024-42111 | btrfs: always do the basic checks for btrfs_qgroup_inherit structure | | |
| CVE-2024-42112 | net: txgbe: free isb resources at the right time | | |
| CVE-2024-42113 | net: txgbe: initialize num_q_vectors for MSI/INTx interrupts | | |
| CVE-2024-42114 | wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values | S | |
| CVE-2024-42115 | jffs2: Fix potential illegal address access in jffs2_free_inode | | |
| CVE-2024-42116 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-42117 | drm/amd/display: ASSERT when failing to find index by plane/stream id | | |
| CVE-2024-42118 | drm/amd/display: Do not return negative stream id for array | | |
| CVE-2024-42119 | drm/amd/display: Skip finding free audio for unknown engine_id | | |
| CVE-2024-42120 | drm/amd/display: Check pipe offset before setting vblank | | |
| CVE-2024-42121 | drm/amd/display: Check index msg_id before read or write | | |
| CVE-2024-42122 | drm/amd/display: Add NULL pointer check for kzalloc | S | |
| CVE-2024-42123 | drm/amdgpu: fix double free err_addr pointer warnings | S | |
| CVE-2024-42124 | scsi: qedf: Make qedf_execute_tmf() non-preemptible | | |
| CVE-2024-42125 | wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband | | |
| CVE-2024-42126 | powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. | | |
| CVE-2024-42127 | drm/lima: fix shared irq handling on driver remove | | |
| CVE-2024-42128 | leds: an30259a: Use devm_mutex_init() for mutex initialization | | |
| CVE-2024-42129 | leds: mlxreg: Use devm_mutex_init() for mutex initialization | | |
| CVE-2024-42130 | nfc/nci: Add the inconsistency check between the input data length and count | | |
| CVE-2024-42131 | mm: avoid overflows in dirty throttling logic | S | |
| CVE-2024-42132 | bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX | S | |
| CVE-2024-42133 | Bluetooth: Ignore too large handle values in BIG | S | |
| CVE-2024-42134 | virtio-pci: Check if is_avq is NULL | S | |
| CVE-2024-42135 | vhost_task: Handle SIGKILL by flushing work and exiting | S | |
| CVE-2024-42136 | cdrom: rearrange last_media_change check to avoid unintentional overflow | S | |
| CVE-2024-42137 | Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot | S | |
| CVE-2024-42138 | mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file | S | |
| CVE-2024-42139 | ice: Fix improper extts handling | S | |
| CVE-2024-42140 | riscv: kexec: Avoid deadlock in kexec crash path | S | |
| CVE-2024-42141 | Bluetooth: ISO: Check socket flag instead of hcon | S | |
| CVE-2024-42142 | net/mlx5: E-switch, Create ingress ACL when needed | S | |
| CVE-2024-42143 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-42144 | thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data | S | |
| CVE-2024-42145 | IB/core: Implement a limit on UMAD receive List | S | |
| CVE-2024-42146 | drm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf | S | |
| CVE-2024-42147 | crypto: hisilicon/debugfs - Fix debugfs uninit process issue | S | |
| CVE-2024-42148 | bnx2x: Fix multiple UBSAN array-index-out-of-bounds | S | |
| CVE-2024-42149 | fs: don't misleadingly warn during thaw operations | S | |
| CVE-2024-42150 | net: txgbe: remove separate irq request for MSI and INTx | S | |
| CVE-2024-42151 | bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable | S | |
| CVE-2024-42152 | nvmet: fix a possible leak when destroy a ctrl during qp establishment | S | |
| CVE-2024-42153 | i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr | S | |
| CVE-2024-42154 | tcp_metrics: validate source addr length | S | |
| CVE-2024-42155 | s390/pkey: Wipe copies of protected- and secure-keys | S | |
| CVE-2024-42156 | s390/pkey: Wipe copies of clear-key structures on failure | S | |
| CVE-2024-42157 | s390/pkey: Wipe sensitive data on failure | S | |
| CVE-2024-42158 | s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings | S | |
| CVE-2024-42159 | scsi: mpi3mr: Sanitise num_phys | S | |
| CVE-2024-42160 | f2fs: check validation of fault attrs in f2fs_build_fault_attr() | S | |
| CVE-2024-42161 | bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD | S | |
| CVE-2024-42162 | gve: Account for stopped queues when reading NIC stats | S | |
| CVE-2024-42163 | Password Manipulation | E | |
| CVE-2024-42164 | Disabling MFA without Authentication | E | |
| CVE-2024-42165 | Arbitrary User Activation | E | |
| CVE-2024-42166 | Command Injection in Applicationname | E | |
| CVE-2024-42167 | Command Injection in Organisationname | E | |
| CVE-2024-42168 | HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability | | |
| CVE-2024-42169 | HCL MyXalytics is affected by insecure direct object references | | |
| CVE-2024-42170 | HCL MyXalytics is affected by a session fixation vulnerability | | |
| CVE-2024-42171 | HCL MyXalytics is affected by insufficient session expiration | | |
| CVE-2024-42172 | HCL MyXalytics is affected by broken authentication | | |
| CVE-2024-42173 | HCL MyXalytics is affected by an improper password policy implementation vulnerability | | |
| CVE-2024-42174 | HCL MyXalytics is affected by username enumeration vulnerability | | |
| CVE-2024-42175 | HCL MyXalytics is affected by a weak input validation vulnerability | | |
| CVE-2024-42176 | HCL MyXalytics is affected by concurrent login vulnerability | | |
| CVE-2024-42177 | HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities | | |
| CVE-2024-42178 | HCL MyXalytics is affected by a failure to restrict URL access vulnerability | | |
| CVE-2024-42179 | HCL MyXalytics is affected by sensitive information disclosure vulnerability | | |
| CVE-2024-42180 | HCL MyXalytics is affected by a malicious file upload vulnerability | | |
| CVE-2024-42181 | HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability | | |
| CVE-2024-42182 | HCL BigFix Patch Download Plug-ins are affected by Server-Side Request Forgery (SSRF) vulnerability | | |
| CVE-2024-42183 | HCL BigFix Patch Download Plug-ins are affected by an arbitrary file download vulnerability | | |
| CVE-2024-42184 | HCL BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme | | |
| CVE-2024-42185 | HCL BigFix Patch Download Plug-ins are affected by an insecure package which is susceptible to XML injection attacks | | |
| CVE-2024-42186 | HCL BigFix Patch Download Plug-ins are affected by an insecure protocol support | | |
| CVE-2024-42187 | HCL BigFix Patch Download Plug-ins are affected by path traversal vulnerability | | |
| CVE-2024-42188 | HCL Connections is vulnerable to a broken access control vulnerability | | |
| CVE-2024-42189 | HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack | | |
| CVE-2024-42193 | HCL BigFix Web Reports is susceptible to a Man-In-The-Middle (MITM) attack | | |
| CVE-2024-42194 | HCL BigFix Inventory is affected by an access control vulnerability | | |
| CVE-2024-42195 | HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection | | |
| CVE-2024-42196 | HCL Launch is susceptible to Insertion of Sensitive Information into Log File vulnerability | | |
| CVE-2024-42200 | HCL BigFix Web Reports is potentially susceptible to a Stored Cross-Site Scripting (XSS) attack | | |
| CVE-2024-42207 | HCL iAutomate is affected by a session fixation vulnerability | | |
| CVE-2024-42208 | HCL Connections is vulnerable to an information disclosure vulnerability | | |
| CVE-2024-42212 | HCL BigFix Compliance is affected by an improper or missing SameSite attribute | | |
| CVE-2024-42213 | HCL BigFix Compliance is affected by inclusion of temporary files left in the production environment | | |
| CVE-2024-42218 | 1Password 8 before 8.10.38 for macOS allows local attackers to exfiltrate vault items by bypassing m... | | |
| CVE-2024-42219 | 1Password 8 before 8.10.36 for macOS allows local attackers to exfiltrate vault items because XPC in... | | |
| CVE-2024-42220 | A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted... | | |
| CVE-2024-42222 | Apache CloudStack: Unauthorised Network List Access | E S | |
| CVE-2024-42223 | media: dvb-frontends: tda10048: Fix integer overflow | S | |
| CVE-2024-42224 | net: dsa: mv88e6xxx: Correct check for empty list | S | |
| CVE-2024-42225 | wifi: mt76: replace skb_put with skb_put_zero | S | |
| CVE-2024-42226 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-42227 | drm/amd/display: Fix overlapping copy within dml_core_mode_programming | S | |
| CVE-2024-42228 | drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc | S | |
| CVE-2024-42229 | crypto: aead,cipher - zeroize key buffer after use | S | |
| CVE-2024-42230 | powerpc/pseries: Fix scv instruction crash with kexec | S | |
| CVE-2024-42231 | btrfs: zoned: fix calc_available_free_space() for zoned mode | S | |
| CVE-2024-42232 | libceph: fix race between delayed_work() and ceph_monc_stop() | S | |
| CVE-2024-42233 | filemap: replace pte_offset_map() with pte_offset_map_nolock() | S | |
| CVE-2024-42234 | mm: fix crashes from deferred split racing folio migration | S | |
| CVE-2024-42235 | s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() | S | |
| CVE-2024-42236 | usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() | S | |
| CVE-2024-42237 | firmware: cs_dsp: Validate payload length before processing block | S | |
| CVE-2024-42238 | firmware: cs_dsp: Return error if block header overflows file | S | |
| CVE-2024-42239 | bpf: Fail bpf_timer_cancel when callback is being cancelled | S | |
| CVE-2024-42240 | x86/bhi: Avoid warning in #DB handler due to BHI mitigation | S | |
| CVE-2024-42241 | mm/shmem: disable PMD-sized page cache if needed | S | |
| CVE-2024-42242 | mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZE | S | |
| CVE-2024-42243 | mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray | S | |
| CVE-2024-42244 | USB: serial: mos7840: fix crash on resume | S | |
| CVE-2024-42245 | Revert "sched/fair: Make sure to try to detach at least one movable task" | S | |
| CVE-2024-42246 | net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket | S | |
| CVE-2024-42247 | wireguard: allowedips: avoid unaligned 64-bit memory accesses | S | |
| CVE-2024-42248 | tty: serial: ma35d1: Add a NULL check for of_node | S | |
| CVE-2024-42249 | spi: don't unoptimize message in spi_async() | S | |
| CVE-2024-42250 | cachefiles: add missing lock protection when polling | S | |
| CVE-2024-42251 | mm: page_ref: remove folio_try_get_rcu() | S | |
| CVE-2024-42252 | closures: Change BUG_ON() to WARN_ON() | S | |
| CVE-2024-42253 | gpio: pca953x: fix pca953x_irq_bus_sync_unlock race | S | |
| CVE-2024-42254 | io_uring: fix error pbuf checking | S | |
| CVE-2024-42255 | tpm: Use auth only after NULL check in tpm_buf_check_hmac_response() | S | |
| CVE-2024-42256 | cifs: Fix server re-repick on subrequest retry | S | |
| CVE-2024-42257 | ext4: use memtostr_pad() for s_volume_name | S | |
| CVE-2024-42258 | mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines | S | |
| CVE-2024-42259 | drm/i915/gem: Fix Virtual Memory mapping boundaries calculation | S | |
| CVE-2024-42260 | drm/v3d: Validate passed in drm syncobj handles in the performance extension | | |
| CVE-2024-42261 | drm/v3d: Validate passed in drm syncobj handles in the timestamp extension | | |
| CVE-2024-42262 | drm/v3d: Fix potential memory leak in the performance extension | S | |
| CVE-2024-42263 | drm/v3d: Fix potential memory leak in the timestamp extension | S | |
| CVE-2024-42264 | drm/v3d: Prevent out of bounds access in performance query extensions | S | |
| CVE-2024-42265 | protect the fetch of ->fd[fd] in do_dup2() from mispredictions | | |
| CVE-2024-42266 | btrfs: make cow_file_range_inline() honor locked_page on error | | |
| CVE-2024-42267 | riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() | | |
| CVE-2024-42268 | net/mlx5: Fix missing lock on sync reset reload | S | |
| CVE-2024-42269 | netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). | S | |
| CVE-2024-42270 | netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). | S | |
| CVE-2024-42271 | net/iucv: fix use after free in iucv_sock_close() | S | |
| CVE-2024-42272 | sched: act_ct: take care of padding in struct zones_ht_key | S | |
| CVE-2024-42273 | f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid | | |
| CVE-2024-42274 | Revert "ALSA: firewire-lib: operate for period elapse event in process context" | | |
| CVE-2024-42275 | drm/client: Fix error code in drm_client_buffer_vmap_local() | | |
| CVE-2024-42276 | nvme-pci: add missing condition check for existence of mapped data | | |
| CVE-2024-42277 | iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en | S | |
| CVE-2024-42278 | ASoC: TAS2781: Fix tasdev_load_calibrated_data() | S | |
| CVE-2024-42279 | spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer | | |
| CVE-2024-42280 | mISDN: Fix a use after free in hfcmulti_tx() | S | |
| CVE-2024-42281 | bpf: Fix a segment issue when downgrading gso_size | | |
| CVE-2024-42282 | net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling | S | |
| CVE-2024-42283 | net: nexthop: Initialize all fields in dumped nexthops | S | |
| CVE-2024-42284 | tipc: Return non-zero value from tipc_udp_addr2str() on error | S | |
| CVE-2024-42285 | RDMA/iwcm: Fix a use-after-free related to destroying CM IDs | S | |
| CVE-2024-42286 | scsi: qla2xxx: validate nvme_local_port correctly | S | |
