| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-46040 | IoT Haat Smart Plug IH-IN-16A-S IH-IN-16A-S v5.16.1 suffers from Insufficient Session Expiration. Th... | | |
| CVE-2024-46041 | IoT Haat Smart Plug IH-IN-16A-S v5.16.1 is vulnerable to Authentication Bypass by Capture-replay.... | | |
| CVE-2024-46044 | CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.... | E | |
| CVE-2024-46045 | Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.... | E | |
| CVE-2024-46046 | Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function.... | E | |
| CVE-2024-46047 | Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function.... | E | |
| CVE-2024-46048 | Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i... | E | |
| CVE-2024-46049 | Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand ... | E | |
| CVE-2024-46054 | OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without... | | |
| CVE-2024-46055 | OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names.... | | |
| CVE-2024-46073 | A reflected Cross-Site Scripting (XSS) vulnerability exists in the login page of IceHRM v32.4.0.OS. ... | | |
| CVE-2024-46076 | RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code gener... | | |
| CVE-2024-46077 | itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (... | | |
| CVE-2024-46078 | itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function del... | | |
| CVE-2024-46079 | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in proj_new.php via the ... | E | |
| CVE-2024-46080 | Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function... | E | |
| CVE-2024-46081 | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user c... | E | |
| CVE-2024-46082 | Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the f... | E | |
| CVE-2024-46083 | Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting (XSS). An authenticated user c... | E | |
| CVE-2024-46084 | Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip functio... | E | |
| CVE-2024-46085 | FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi... | | |
| CVE-2024-46086 | FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi... | E | |
| CVE-2024-46088 | An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang Universit... | | |
| CVE-2024-46089 | 74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin.... | E | |
| CVE-2024-46097 | TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a ne... | | |
| CVE-2024-46101 | GDidees CMS <= v3.9.1 has a file upload vulnerability.... | | |
| CVE-2024-46103 | SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php.... | E | |
| CVE-2024-46209 | A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5... | | |
| CVE-2024-46210 | An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attacker... | | |
| CVE-2024-46212 | An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to ex... | | |
| CVE-2024-46213 | REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability.... | | |
| CVE-2024-46215 | A vulnerability was discovered in KM08-708H-v1.1, There is a buffer overflow in the sub_445BDC() fun... | | |
| CVE-2024-46226 | A stored cross site scripting (XSS) vulnerability in HelpDeskZ < v2.0.2 allows remote attackers to e... | E | |
| CVE-2024-46236 | CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the addr... | E M | |
| CVE-2024-46237 | PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) via the patnam... | E | |
| CVE-2024-46238 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4... | E | |
| CVE-2024-46239 | Multiple cross-site scripting vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via... | E | |
| CVE-2024-46240 | Collabtive 3.1 is vulnerable to Cross-site scripting (XSS) via the name parameter under action=syste... | E | |
| CVE-2024-46241 | PHPGurukul Dairy Farm Shop Management System v1.1 is vulnerable to Cross-Site Scripting (XSS) via th... | E | |
| CVE-2024-46242 | An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows at... | | |
| CVE-2024-46256 | A Command injection vulnerability in requestLetsEncryptSsl in NginxProxyManager 2.11.3 allows an att... | | |
| CVE-2024-46257 | A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11... | | |
| CVE-2024-46258 | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_load_png_mem() function a... | E | |
| CVE-2024-46259 | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_unfilter() function at cu... | E | |
| CVE-2024-46261 | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_make32() function at cute... | E | |
| CVE-2024-46263 | cute_png v1.05 was discovered to contain a stack overflow via the cp_dynamic() function at cute_png.... | E | |
| CVE-2024-46264 | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_find() function at cute_p... | E | |
| CVE-2024-46267 | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_block() function at cute_... | E | |
| CVE-2024-46274 | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_stored() function at cute... | E | |
| CVE-2024-46276 | cute_png v1.05 was discovered to contain a heap buffer overflow via the cp_chunk() function at cute_... | E | |
| CVE-2024-46278 | Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.... | | |
| CVE-2024-46280 | PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper Access Control. The TELNET service is... | | |
| CVE-2024-46292 | A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a c... | | |
| CVE-2024-46293 | Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There ... | M | |
| CVE-2024-46300 | itsourcecode Placement Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Ful... | E | |
| CVE-2024-46304 | A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denia... | | |
| CVE-2024-46307 | A loop hole in the payment logic of Sparkshop v1.16 allows attackers to arbitrarily modify the numbe... | E | |
| CVE-2024-46310 | Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify... | | |
| CVE-2024-46313 | TP-Link WR941ND V6 has a stack overflow vulnerability in the ssid parameter in /userRpm/popupSiteSur... | | |
| CVE-2024-46316 | DrayTek Vigor3900 v1.5.1.6 was discovered to contain a command injection vulnerability via the sub_2... | | |
| CVE-2024-46325 | TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSur... | | |
| CVE-2024-46326 | Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of... | | |
| CVE-2024-46327 | An issue in the Http_handle object of VONETS VAP11G-300 v3.3.23.6.9 allows attackers to access sensi... | | |
| CVE-2024-46328 | VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain hardcoded credentials for several different ... | | |
| CVE-2024-46329 | VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the Sy... | | |
| CVE-2024-46330 | VONETS VAP11G-300 v3.3.23.6.9 was discovered to contain a command injection vulnerability via the ip... | | |
| CVE-2024-46331 | ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect paramete... | E | |
| CVE-2024-46333 | An authenticated cross-site scripting (XSS) vulnerability in Piwigo v14.5.0 allows attackers to exec... | E | |
| CVE-2024-46340 | TL-WR845N(UN)_V4_201214, TP-Link TL-WR845N(UN)_V4_200909, and TL-WR845N(UN)_V4_190219 was discovered... | E | |
| CVE-2024-46341 | TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which... | E | |
| CVE-2024-46362 | FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admi... | E | |
| CVE-2024-46366 | A Client-side Template Injection (CSTI) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attac... | | |
| CVE-2024-46367 | A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote attackers... | | |
| CVE-2024-46372 | DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the ad... | | |
| CVE-2024-46373 | Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend.... | | |
| CVE-2024-46374 | Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_categor... | | |
| CVE-2024-46375 | Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signu... | | |
| CVE-2024-46376 | Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the updat... | | |
| CVE-2024-46377 | Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_... | | |
| CVE-2024-46382 | A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensit... | E | |
| CVE-2024-46383 | Hathway Skyworth Router CM5100-511 v4.1.1.24 was discovered to store sensitive information about USB... | | |
| CVE-2024-46394 | FrogCMS v0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/?/user/add... | E | |
| CVE-2024-46409 | A stored cross-site scripting (XSS) vulnerability in SeedDMS v6.0.28 allows attackers to execute arb... | | |
| CVE-2024-46410 | PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a c... | E | |
| CVE-2024-46419 | TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg fu... | E | |
| CVE-2024-46424 | TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the UploadCustomMod... | E | |
| CVE-2024-46429 | A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote a... | E | |
| CVE-2024-46430 | Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. Unauthorized password change ... | E | |
| CVE-2024-46431 | Tenda W18E V16.01.0.8(1625) is vulnerable to Buffer Overflow. An attacker with access to the web man... | E | |
| CVE-2024-46432 | Tenda W18E V16.01.0.8(1625) is vulnerable to Incorrect Access Control. An attacker can send a specia... | E | |
| CVE-2024-46433 | A default credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote att... | E | |
| CVE-2024-46434 | Tenda W18E V16.01.0.8(1625) suffers from authentication bypass in the web management portal allowing... | E | |
| CVE-2024-46435 | A stack overflow vulnerability in the Tenda W18E V16.01.0.8(1625) web management portal allows an au... | E | |
| CVE-2024-46436 | Hardcoded credentials in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to gain... | E | |
| CVE-2024-46437 | A sensitive information disclosure vulnerability in the Tenda W18E V16.01.0.8(1625) web management p... | E | |
| CVE-2024-46441 | An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via ... | | |
| CVE-2024-46442 | An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication vi... | | |
| CVE-2024-46446 | Mecha CMS 3.0.0 is vulnerable to Directory Traversal. An attacker can construct cookies and URIs tha... | E | |
| CVE-2024-46450 | Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.... | | |
| CVE-2024-46451 | TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWiFiAclRules... | E | |
| CVE-2024-46453 | A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05 allows... | E | |
| CVE-2024-46455 | unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser.... | | |
| CVE-2024-46461 | VLC media player 3.0.20 and earlier is vulnerable to denial of service through an integer overflow w... | | |
| CVE-2024-46462 | By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to ... | | |
| CVE-2024-46463 | By default, dedicated folders of ORIZON for Windows up to 2024.3 can be accessed by other users to m... | | |
| CVE-2024-46464 | In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user acces... | | |
| CVE-2024-46465 | By default, dedicated folders of CRYHOD for Windows up to 2024.3 can be accessed by other users to m... | | |
| CVE-2024-46466 | By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 or up to Q.2021.2 (ANSSI quali... | | |
| CVE-2024-46467 | By default, dedicated folders of ZONEPOINT for Windows up to 2024.1 can be accessed by other users t... | | |
| CVE-2024-46468 | A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be expl... | E | |
| CVE-2024-46470 | Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to... | E M | |
| CVE-2024-46471 | The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the ... | E M | |
| CVE-2024-46472 | CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' ... | E | |
| CVE-2024-46475 | A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Tem... | | |