| CVE-2024-42287 | scsi: qla2xxx: Complete command early within lock | S | |
| CVE-2024-42288 | scsi: qla2xxx: Fix for possible memory corruption | S | |
| CVE-2024-42289 | scsi: qla2xxx: During vport delete send async logout explicitly | S | |
| CVE-2024-42290 | irqchip/imx-irqsteer: Handle runtime power management correctly | | |
| CVE-2024-42291 | ice: Add a per-VF limit on number of FDIR filters | | |
| CVE-2024-42292 | kobject_uevent: Fix OOB access within zap_modalias_env() | | |
| CVE-2024-42293 | arm64: mm: Fix lockless walks with static and dynamic page-table folding | | |
| CVE-2024-42294 | block: fix deadlock between sd_remove & sd_release | S | |
| CVE-2024-42295 | nilfs2: handle inconsistent state in nilfs_btnode_create_block() | | |
| CVE-2024-42296 | f2fs: fix return value of f2fs_convert_inline_inode() | | |
| CVE-2024-42297 | f2fs: fix to don't dirty inode for readonly filesystem | S | |
| CVE-2024-42298 | ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value | S | |
| CVE-2024-42299 | fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed | | |
| CVE-2024-42300 | erofs: fix race in z_erofs_get_gbuf() | | |
| CVE-2024-42301 | dev/parport: fix the array out-of-bounds risk | S | |
| CVE-2024-42302 | PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal | S | |
| CVE-2024-42303 | media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() | | |
| CVE-2024-42304 | ext4: make sure the first directory block is not a hole | | |
| CVE-2024-42305 | ext4: check dot and dotdot of dx_root before making dir indexed | | |
| CVE-2024-42306 | udf: Avoid using corrupted block bitmap buffer | | |
| CVE-2024-42307 | cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path | S | |
| CVE-2024-42308 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-42309 | drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes | S | |
| CVE-2024-42310 | drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes | S | |
| CVE-2024-42311 | hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() | S | |
| CVE-2024-42312 | sysctl: always initialize i_uid/i_gid | | |
| CVE-2024-42313 | media: venus: fix use after free in vdec_close | S | |
| CVE-2024-42314 | btrfs: fix extent map use-after-free when adding pages to compressed bio | S | |
| CVE-2024-42315 | exfat: fix potential deadlock on __exfat_get_dentry_set | S | |
| CVE-2024-42316 | mm/mglru: fix div-by-zero in vmpressure_calc_level() | S | |
| CVE-2024-42317 | mm/huge_memory: avoid PMD-size page cache if needed | | |
| CVE-2024-42318 | landlock: Don't lose track of restrictions on cred_transfer | | |
| CVE-2024-42319 | mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() | | |
| CVE-2024-42320 | s390/dasd: fix error checks in dasd_copy_pair_store() | S | |
| CVE-2024-42321 | net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE | | |
| CVE-2024-42322 | ipvs: properly dereference pe in ip_vs_add_service | | |
| CVE-2024-42323 | Apache HertzBeat: RCE by snakeYaml deser load malicious xml | | |
| CVE-2024-42325 | Excessive information returned by user.get | | |
| CVE-2024-42326 | Use after free vulnerability in browser.c | | |
| CVE-2024-42327 | SQL injection in user.get API | | |
| CVE-2024-42328 | JS - Crash on empty HTTP server response | | |
| CVE-2024-42329 | JS - Crash on unexpected HTTP server response | | |
| CVE-2024-42330 | JS - Internal strings in HTTP headers | | |
| CVE-2024-42331 | Use after free in browser_push_error | | |
| CVE-2024-42332 | New line injection in Zabbix SNMP traps | | |
| CVE-2024-42333 | Heap buffer over-read | | |
| CVE-2024-42334 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-42335 | 7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | S | |
| CVE-2024-42336 | Servision - CWE-287: Improper Authentication | S | |
| CVE-2024-42337 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2024-42338 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2024-42339 | CyberArk - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | S | |
| CVE-2024-42340 | CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security | S | |
| CVE-2024-42341 | Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | S | |
| CVE-2024-42342 | Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') | S | |
| CVE-2024-42343 | Loway - CWE-204: Observable Response Discrepancy | S | |
| CVE-2024-42344 | A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The a... | S | |
| CVE-2024-42345 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The a... | | |
| CVE-2024-42346 | Stored Cross Site Scripting (Stored XSS) in Galaxy | | |
| CVE-2024-42347 | URL preview setting for a room is controllable by the homeserver in matrix-react-sdk | | |
| CVE-2024-42348 | FOG leaks sensitive information (AD domain, username and password) | E | |
| CVE-2024-42349 | FOG has a Log Information Disclosure | E S | |
| CVE-2024-42350 | Public key confusion in third party block in Biscuit | | |
| CVE-2024-42351 | Possible Data Tampering & Loss of Public Datasets in Galaxy | | |
| CVE-2024-42352 | Server-Side Request Forgery (SSRF) in nuxt-icon | | |
| CVE-2024-42353 | WebOb's location header normalization during redirect leads to open redirect | E S | |
| CVE-2024-42354 | Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api | S | |
| CVE-2024-42355 | Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag | S | |
| CVE-2024-42356 | Shopware vulnerable to Server Side Template Injection in Twig using Context functions | S | |
| CVE-2024-42357 | Shopware vulnerable to blind SQL-injection in DAL aggregations | S | |
| CVE-2024-42358 | Loop with Unreachable Exit Condition ('Infinite Loop') in pdfio | E S | |
| CVE-2024-42360 | Command Injection in sequenceserver | S | |
| CVE-2024-42361 | GHSL-2023-256: HertzBeat Authenticated (guest role) SQL injection in /api/monitor/{monitorId}/metric/{metricFull} | E S | |
| CVE-2024-42362 | GHSL-2023-255: HertzBeat Authenticated (user role) RCE via unsafe deserialization in /api/monitors/import | E S | |
| CVE-2024-42363 | GHSL-2023-136_Samson | | |
| CVE-2024-42364 | homepage DNS rebinding vulnerability (GHSL-2024-096) | | |
| CVE-2024-42365 | Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan | E S | |
| CVE-2024-42366 | VR Overlay RCE | S | |
| CVE-2024-42367 | In aiohttp, compressed files as symlinks are not protected from path traversal | | |
| CVE-2024-42368 | open-telemetry has an Observable Timing Discrepancy | | |
| CVE-2024-42369 | A room with itself as a its predecessor will freeze matrix-js-sdk | S | |
| CVE-2024-42370 | Litestar repository vulnerable to Environment Variable injection in `docs-preview.yml` workflow | | |