| CVE-2024-46478 | HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.... | | |
| CVE-2024-46479 | Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability... | | |
| CVE-2024-46480 | An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Applicati... | | |
| CVE-2024-46481 | The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflec... | | |
| CVE-2024-46482 | An arbitrary file upload vulnerability in the Ticket Generation function of Ladybird Web Solution Fa... | | |
| CVE-2024-46483 | Xlight FTP Server <3.9.4.3 has an integer overflow vulnerability in the packet parsing logic of the ... | | |
| CVE-2024-46485 | dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAc... | E | |
| CVE-2024-46486 | TP-LINK TL-WDR5620 v2.3 was discovered to contain a remote code execution (RCE) vulnerability via th... | | |
| CVE-2024-46488 | sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. ... | E | |
| CVE-2024-46489 | A remote command execution (RCE) vulnerability in promptr v6.0.7 allows attackers to execute arbitra... | E | |
| CVE-2024-46494 | A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary w... | E | |
| CVE-2024-46503 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-46505 | Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabil... | | |
| CVE-2024-46506 | NetAlertX 23.01.14 through 24.x before 24.10.12 allows unauthenticated command injection via setting... | E | |
| CVE-2024-46510 | ESAFENET CDG v5 was discovered to contain a SQL injection vulnerability via the id parameter in the ... | E | |
| CVE-2024-46511 | LoadZilla LLC LoadLogic v1.4.3 was discovered to contain insecure permissions vulnerability which al... | | |
| CVE-2024-46528 | An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x thro... | | |
| CVE-2024-46531 | phpgurukul Vehicle Record Management System v1.0 was discovered to contain a SQL injection vulnerabi... | E | |
| CVE-2024-46532 | SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the re... | | |
| CVE-2024-46535 | Jepaas v7.2.8 was discovered to contain a SQL injection vulnerability via the orderSQL parameter at ... | | |
| CVE-2024-46538 | A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary w... | E | |
| CVE-2024-46539 | Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch... | | |
| CVE-2024-46540 | A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2... | | |
| CVE-2024-46542 | Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injecti... | | |
| CVE-2024-46544 | Apache Tomcat Connectors: mod_jk: local users can view and modify configuration | | |
| CVE-2024-46546 | NEXTU FLETA AX1500 WIFI6 Router v1.0.3 was discovered to contain a stack overflow via the url parame... | | |
| CVE-2024-46547 | A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3.2.6... | | |
| CVE-2024-46548 | TP-Link Tapo P125M and Kasa KP125M v1.0.3 was discovered to improperly validate certificates, allowi... | | |
| CVE-2024-46549 | An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers t... | | |
| CVE-2024-46550 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the CGIbyFieldName parame... | | |
| CVE-2024-46551 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_Pwd parameter at... | | |
| CVE-2024-46552 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sStRtMskShow paramete... | | |
| CVE-2024-46553 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ipaddrmsk%d parameter... | | |
| CVE-2024-46554 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the profname parameter at... | | |
| CVE-2024-46555 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pb parameter at v2x00... | | |
| CVE-2024-46556 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sInRCSecret0 paramete... | | |
| CVE-2024-46557 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName paramete... | | |
| CVE-2024-46558 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the newProname parameter ... | | |
| CVE-2024-46559 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sBPA_UsrNme parameter... | | |
| CVE-2024-46560 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the pub_key parameter at ... | | |
| CVE-2024-46561 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the queryret parameter at... | | |
| CVE-2024-46564 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName paramete... | | |
| CVE-2024-46565 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvName parameter at... | | |
| CVE-2024-46566 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAppName parameter at... | | |
| CVE-2024-46567 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iProfileIdx parameter... | | |
| CVE-2024-46568 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPeerId parameter at ... | | |
| CVE-2024-46571 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPPPSrvNm parameter a... | | |
| CVE-2024-46580 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the fid parameter at v2x0... | | |
| CVE-2024-46581 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfName parameter a... | | |
| CVE-2024-46582 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sSrvAddr parameter at... | | |
| CVE-2024-46583 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the extRadSrv2 parameter ... | | |
| CVE-2024-46584 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the AControlIp1 parameter... | | |
| CVE-2024-46585 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName paramete... | | |
| CVE-2024-46586 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sCloudPass parameter ... | | |
| CVE-2024-46588 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sProfileName paramete... | | |
| CVE-2024-46589 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sIpv6AiccuUser parame... | | |
| CVE-2024-46590 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt%d paramet... | | |
| CVE-2024-46591 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sDnsPro parameter at ... | | |
| CVE-2024-46592 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the ssidencrypt_5g%d para... | | |
| CVE-2024-46593 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the trapcomm parameter at... | | |
| CVE-2024-46594 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveVPNProfile parame... | | |
| CVE-2024-46595 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the saveitem parameter at... | | |
| CVE-2024-46596 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sAct parameter at v2x... | | |
| CVE-2024-46597 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the sPubKey parameter at ... | | |
| CVE-2024-46598 | Draytek Vigor 3910 v4.3.2.6 was discovered to contain a buffer overflow in the iprofileidx parameter... | | |
| CVE-2024-46600 | dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /a... | E | |
| CVE-2024-46601 | Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer o... | | |
| CVE-2024-46602 | An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML Ext... | | |
| CVE-2024-46603 | An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware ... | | |
| CVE-2024-46605 | A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 ... | E | |
| CVE-2024-46606 | A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 ... | E | |
| CVE-2024-46607 | Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering an... | E | |
| CVE-2024-46609 | An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before ... | E | |
| CVE-2024-46610 | An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' in... | E | |
| CVE-2024-46612 | IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forg... | E | |
| CVE-2024-46613 | WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c whe... | | |
| CVE-2024-46622 | An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0... | | |
| CVE-2024-46624 | An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges t... | | |
| CVE-2024-46625 | An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDo... | | |
| CVE-2024-46626 | OS4ED openSIS-Classic v9.1 was discovered to contain a SQL injection vulnerability via a crafted pay... | | |
| CVE-2024-46627 | Incorrect access control in BECN DATAGERRY v2.2 allows attackers to execute arbitrary commands via c... | | |
| CVE-2024-46628 | Tenda G3 Router firmware v15.03.05.05 was discovered to contain a remote code execution (RCE) vulner... | E | |
| CVE-2024-46632 | Assimp v5.4.3 is vulnerable to Buffer Overflow via the MD5Importer::LoadMD5MeshFile function.... | E | |
| CVE-2024-46635 | An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows at... | | |
| CVE-2024-46639 | A cross-site scripting (XSS) vulnerability in HelpDeskZ v2.0.2 allows attackers to execute arbitrary... | | |
| CVE-2024-46640 | SeaCMS 13.2 has a remote code execution vulnerability located in the file sql.class.chp. Although th... | E | |
| CVE-2024-46644 | eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via edit_file.... | E | |
| CVE-2024-46645 | eNMS 4.0.0 is vulnerable to Directory Traversal via get_tree_files.... | E | |
| CVE-2024-46646 | eNMS up to 4.7.1 is vulnerable to Directory Traversal via /download/file.... | E | |
| CVE-2024-46647 | eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via upload_files.... | E | |
| CVE-2024-46648 | eNMS 4.4.0 to 4.7.1 is vulnerable to Directory Traversal via scan_folder.... | E | |
| CVE-2024-46649 | eNMS up to 4.7.1 is vulnerable to Directory Traversal via download/folder.... | E | |
| CVE-2024-46652 | Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability in the fromAdvSetMacMtuWan function.... | E | |
| CVE-2024-46654 | A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024... | E | |
| CVE-2024-46655 | A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execu... | E | |
| CVE-2024-46657 | Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /too... | | |
| CVE-2024-46658 | Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection... | | |
| CVE-2024-46662 | A improper neutralization of special elements used in a command ('command injection') in Fortinet Fo... | S | |
| CVE-2024-46663 | A stack-buffer overflow vulnerability [CWE-121] in Fortinet FortiMail CLI version 7.6.0 through 7.6.... | S | |
| CVE-2024-46664 | A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before ... | S | |
| CVE-2024-46665 | An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0... | S | |
| CVE-2024-46666 | An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions ... | S | |
| CVE-2024-46667 | A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 a... | S | |
| CVE-2024-46668 | An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions ... | S | |
| CVE-2024-46669 | An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10... | S | |
| CVE-2024-46670 | An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, ver... | S | |
| CVE-2024-46671 | An Incorrect User Management vulnerability [CWE-286] in FortiWeb version 7.6.2 and below, version 7.... | S | |
| CVE-2024-46672 | wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion | S | |
| CVE-2024-46673 | scsi: aacraid: Fix double-free on probe failure | S | |
| CVE-2024-46674 | usb: dwc3: st: fix probed platform device ref count on probe error path | S | |
| CVE-2024-46675 | usb: dwc3: core: Prevent USB core invalid event buffer address access | S | |
| CVE-2024-46676 | nfc: pn533: Add poll mod list filling check | S | |
| CVE-2024-46677 | gtp: fix a potential NULL pointer dereference | S | |
| CVE-2024-46678 | bonding: change ipsec_lock from spin lock to mutex | S | |
| CVE-2024-46679 | ethtool: check device is present when getting link settings | S | |
| CVE-2024-46680 | Bluetooth: btnxpuart: Fix random crash seen while removing driver | S | |
| CVE-2024-46681 | pktgen: use cpus_read_lock() in pg_net_init() | S | |
| CVE-2024-46682 | nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open | S | |
| CVE-2024-46683 | drm/xe: prevent UAF around preempt fence | S | |