| CVE-2024-42371 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform | | |
| CVE-2024-42372 | Missing Authorization check in SAP NetWeaver AS Java (System Landscape Directory) | | |
| CVE-2024-42373 | Missing Authorization Check in SAP Student Life Cycle Management (SLcM) | | |
| CVE-2024-42374 | XML injection in SAP BEx Web Java Runtime Export Web Service | | |
| CVE-2024-42375 | Multiple Unrestricted File Upload vulnerabilities in SAP BusinessObjects Business Intelligence Platform | | |
| CVE-2024-42376 | Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework | | |
| CVE-2024-42377 | Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework | | |
| CVE-2024-42378 | Cross-Site Scripting (XSS) in eProcurement on S/4HANA | | |
| CVE-2024-42379 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-42380 | Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform | | |
| CVE-2024-42381 | os/linux/elf.rb in Homebrew brew before 4.2.20 uses ldd to load ELF files obtained from untrusted so... | | |
| CVE-2024-42383 | Use of Out-of-range Pointer Offset in Mongoose Web Server library | S | |
| CVE-2024-42384 | Integer Overflow or Wraparound in Mongoose Web Server library | S | |
| CVE-2024-42385 | Improper Neutralization of Delimiters in Mongoose Web Server library | S | |
| CVE-2024-42386 | Use of Out-of-range Pointer Offset in Mongoose Web Server library | S | |
| CVE-2024-42387 | Use of Out-of-range Pointer Offset in Mongoose Web Server library | S | |
| CVE-2024-42388 | Use of Out-of-range Pointer Offset in Mongoose Web Server library | S | |
| CVE-2024-42389 | Use of Out-of-range Pointer Offset in Mongoose Web Server library | S | |
| CVE-2024-42390 | Use of Out-of-range Pointer Offset in Mongoose Web Server library | S | |
| CVE-2024-42391 | Use of Out-of-range Pointer Offset in Mongoose Web Server library | S | |
| CVE-2024-42392 | Improper Neutralization of Delimiters in Mongoose Web Server library | S | |
| CVE-2024-42393 | Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol | | |
| CVE-2024-42394 | Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the Soft AP Daemon Service Accessed by the PAPI Protocol | | |
| CVE-2024-42395 | Unauthenticated Stack-Based Buffer Overflow Remote Command Execution (RCE) in the AP Certificate Management Service Accessed by the PAPI Protocol | | |
| CVE-2024-42396 | Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the AP Certificate Management Service Accessed by the PAPI Protocol | | |
| CVE-2024-42397 | Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the AP Certificate Management Service Accessed by the PAPI Protocol | | |
| CVE-2024-42398 | Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol | | |
| CVE-2024-42399 | Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol | | |
| CVE-2024-42400 | Unauthenticated Denial-of-Service (DoS) Vulnerabilities in the Soft AP Daemon Service Accessed by the PAPI Protocol | | |
| CVE-2024-42404 | SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login t... | | |
| CVE-2024-42405 | Uncontrolled search path for some Intel(R) Quartus(R) Prime Software before version 23.1.1 Patch 1.0... | | |
| CVE-2024-42406 | Unauthorized access on archived channels | S | |
| CVE-2024-42407 | Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Tra... | | |
| CVE-2024-42408 | Dorsett Controls InfoScan Path Traversal | S | |
| CVE-2024-42410 | Improper input validation in some Intel(R) Graphics Drivers may allow an authenticated user to poten... | | |
| CVE-2024-42411 | User creation date manipulation in POST /api/v4/users | S | |
| CVE-2024-42412 | Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processin... | | |
| CVE-2024-42415 | An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14... | | |
| CVE-2024-42416 | Multiple issues in ctl(4) CAM Target Layer | | |
| CVE-2024-42417 | Delta Electronics DIAEnergie SQL Injection | S | |
| CVE-2024-42418 | Avtec Outpost Use of Hard-coded Cryptographic Key | S | |
| CVE-2024-42419 | Incorrect default permissions for some Intel(R) GPA and Intel(R) GPA Framework software installers m... | | |
| CVE-2024-42420 | Sharp and Toshiba Tec MFPs contain multiple Out-of-bounds Read vulnerabilities, due to improper proc... | | |
| CVE-2024-42422 | Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vul... | | |
| CVE-2024-42423 | Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vul... | | |
| CVE-2024-42424 | Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation ... | | |
| CVE-2024-42425 | Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Access of Memory Location ... | | |
| CVE-2024-42426 | Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption ... | | |
| CVE-2024-42427 | Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in ... | | |
| CVE-2024-42434 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure | | |
| CVE-2024-42435 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure | | |
| CVE-2024-42436 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow | | |
| CVE-2024-42437 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow | | |
| CVE-2024-42438 | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow | | |
| CVE-2024-42439 | Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS - Untrusted Search Path | | |
| CVE-2024-42440 | Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Improper Privilege Management | | |
| CVE-2024-42441 | Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Improper Privilege Management | | |
| CVE-2024-42442 | Runtime Service Access outside SMRAM | | |
| CVE-2024-42444 | TOCTOU Race Condition between DMA and SMM | | |
| CVE-2024-42446 | TOCTOU in SmmWhea | | |
| CVE-2024-42447 | Apache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow | S | |
| CVE-2024-42448 | From the VSPC management agent machine, under condition that the management agent is authorized on t... | | |
| CVE-2024-42449 | From the VSPC management agent machine, under condition that the management agent is authorized on t... | | |
| CVE-2024-42450 | The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is als... | | |
| CVE-2024-42451 | A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credenti... | | |
| CVE-2024-42452 | A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotel... | | |
| CVE-2024-42453 | A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configu... | | |
| CVE-2024-42455 | A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting se... | | |
| CVE-2024-42456 | A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific ... | | |
| CVE-2024-42457 | A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose sav... | | |
| CVE-2024-42458 | server.c in Neat VNC (aka neatvnc) before 0.8.1 does not properly validate the security type, a rela... | S | |