| CVE-2024-46684 | binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined | S | |
| CVE-2024-46685 | pinctrl: single: fix potential NULL dereference in pcs_get_function() | S | |
| CVE-2024-46686 | smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() | S | |
| CVE-2024-46687 | btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() | S | |
| CVE-2024-46688 | erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails | S | |
| CVE-2024-46689 | soc: qcom: cmd-db: Map shared memory as WC, not WB | S | |
| CVE-2024-46690 | nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease | S | |
| CVE-2024-46691 | usb: typec: ucsi: Move unregister out of atomic section | S | |
| CVE-2024-46692 | firmware: qcom: scm: Mark get_wq_ctx() as atomic call | S | |
| CVE-2024-46693 | soc: qcom: pmic_glink: Fix race during initialization | S | |
| CVE-2024-46694 | drm/amd/display: avoid using null object of framebuffer | S | |
| CVE-2024-46695 | selinux,smack: don't bypass permissions check in inode_setsecctx hook | S | |
| CVE-2024-46696 | nfsd: fix potential UAF in nfsd4_cb_getattr_release | S | |
| CVE-2024-46697 | nfsd: ensure that nfsd4_fattr_args.context is zeroed out | S | |
| CVE-2024-46698 | video/aperture: optionally match the device in sysfb_disable() | S | |
| CVE-2024-46699 | drm/v3d: Disable preemption while updating GPU stats | S | |
| CVE-2024-46700 | drm/amdgpu/mes: fix mes ring buffer overflow | S | |
| CVE-2024-46701 | libfs: fix infinite directory reads for offset dir | S | |
| CVE-2024-46702 | thunderbolt: Mark XDomain as unplugged when router is removed | S | |
| CVE-2024-46703 | Revert "serial: 8250_omap: Set the console genpd always on if no console suspend" | S | |
| CVE-2024-46704 | workqueue: Fix spruious data race in __flush_work() | S | |
| CVE-2024-46705 | drm/xe: reset mmio mappings with devm | S | |
| CVE-2024-46706 | tty: serial: fsl_lpuart: mark last busy before uart_add_one_port | S | |
| CVE-2024-46707 | KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 | S | |
| CVE-2024-46708 | pinctrl: qcom: x1e80100: Fix special pin offsets | S | |
| CVE-2024-46709 | drm/vmwgfx: Fix prime with external buffers | S | |
| CVE-2024-46710 | drm/vmwgfx: Prevent unmapping active read buffers | S | |
| CVE-2024-46711 | mptcp: pm: fix ID 0 endp usage after multiple re-creations | S | |
| CVE-2024-46712 | drm/vmwgfx: Disable coherent dumb buffers without 3d | S | |
| CVE-2024-46713 | perf/aux: Fix AUX buffer serialization | | |
| CVE-2024-46714 | drm/amd/display: Skip wbscl_set_scaler_filter if filter is null | S | |
| CVE-2024-46715 | driver: iio: add missing checks on iio_info's callback access | S | |
| CVE-2024-46716 | dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor | | |
| CVE-2024-46717 | net/mlx5e: SHAMPO, Fix incorrect page release | | |
| CVE-2024-46718 | drm/xe: Don't overmap identity VRAM mapping | | |
| CVE-2024-46719 | usb: typec: ucsi: Fix null pointer dereference in trace | S | |
| CVE-2024-46720 | drm/amdgpu: fix dereference after null check | S | |
| CVE-2024-46721 | apparmor: fix possible NULL pointer dereference | S | |
| CVE-2024-46722 | drm/amdgpu: fix mc_data out-of-bounds read warning | S | |
| CVE-2024-46723 | drm/amdgpu: fix ucode out-of-bounds read warning | S | |
| CVE-2024-46724 | drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number | S | |
| CVE-2024-46725 | drm/amdgpu: Fix out-of-bounds write warning | S | |
| CVE-2024-46726 | drm/amd/display: Ensure index calculation will not overflow | S | |
| CVE-2024-46727 | drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update | S | |
| CVE-2024-46728 | drm/amd/display: Check index for aux_rd_interval before using | S | |
| CVE-2024-46729 | drm/amd/display: Fix incorrect size calculation for loop | | |
| CVE-2024-46730 | drm/amd/display: Ensure array index tg_inst won't be -1 | S | |
| CVE-2024-46731 | drm/amd/pm: fix the Out-of-bounds read warning | S | |
| CVE-2024-46732 | drm/amd/display: Assign linear_pitch_alignment even for VM | S | |
| CVE-2024-46733 | btrfs: fix qgroup reserve leaks in cow_file_range | | |
| CVE-2024-46734 | btrfs: fix race between direct IO write and fsync when using same fd | | |
| CVE-2024-46735 | ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() | S | |
| CVE-2024-46736 | smb: client: fix double put of @cfile in smb2_rename_path() | | |
| CVE-2024-46737 | nvmet-tcp: fix kernel crash if commands allocation fails | S | |
| CVE-2024-46738 | VMCI: Fix use-after-free when removing resource in vmci_resource_remove() | S | |
| CVE-2024-46739 | uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind | S | |
| CVE-2024-46740 | binder: fix UAF caused by offsets overwrite | S | |
| CVE-2024-46741 | misc: fastrpc: Fix double free of 'buf' in error path | S | |
| CVE-2024-46742 | smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() | S | |
| CVE-2024-46743 | of/irq: Prevent device address out-of-bounds read in interrupt map walk | S | |
| CVE-2024-46744 | Squashfs: sanity check symbolic link size | S | |
| CVE-2024-46745 | Input: uinput - reject requests with unreasonable number of slots | | |
| CVE-2024-46746 | HID: amd_sfh: free driver_data after destroying hid device | S | |
| CVE-2024-46747 | HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup | S | |
| CVE-2024-46748 | cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT | | |
| CVE-2024-46749 | Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() | S | |
| CVE-2024-46750 | PCI: Add missing bridge lock to pci_bus_lock() | S | |
| CVE-2024-46751 | btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() | S | |
| CVE-2024-46752 | btrfs: replace BUG_ON() with error handling at update_ref_for_cow() | | |
| CVE-2024-46753 | btrfs: handle errors from btrfs_dec_ref() properly | | |
| CVE-2024-46754 | bpf: Remove tst_run from lwt_seg6local_prog_ops. | | |
| CVE-2024-46755 | wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() | S | |