| CVE-2024-42459 | In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a mi... | | |
| CVE-2024-42460 | In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because there is a mi... | | |
| CVE-2024-42461 | In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded s... | S | |
| CVE-2024-42462 | Bypass multifactor authentication | | |
| CVE-2024-42463 | Leak of organizations messages | | |
| CVE-2024-42464 | Leak of user information | | |
| CVE-2024-42465 | Lack of resources and rate limiting - two factor authentication | | |
| CVE-2024-42466 | Lack of resources and rate limiting - login | | |
| CVE-2024-42467 | CometVisu Backend for openHAB affected by SSRF/XSS | S | |
| CVE-2024-42468 | Path traversal (CometVisu) | S | |
| CVE-2024-42469 | CometVisu Backend for openHAB affected by RCE through path traversal | S | |
| CVE-2024-42470 | CometVisu Backend for openHAB has a sensitive information disclosure vulnerability | S | |
| CVE-2024-42471 | Arbitrary File Write via artifact extraction in actions/artifact | | |
| CVE-2024-42472 | Flatpak may allow access to files outside sandbox for certain apps | | |
| CVE-2024-42473 | OpenFGA Authorization Bypass | | |
| CVE-2024-42474 | Streamlit Path Traversal Security Vulnerability on Windows | S | |
| CVE-2024-42475 | OAuth library for nim allows insecure generation of state values by generateState - entropy too low and uses regular PRNG instead of CSPRNG | | |
| CVE-2024-42476 | oauth CSRF vulnerability | | |
| CVE-2024-42477 | llama.cpp global-buffer-overflow in ggml_type_size | S | |
| CVE-2024-42478 | llama.cpp allows Arbitrary Address Read in rpc_server::get_tensor | E S | |
| CVE-2024-42479 | llama.cpp allows write-what-where in rpc_server::set_tensor | E S | |
| CVE-2024-42480 | Kamaji's RBAC Roles for `etcd` are not disjunct | E S | |
| CVE-2024-42481 | Complete crash of host system due to calculateDirectorySize in skyportd | | |
| CVE-2024-42482 | fish-shop/syntax-check Improper Neutralization of Delimiters | S | |
| CVE-2024-42483 | ESP-NOW Replay Attacks Vulnerability | E S | |
| CVE-2024-42484 | ESP-NOW OOB Vulnerability In Group Type Message | | |
| CVE-2024-42485 | Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint | S | |
| CVE-2024-42486 | Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API | | |
| CVE-2024-42487 | Cilium's Gateway API route matching order contradicts specification | S | |
| CVE-2024-42488 | Cilium agent's race condition may lead to policy bypass for Host Firewall policy | S | |
| CVE-2024-42489 | Pro Macros Remote Code Execution via Viewpdf and similar macros | S | |
| CVE-2024-42490 | authentik has Insufficient Authorization for several API endpoints | | |
| CVE-2024-42491 | A malformed Contact or Record-Route URI in an incoming SIP request can cause Asterisk to crash when res_resolver_unbound is used | | |
| CVE-2024-42492 | Uncontrolled search path element in some BIOS and System Firmware Update Package for Intel(R) Server... | | |
| CVE-2024-42493 | Dorsett Controls InfoScan Exposure of Sensitive Information To An Unauthorized Actor | S | |
| CVE-2024-42494 | Ruijie Reyee OS Exposure of Private Personal Information to an Unauthorized Actor | S | |
| CVE-2024-42495 | Hughes Network Systems WL3000 Missing Encryption of Sensitive Data | S | |
| CVE-2024-42496 | Smart-tab Android app installed April 2023 or earlier contains an issue with plaintext storage of a ... | | |
| CVE-2024-42497 | Insufficient permissions checks on teams | S | |
| CVE-2024-42499 | Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in FitNe... | | |
| CVE-2024-42500 | HPE has identified a denial of service vulnerability in HPE HP-UX System's Network File System (NFSv... | | |
| CVE-2024-42501 | Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE) | | |
| CVE-2024-42502 | Authenticated Remote Command Execution (RCE) Vulnerability in the AOS Command Line Interface | | |
| CVE-2024-42503 | Authenticated Remote Command Execution (RCE) Vulnerability in the Lua Package Within the AOS Command Line Interface (CLI) | | |
| CVE-2024-42504 | HPE IceWall Agent products, Cross-Site Request Forgery (CSRF) | S | |
| CVE-2024-42505 | Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol | | |
| CVE-2024-42506 | Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol | | |
| CVE-2024-42507 | Unauthenticated Command Injection Vulnerabilities in the CLI Service Accessed by the PAPI Protocol | | |
| CVE-2024-42508 | This vulnerability could be exploited, leading to unauthorized disclosure of information to authenti... | | |
| CVE-2024-42509 | Unauthenticated Command Injection Vulnerability in the CLI Service Accessed by the PAPI Protocol | | |
| CVE-2024-42512 | Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker t... | | |
| CVE-2024-42513 | Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker t... | | |
| CVE-2024-42514 | A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 cou... | | |
| CVE-2024-42515 | Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application it... | | |
| CVE-2024-42520 | TOTOLINK A3002R v4.0.0-B20230531.1404 contains a buffer overflow vulnerability in /bin/boa via formP... | E | |
| CVE-2024-42523 | publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/... | E | |
| CVE-2024-42531 | Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video ... | | |
| CVE-2024-42533 | SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 al... | E | |
| CVE-2024-42543 | TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the http_host paramete... | E | |
| CVE-2024-42545 | TOTOLINK A3700R v9.1.2u.5822_B20200513 has a buffer overflow vulnerability in the ssid parameter in ... | E | |
| CVE-2024-42546 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the password paramete... | E | |
| CVE-2024-42547 | TOTOLINK A3100R V4.1.2cu.5050_B20200504 has a buffer overflow vulnerability in the http_host paramet... | E | |
| CVE-2024-42550 | A cross-site scripting (XSS) vulnerability in the component /email/welcome.php of Mini Inventory and... | | |
| CVE-2024-42552 | Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via t... | | |
| CVE-2024-42553 | A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System... | | |
| CVE-2024-42554 | Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via t... | | |
| CVE-2024-42555 | A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management Syst... | | |
| CVE-2024-42556 | Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via t... | | |
| CVE-2024-42557 | A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management Syste... | | |
| CVE-2024-42558 | Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via t... | | |