| CVE-2024-46756 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-46757 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-46758 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-46759 | hwmon: (adc128d818) Fix underflows seen when writing limit attributes | S | |
| CVE-2024-46760 | wifi: rtw88: usb: schedule rx work after everything is set up | S | |
| CVE-2024-46761 | pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv | S | |
| CVE-2024-46762 | xen: privcmd: Fix possible access to a freed kirqfd instance | S | |
| CVE-2024-46763 | fou: Fix null-ptr-deref in GRO. | S | |
| CVE-2024-46764 | bpf: add check for invalid name in btf_name_valid_section() | | |
| CVE-2024-46765 | ice: protect XDP configuration with a mutex | S | |
| CVE-2024-46766 | ice: move netif_queue_set_napi to rtnl-protected sections | S | |
| CVE-2024-46767 | net: phy: Fix missing of_node_put() for leds | | |
| CVE-2024-46768 | hwmon: (hp-wmi-sensors) Check if WMI event data exists | S | |
| CVE-2024-46769 | spi: intel: Add check devm_kasprintf() returned value | S | |
| CVE-2024-46770 | ice: Add netif_device_attach/detach into PF reset flow | S | |
| CVE-2024-46771 | can: bcm: Remove proc entry when dev is unregistered. | S | |
| CVE-2024-46772 | drm/amd/display: Check denominator crb_pipes before used | S | |
| CVE-2024-46773 | drm/amd/display: Check denominator pbn_div before used | S | |
| CVE-2024-46774 | powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() | S | |
| CVE-2024-46775 | drm/amd/display: Validate function returns | S | |
| CVE-2024-46776 | drm/amd/display: Run DC_LOG_DC after checking link->link_enc | S | |
| CVE-2024-46777 | udf: Avoid excessive partition lengths | S | |
| CVE-2024-46778 | drm/amd/display: Check UnboundedRequestEnabled's value | S | |
| CVE-2024-46779 | drm/imagination: Free pvr_vm_gpuva after unlink | S | |
| CVE-2024-46780 | nilfs2: protect references to superblock parameters exposed in sysfs | S | |
| CVE-2024-46781 | nilfs2: fix missing cleanup on rollforward recovery error | S | |
| CVE-2024-46782 | ila: call nf_unregister_net_hooks() sooner | S | |
| CVE-2024-46783 | tcp_bpf: fix return value of tcp_bpf_sendmsg() | S | |
| CVE-2024-46784 | net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup | S | |
| CVE-2024-46785 | eventfs: Use list_del_rcu() for SRCU protected list variable | S | |
| CVE-2024-46786 | fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF | S | |
| CVE-2024-46787 | userfaultfd: fix checks for huge PMDs | S | |
| CVE-2024-46788 | tracing/osnoise: Use a cpumask to know what threads are kthreads | S | |
| CVE-2024-46789 | mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook | S | |
| CVE-2024-46790 | codetag: debug: mark codetags for poisoned page as empty | S | |
| CVE-2024-46791 | can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open | S | |
| CVE-2024-46792 | riscv: misaligned: Restrict user access to kernel memory | S | |
| CVE-2024-46793 | ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder | S | |
| CVE-2024-46794 | x86/tdx: Fix data leak in mmio_read() | S | |
| CVE-2024-46795 | ksmbd: unset the binding mark of a reused connection | S | |
| CVE-2024-46796 | smb: client: fix double put of @cfile in smb2_set_path_size() | S | |
| CVE-2024-46797 | powerpc/qspinlock: Fix deadlock in MCS queue | S | |
| CVE-2024-46798 | ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object | S | |
| CVE-2024-46799 | net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX | S | |
| CVE-2024-46800 | sch/netem: fix use after free in netem_dequeue | S | |
| CVE-2024-46801 | libfs: fix get_stashed_dentry() | S | |
| CVE-2024-46802 | drm/amd/display: added NULL check at start of dc_validate_stream | S | |
| CVE-2024-46803 | drm/amdkfd: Check debug trap enable before write dbg_ev_file | S | |
| CVE-2024-46804 | drm/amd/display: Add array index check for hdcp ddc access | S | |
| CVE-2024-46805 | drm/amdgpu: fix the waring dereferencing hive | S | |
| CVE-2024-46806 | drm/amdgpu: Fix the warning division or modulo by zero | S | |
| CVE-2024-46807 | drm/amd/amdgpu: Check tbo resource pointer | S | |
| CVE-2024-46808 | drm/amd/display: Add missing NULL pointer check within dpcd_extend_address_range | S | |
| CVE-2024-46809 | drm/amd/display: Check BIOS images before it is used | S | |
| CVE-2024-46810 | drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ | S | |
| CVE-2024-46811 | drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box | S | |
| CVE-2024-46812 | drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration | S | |
| CVE-2024-46813 | drm/amd/display: Check link_index before accessing dc->links[] | S | |
| CVE-2024-46814 | drm/amd/display: Check msg_id before processing transcation | S | |
| CVE-2024-46815 | drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] | S | |
| CVE-2024-46816 | drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links | S | |
| CVE-2024-46817 | drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 | S | |
| CVE-2024-46818 | drm/amd/display: Check gpio_id before used as array index | S | |
| CVE-2024-46819 | drm/amdgpu: the warning dereferencing obj for nbio_v7_4 | S | |
| CVE-2024-46820 | drm/amdgpu/vcn: remove irq disabling in vcn 5 suspend | S | |
| CVE-2024-46821 | drm/amd/pm: Fix negative array index read | S | |
| CVE-2024-46822 | arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry | S | |
| CVE-2024-46823 | kunit/overflow: Fix UB in overflow_allocation_test | S | |
| CVE-2024-46824 | iommufd: Require drivers to supply the cache_invalidate_user ops | S | |
| CVE-2024-46825 | wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check | S | |
| CVE-2024-46826 | ELF: fix kernel.randomize_va_space double read | S | |
| CVE-2024-46827 | wifi: ath12k: fix firmware crash due to invalid peer nss | S | |
| CVE-2024-46828 | sched: sch_cake: fix bulk flow accounting logic for host fairness | S | |