| CVE-2024-42559 | An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows ... | | |
| CVE-2024-42560 | A cross-site scripting (XSS) vulnerability in the component update_page_details.php of Blood Bank An... | | |
| CVE-2024-42561 | Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via... | | |
| CVE-2024-42562 | Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via... | | |
| CVE-2024-42563 | An arbitrary file upload vulnerability in ERP commit 44bd04 allows attackers to execute arbitrary co... | | |
| CVE-2024-42564 | ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /i... | | |
| CVE-2024-42565 | ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /i... | | |
| CVE-2024-42566 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via t... | E | |
| CVE-2024-42567 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via t... | E | |
| CVE-2024-42568 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via t... | E | |
| CVE-2024-42569 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via t... | | |
| CVE-2024-42570 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via t... | E | |
| CVE-2024-42571 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via t... | | |
| CVE-2024-42572 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via t... | E | |
| CVE-2024-42573 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via t... | E | |
| CVE-2024-42574 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via t... | E | |
| CVE-2024-42575 | School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via t... | E | |
| CVE-2024-42576 | A Cross-Site Request Forgery (CSRF) in the component edit_categorie.php of Warehouse Inventory Syste... | E | |
| CVE-2024-42577 | A Cross-Site Request Forgery (CSRF) in the component add_product.php of Warehouse Inventory System v... | E | |
| CVE-2024-42578 | A Cross-Site Request Forgery (CSRF) in the component edit_product.php of Warehouse Inventory System ... | E | |
| CVE-2024-42579 | A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.... | E | |
| CVE-2024-42580 | A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2... | E | |
| CVE-2024-42581 | A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System ... | E | |
| CVE-2024-42582 | A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory Sys... | E | |
| CVE-2024-42583 | A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v... | E | |
| CVE-2024-42584 | A Cross-Site Request Forgery (CSRF) in the component delete_product.php of Warehouse Inventory Syste... | E | |
| CVE-2024-42585 | A Cross-Site Request Forgery (CSRF) in the component delete_media.php of Warehouse Inventory System ... | E | |
| CVE-2024-42586 | A Cross-Site Request Forgery (CSRF) in the component categorie.php of Warehouse Inventory System v2.... | E | |
| CVE-2024-42598 | SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that alt... | E | |
| CVE-2024-42599 | SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that alt... | E | |
| CVE-2024-42603 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2024-42604 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2024-42605 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2024-42606 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2024-42607 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2024-42608 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2024-42609 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2024-42610 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2024-42611 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.... | E | |
| CVE-2024-42612 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2024-42613 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2024-42616 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2024-42617 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2024-42618 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /mo... | E | |
| CVE-2024-42619 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2024-42621 | Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /ad... | E | |
| CVE-2024-42623 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi... | E | |
| CVE-2024-42624 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi... | E | |
| CVE-2024-42625 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi... | E | |
| CVE-2024-42626 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi... | E | |
| CVE-2024-42627 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi... | E | |
| CVE-2024-42628 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi... | E | |
| CVE-2024-42629 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi... | E | |
| CVE-2024-42630 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi... | E | |
| CVE-2024-42631 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi... | E | |
| CVE-2024-42632 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi... | E | |
| CVE-2024-42633 | A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Link... | E | |
| CVE-2024-42634 | A Command Injection vulnerability exists in formWriteFacMac of the httpd binary in Tenda AC9 v15.03.... | E | |
| CVE-2024-42636 | DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activep... | | |
| CVE-2024-42637 | H3C R3010 v100R002L02 was discovered to contain a hardcoded password vulnerability in /etc/shadow, w... | E | |
| CVE-2024-42638 | H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow,... | E | |
| CVE-2024-42639 | H3C GR1100-P v100R009 was discovered to use a hardcoded password in /etc/shadow, which allows attack... | E | |
| CVE-2024-42640 | angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via de... | | |
| CVE-2024-42642 | Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can b... | E | |
| CVE-2024-42643 | Integer Overflow in fast_ping.c in SmartDNS Release46 allows remote attackers to cause a Denial of S... | | |
| CVE-2024-42657 | An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sen... | | |
| CVE-2024-42658 | An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sen... | | |
| CVE-2024-42662 | An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via... | | |
| CVE-2024-42671 | A Host Header Poisoning Open Redirect issue in slabiak Appointment Scheduler v.1.0.5 allows a remote... | | |
| CVE-2024-42675 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-42676 | File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a ... | E | |
| CVE-2024-42677 | An issue in Huizhi enterprise resource management system v.1.0 and before allows a local attacker to... | E | |
| CVE-2024-42678 | Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before all... | E | |
| CVE-2024-42679 | SQL Injection vulnerability in Super easy enterprise management system v.1.0.0 and before allows a l... | E | |
| CVE-2024-42680 | An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to ob... | E | |
| CVE-2024-42681 | Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary ... | E | |
| CVE-2024-42697 | Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows ... | | |
| CVE-2024-42698 | Roughly Enough Items (REI) v.16.0.729 and before contains an Improper Validation of Specified Index,... | S | |
| CVE-2024-42699 | Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows ... | E | |
| CVE-2024-42733 | An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code v... | | |
| CVE-2024-42736 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command inj... | E | |
| CVE-2024-42737 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command inj... | E | |
| CVE-2024-42738 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command inj... | E | |
| CVE-2024-42739 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command inj... | E | |
| CVE-2024-42740 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command inj... | E | |
| CVE-2024-42741 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command inj... | E | |
| CVE-2024-42742 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command inj... | E | |
| CVE-2024-42743 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command inj... | E | |
| CVE-2024-42744 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command inj... | E | |
| CVE-2024-42745 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command inj... | E | |
| CVE-2024-42747 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command inj... | E | |
| CVE-2024-42748 | In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command inj... | E | |
| CVE-2024-42756 | An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the... | | |
| CVE-2024-42757 | Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute... | | |
| CVE-2024-42758 | A Cross-site Scripting (XSS) vulnerability exists in version v2024-01-05 of the indexmenu plugin whe... | | |
| CVE-2024-42759 | An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuari... | | |
| CVE-2024-42760 | SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive inf... | | |
| CVE-2024-42761 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin_schedule.php" in Kashipara Bu... | E | |
| CVE-2024-42762 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticke... | E | |
| CVE-2024-42763 | A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Ka... | E | |
| CVE-2024-42764 | Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via ... | E | |
| CVE-2024-42765 | A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 al... | E | |
| CVE-2024-42766 | Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /delete... | | |
| CVE-2024-42767 | Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_... | E | |
| CVE-2024-42768 | A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.... | E | |
| CVE-2024-42769 | A Reflected Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php " of Kaship... | E | |
| CVE-2024-42770 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara ... | E | |
| CVE-2024-42771 | A Stored Cross Site Scripting (XSS) vulnerability was found in " /admin/edit_room_controller.php" of... | E | |
| CVE-2024-42772 | An Incorrect Access Control vulnerability was found in /admin/rooms.php in Kashipara Hotel Managemen... | E | |
| CVE-2024-42773 | An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara ... | E | |
| CVE-2024-42774 | An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Man... | E | |
| CVE-2024-42775 | An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara H... | E | |
| CVE-2024-42776 | Kashipara Hotel Management System v1.0 is vulnerable to Incorrect Access Control via /admin/users.ph... | E | |
| CVE-2024-42777 | An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara ... | E | |
| CVE-2024-42778 | An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kas... | E | |
| CVE-2024-42779 | An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kaship... | E | |
| CVE-2024-42780 | An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kaship... | E | |
| CVE-2024-42781 | A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System... | E | |
| CVE-2024-42782 | A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management S... | E | |
| CVE-2024-42783 | Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_ite... | E | |
| CVE-2024-42784 | A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Manageme... | E | |
| CVE-2024-42785 | A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management S... | E | |
| CVE-2024-42786 | A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 al... | E | |
| CVE-2024-42787 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_playlist... | E | |
| CVE-2024-42788 | A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_music" i... | E | |
| CVE-2024-42789 | A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/controller.php?page=test" ... | E | |
| CVE-2024-42790 | A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Ka... | E | |
| CVE-2024-42791 | A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.... | E | |
| CVE-2024-42792 | A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.... | E | |
| CVE-2024-42793 | A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.... | E | |
| CVE-2024-42794 | Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php... | E | |
| CVE-2024-42795 | An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controll... | E | |
| CVE-2024-42796 | An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kaship... | E | |
| CVE-2024-42797 | An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kas... | E | |
| CVE-2024-42798 | An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/in... | E | |
| CVE-2024-42812 | In D-Link DIR-860L v2.03, there is a buffer overflow vulnerability due to the lack of length verific... | E | |
| CVE-2024-42813 | In TRENDnet TEW-752DRU FW1.03B01, there is a buffer overflow vulnerability due to the lack of length... | E | |
| CVE-2024-42815 | In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length v... | | |
| CVE-2024-42816 | A cross-site scripting (XSS) vulnerability in the Create Product function of fastapi-admin pro v0.1.... | | |
| CVE-2024-42818 | A cross-site scripting (XSS) vulnerability in the Config-Create function of fastapi-admin pro v0.1.4... | | |
| CVE-2024-42831 | A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 al... | | |
| CVE-2024-42834 | A stored cross-site scripting (XSS) vulnerability in the Create Customer API in Incognito Service Ac... | | |