| CVE-2024-46829 | rtmutex: Drop rt_mutex::wait_lock before scheduling | S | |
| CVE-2024-46830 | KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS | S | |
| CVE-2024-46831 | net: microchip: vcap: Fix use-after-free error in kunit test | S | |
| CVE-2024-46832 | MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed | S | |
| CVE-2024-46833 | net: hns3: void array out of bound when loop tnl_num | S | |
| CVE-2024-46834 | ethtool: fail closed if we can't get max channel used in indirection tables | S | |
| CVE-2024-46835 | drm/amdgpu: Fix smatch static checker warning | S | |
| CVE-2024-46836 | usb: gadget: aspeed_udc: validate endpoint index for ast udc | S | |
| CVE-2024-46837 | drm/panthor: Restrict high priorities on group_create | S | |
| CVE-2024-46838 | userfaultfd: don't BUG_ON() if khugepaged yanks our page table | S | |
| CVE-2024-46839 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-46840 | btrfs: clean up our handling of refs == 0 in snapshot delete | S | |
| CVE-2024-46841 | btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() | S | |
| CVE-2024-46842 | scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info | S | |
| CVE-2024-46843 | scsi: ufs: core: Remove SCSI host only if added | S | |
| CVE-2024-46844 | um: line: always fill *error_out in setup_one_line() | S | |
| CVE-2024-46845 | tracing/timerlat: Only clear timer if a kthread exists | S | |
| CVE-2024-46846 | spi: rockchip: Resolve unbalanced runtime PM / system PM handling | S | |
| CVE-2024-46847 | mm: vmalloc: ensure vmap_block is initialised before adding to queue | S | |
| CVE-2024-46848 | perf/x86/intel: Limit the period on Haswell | S | |
| CVE-2024-46849 | ASoC: meson: axg-card: fix 'use-after-free' | S | |
| CVE-2024-46850 | drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct() | S | |
| CVE-2024-46851 | drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() | S | |
| CVE-2024-46852 | dma-buf: heaps: Fix off-by-one in CMA heap fault handler | S | |
| CVE-2024-46853 | spi: nxp-fspi: fix the KASAN report out-of-bounds bug | S | |
| CVE-2024-46854 | net: dpaa: Pad packets to ETH_ZLEN | S | |
| CVE-2024-46855 | netfilter: nft_socket: fix sk refcount leaks | S | |
| CVE-2024-46856 | net: phy: dp83822: Fix NULL pointer dereference on DP83825 devices | S | |
| CVE-2024-46857 | net/mlx5: Fix bridge mode operations when there are no VFs | S | |
| CVE-2024-46858 | mptcp: pm: Fix uaf in __timer_delete_sync | S | |
| CVE-2024-46859 | platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses | S | |
| CVE-2024-46860 | wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change | S | |
| CVE-2024-46861 | usbnet: ipheth: do not stop RX on failing RX callback | S | |
| CVE-2024-46862 | ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item | S | |
| CVE-2024-46863 | ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item | S | |
| CVE-2024-46864 | x86/hyperv: fix kexec crash due to VP assist page corruption | S | |
| CVE-2024-46865 | fou: fix initialization of grc | S | |
| CVE-2024-46866 | drm/xe/client: add missing bo locking in show_meminfo() | S | |
| CVE-2024-46867 | drm/xe/client: fix deadlock in show_meminfo() | S | |
| CVE-2024-46868 | firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire() | S | |
| CVE-2024-46869 | Bluetooth: btintel_pcie: Allocate memory for driver private data | S | |
| CVE-2024-46870 | drm/amd/display: Disable DMCUB timeout for DCN35 | S | |
| CVE-2024-46871 | drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX | S | |
| CVE-2024-46872 | Client-Side Path Traversal Leading to CSRF in Playbooks | S | |
| CVE-2024-46873 | Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be execu... | | |
| CVE-2024-46874 | Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges | S | |
| CVE-2024-46881 | Develocity (formerly Gradle Enterprise) before 2024.1.8 has Incorrect Access Control. Project-level ... | | |
| CVE-2024-46886 | The web server of affected devices does not properly validate input that is used for a user redirect... | | |
| CVE-2024-46887 | The web server of affected devices do not properly authenticate user request to the '/ClientArea/Run... | | |
| CVE-2024-46888 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected ap... | | |
| CVE-2024-46889 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected ap... | | |
| CVE-2024-46890 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected ap... | | |
| CVE-2024-46891 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected ap... | | |
| CVE-2024-46892 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected ap... | | |
| CVE-2024-46894 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected ap... | | |
| CVE-2024-46895 | Uncontrolled search path for some Intel(R) Arc™ & Iris(R) Xe graphics software before version 32... | | |
| CVE-2024-46896 | drm/amdgpu: don't access invalid sched | | |
| CVE-2024-46897 | Incorrect permission assignment for critical resource issue exists in Exment v6.1.4 and earlier and ... | | |
| CVE-2024-46898 | SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal... | S | |
| CVE-2024-46899 | Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF | | |
| CVE-2024-46901 | Apache Subversion: mod_dav_svn denial-of-service via control characters in paths | | |
| CVE-2024-46902 | A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an ... | | |
| CVE-2024-46903 | A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an ... | | |
| CVE-2024-46905 | WhatsUp Gold GetOrderByClause SQL Injection Privilege Escalation Vulnerability | | |
| CVE-2024-46906 | WhatsUp Gold GetSqlWhereClause SQL Injection Privilege Escalation Vulnerability | | |
| CVE-2024-46907 | WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability | | |
| CVE-2024-46908 | WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability | | |
| CVE-2024-46909 | WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability | | |
| CVE-2024-46910 | Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user | | |
| CVE-2024-46911 | Apache Roller: Weakness in CSRF protection allows privilege escalation | | |
| CVE-2024-46914 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes... | R | |
| CVE-2024-46915 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2024-46918 | app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin ... | S | |
| CVE-2024-46919 | An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, an... | | |
| CVE-2024-46920 | An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, an... | | |
| CVE-2024-46921 | An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 210... | E | |
| CVE-2024-46922 | An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The absence of a null chec... | | |
| CVE-2024-46923 | An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. The absence of a nu... | | |
| CVE-2024-46933 | An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. ... | | |
| CVE-2024-46934 | Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to DOM-based Cros... | S | |
| CVE-2024-46935 | Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier is vulnerable to denial of serv... | S | |
| CVE-2024-46936 | Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forge... | | |
| CVE-2024-46937 | An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties end... | | |
| CVE-2024-46938 | An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experienc... | | |
| CVE-2024-46939 | Game Extension Engine Path Traversal Vulnerability | | |
| CVE-2024-46942 | In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a ... | | |
| CVE-2024-46943 | An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0... | | |
| CVE-2024-46946 | langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attack... | | |
| CVE-2024-46947 | Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF.... | | |
| CVE-2024-46948 | Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control.... | S | |
| CVE-2024-46951 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implemen... | S | |
| CVE-2024-46952 | An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer o... | S | |
| CVE-2024-46953 | An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflo... | S | |
| CVE-2024-46954 | An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Over... | S | |
| CVE-2024-46955 | An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bo... | S | |
| CVE-2024-46956 | An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data acc... | S | |
| CVE-2024-46957 | Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses pre... | | |
| CVE-2024-46958 | In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server a... | S | |
| CVE-2024-46959 | runofast Indoor Security Camera for Baby Monitor has a default password of password for the root acc... | | |
| CVE-2024-46960 | The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 ... | | |
| CVE-2024-46961 | The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.... | | |
| CVE-2024-46962 | The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android ... | | |
| CVE-2024-46963 | The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application t... | | |
| CVE-2024-46964 | The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows... | | |
| CVE-2024-46965 | The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 ... | | |
| CVE-2024-46966 | The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for And... | | |
| CVE-2024-46970 | In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible... | | |
| CVE-2024-46971 | GPU DDK - UAF of memory in PMRUnlockSysPhysAddressesLocalMem for on-demand PMRs on PCI (LMA) systems | | |
| CVE-2024-46972 | GPU DDK - Security: Reference count overflow in pvr_sync_rollback_export_fence | | |
| CVE-2024-46973 | Exploitable kernel use-after-free on psServerMMUContext due to reference count mismanagement | | |
| CVE-2024-46974 | GPU DDK - Arbitrary write of read-only dmabuf | | |
| CVE-2024-46975 | GPU DDK - rgxfw_write_robustness_buffer allows arbitrary catreg set mapping | | |
| CVE-2024-46976 | Circumvention of cross site scripting Protection in @backstage/plugin-techdocs-backend | | |
| CVE-2024-46977 | OpenC3 COSMOS allows a path traversal via screen controller (`GHSL-2024-127`) | S | |
| CVE-2024-46978 | Missing checks for notification filter preferences editions in XWiki Platform | E S | |
| CVE-2024-46979 | Data leak of notification filters of users in XWiki Platform | E S | |
| CVE-2024-46980 | Tuleap vulnerable to XSS in the HTML mail content of the cross reference field | E S | |
| CVE-2024-46981 | Redis' Lua library commands may lead to remote code execution | | |
| CVE-2024-46982 | Cache Poisoning in next.js | | |
| CVE-2024-46983 | Remote Command Execution(RCE) Vulnerbility in sofa-hessian | | |
| CVE-2024-46984 | XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator | | |
| CVE-2024-46985 | DataEase has an XXE vulnerability | E | |
| CVE-2024-46986 | Arbitrary file write leading to RCE in Camaleon CMS | E S | |
| CVE-2024-46987 | Arbitrary path traversal in Camaleon CMS | E S | |
| CVE-2024-46988 | Tuleap does not properly check permissions for email notifications in trackers | E | |
| CVE-2024-46989 | Multiple caveats on resources of the same type can result in no permission when permission is expected | | |
| CVE-2024-46990 | SSRF Loopback IP filter bypass in directus | | |
| CVE-2024-46994 | baserCMS has Cross-site Scripting Vulnerability in Blog posts and Contents list Feature | | |
| CVE-2024-46995 | baserCMS has Cross-site Scripting Vulnerability in HTTP 400 Bad Request | | |
| CVE-2024-46996 | baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature | | |
| CVE-2024-46997 | DataEase's H2 datasource has a remote command execution risk | E | |
| CVE-2024-46998 | baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature | | |
| CVE-2024-46999 | User Grant Deactivation not Working in Zitadel | S |