| CVE-2024-42835 | langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the Pytho... | E | |
| CVE-2024-42843 | Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject paramete... | E | |
| CVE-2024-42844 | A SQL Injection vulnerability has been identified in EPICOR Prophet 21 (P21) up to 23.2.5232. This v... | | |
| CVE-2024-42845 | An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 ... | | |
| CVE-2024-42849 | An issue in Silverpeas v.6.4.2 and lower allows a remote attacker to cause a denial of service via t... | | |
| CVE-2024-42850 | An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of ... | | |
| CVE-2024-42851 | Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbi... | E | |
| CVE-2024-42852 | Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to e... | | |
| CVE-2024-42861 | An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of s... | | |
| CVE-2024-42885 | SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary c... | | |
| CVE-2024-42898 | A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbit... | E | |
| CVE-2024-42900 | Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the... | E | |
| CVE-2024-42901 | A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via ... | | |
| CVE-2024-42902 | An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute... | | |
| CVE-2024-42903 | A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 an... | S | |
| CVE-2024-42904 | A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary we... | | |
| CVE-2024-42905 | Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulner... | | |
| CVE-2024-42906 | TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. ... | E | |
| CVE-2024-42911 | ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote... | | |
| CVE-2024-42913 | RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at... | | |
| CVE-2024-42914 | A host header injection vulnerability exists in the forgot password functionality of ArrowCMS versio... | E | |
| CVE-2024-42915 | A host header injection vulnerability in Staff Appraisal System v1.0 allows attackers to obtain the ... | | |
| CVE-2024-42918 | itsourcecode Online Accreditation Management System contains a Cross Site Scripting vulnerability, w... | E | |
| CVE-2024-42919 | eScan Management Console 14.0.1400.2281 is vulnerable to Incorrect Access Control via acteScanAVRepo... | | |
| CVE-2024-42922 | AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability.... | | |
| CVE-2024-42930 | PbootCMS 3.2.8 is vulnerable to URL Redirect.... | | |
| CVE-2024-42934 | OpenIPMI before 2.0.36 has an out-of-bounds array access (for authentication type) in the ipmi_sim s... | | |
| CVE-2024-42936 | The mqlink.elf is service component in Ruijie RG-EW300N with firmware ReyeeOS 1.300.1422 is vulnerab... | | |
| CVE-2024-42939 | A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2 allow... | E | |
| CVE-2024-42940 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in th... | E | |
| CVE-2024-42941 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in... | E | |
| CVE-2024-42942 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in th... | E | |
| CVE-2024-42943 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPPOEPassword parame... | E | |
| CVE-2024-42944 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in th... | E | |
| CVE-2024-42945 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in th... | E | |
| CVE-2024-42946 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in th... | E | |
| CVE-2024-42947 | An issue in the handler function in /goform/telnet of Tenda FH1201 v1.2.0.14 (408) allows attackers ... | E | |
| CVE-2024-42948 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the delno parameter in t... | E | |
| CVE-2024-42949 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the qos parameter in the... | E | |
| CVE-2024-42950 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the Go parameter in the ... | E | |
| CVE-2024-42951 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the mit_pptpusrpw parame... | E | |
| CVE-2024-42952 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in th... | E | |
| CVE-2024-42953 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the PPW parameter in the... | E | |
| CVE-2024-42954 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in th... | E | |
| CVE-2024-42955 | Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in th... | E | |
| CVE-2024-42966 | Incorrect access control in TOTOLINK N350RT V9.3.5u.6139_B20201216 allows attackers to obtain the ap... | E | |
| CVE-2024-42967 | Incorrect access control in TOTOLINK LR350 V9.3.5u.6369_B20220309 allows attackers to obtain the apm... | E | |
| CVE-2024-42968 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the Go parameter in the fro... | E | |
| CVE-2024-42969 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f... | E | |
| CVE-2024-42973 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f... | E | |
| CVE-2024-42974 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f... | E | |
| CVE-2024-42976 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f... | E | |
| CVE-2024-42977 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the qos parameter in the fr... | E | |
| CVE-2024-42978 | An issue in the handler function in /goform/telnet of Tenda FH1206 v02.03.01.35 allows attackers to ... | E | |
| CVE-2024-42979 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f... | E | |
| CVE-2024-42980 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f... | E | |
| CVE-2024-42981 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the delno parameter in the ... | E | |
| CVE-2024-42982 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f... | E | |
| CVE-2024-42983 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the pptpPPW parameter in th... | E | |
| CVE-2024-42984 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f... | E | |
| CVE-2024-42985 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the page parameter in the f... | E | |
| CVE-2024-42986 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the PPPOEPassword parameter... | E | |
| CVE-2024-42987 | Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the modino parameter in the... | E | |
| CVE-2024-42988 | Lack of access control in ChallengeSolves (/api/v1/challenges/ | | |
| CVE-2024-42991 | MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution.... | E | |
| CVE-2024-42992 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-42994 | VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leadin... | E | |
| CVE-2024-42995 | VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact dir... | E |