| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-57000 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-48022. Reason: This candidat... | R | |
| CVE-2024-57004 | Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated user... | | |
| CVE-2024-57011 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57012 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57013 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57014 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57015 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57016 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57017 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57018 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57019 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57020 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57021 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57022 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57023 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57024 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57025 | TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerabil... | E | |
| CVE-2024-57026 | TawkTo Widget Version <= 1.3.7 is vulnerable to Cross Site Scripting (XSS) due to processing user in... | E | |
| CVE-2024-57030 | Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_funcionario.php via t... | E | |
| CVE-2024-57031 | WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario ... | E | |
| CVE-2024-57032 | WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application doe... | E | |
| CVE-2024-57033 | WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via the dados_addInfo parameter of documen... | E | |
| CVE-2024-57034 | WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter.... | E | |
| CVE-2024-57035 | WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php.... | E | |
| CVE-2024-57036 | TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in dow... | E | |
| CVE-2024-57040 | TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to contain a hardcoded password f... | | |
| CVE-2024-57041 | A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to s... | E S | |
| CVE-2024-57045 | A vulnerability in the D-Link DIR-859 router with firmware version A3 1.05 and earlier permits unaut... | E | |
| CVE-2024-57046 | A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits un... | E | |
| CVE-2024-57049 | A vulnerability in the TP-Link Archer c20 router with firmware version V6.6_230412 and earlier permi... | E | |
| CVE-2024-57050 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11714. Reason: This candidat... | R | |
| CVE-2024-57052 | An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the s... | | |
| CVE-2024-57055 | Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorize... | | |
| CVE-2024-57056 | Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity ... | | |
| CVE-2024-57061 | An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute... | E | |
| CVE-2024-57062 | An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and o... | | |
| CVE-2024-57063 | A prototype pollution in the lib function of php-date-formatter v1.3.6 allows attackers to cause a D... | | |
| CVE-2024-57064 | A prototype pollution in the lib.setValue function of @syncfusion/ej2-spreadsheet v27.2.2 allows att... | | |
| CVE-2024-57065 | A prototype pollution in the lib.createPath function of utile v0.3.0 allows attackers to cause a Den... | | |
| CVE-2024-57066 | A prototype pollution in the lib.deep function of @ndhoule/defaults v2.0.1 allows attackers to cause... | | |
| CVE-2024-57067 | A prototype pollution in the lib.parse function of dot-qs v0.2.0 allows attackers to cause a Denial ... | | |
| CVE-2024-57068 | A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows atta... | | |
| CVE-2024-57069 | A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial... | E | |
| CVE-2024-57071 | A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause a D... | E | |
| CVE-2024-57072 | A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows atta... | | |
| CVE-2024-57074 | A prototype pollution in the lib.merge function of xe-utils v3.5.31 allows attackers to cause a Deni... | | |
| CVE-2024-57075 | A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a D... | | |
| CVE-2024-57076 | A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a De... | | |
| CVE-2024-57077 | The latest version of utils-extend (1.0.8) is vulnerable to Prototype Pollution through the entry fu... | | |
| CVE-2024-57078 | A prototype pollution in the lib.merge function of cli-util v1.1.27 allows attackers to cause a Deni... | | |
| CVE-2024-57079 | A prototype pollution in the lib.deepMerge function of @zag-js/core v0.50.0 allows attackers to caus... | | |
| CVE-2024-57080 | A prototype pollution in the lib.install function of vxe-table v4.8.10 allows attackers to cause a D... | E | |
| CVE-2024-57081 | A prototype pollution in the lib.fromQuery function of underscore-contrib v0.3.0 allows attackers to... | | |
| CVE-2024-57082 | A prototype pollution in the lib.createUploader function of @rpldy/uploader v1.8.1 allows attackers ... | | |
| CVE-2024-57083 | A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc <... | E S | |
| CVE-2024-57084 | A prototype pollution in the function lib.parse of dot-properties v1.0.1 allows attackers to cause a... | | |
| CVE-2024-57085 | A prototype pollution in the function deepMerge of @stryker-mutator/util v8.6.0 allows attackers to ... | | |
| CVE-2024-57086 | A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows att... | E | |
| CVE-2024-57095 | SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code vi... | E | |
| CVE-2024-57096 | An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a ... | | |
| CVE-2024-57097 | ClassCMS 4.8 is vulnerable to Cross Site Scripting (XSS) in class/admin/channel.php.... | E | |
| CVE-2024-57098 | Moss v0.1.3 version has an SQL injection vulnerability that allows attackers to inject carefully des... | | |
| CVE-2024-57099 | ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constr... | E | |
| CVE-2024-57151 | SQL Injection vulnerability in rainrocka xinhu v.2.6.5 and before allows a remote attacker to execut... | E | |
| CVE-2024-57152 | Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sens... | | |
| CVE-2024-57154 | Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers to bypass authentication via s... | | |
| CVE-2024-57155 | Incorrect access control in radar v1.0.8 allows attackers to bypass authentication and access sensit... | | |
| CVE-2024-57157 | Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensit... | | |
| CVE-2024-57159 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/... | E | |
| CVE-2024-57160 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/... | E | |
| CVE-2024-57161 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/... | E | |
| CVE-2024-57162 | Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.... | E | |
| CVE-2024-57169 | A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php... | E | |
| CVE-2024-57170 | SOPlanning 1.53.00 is vulnerable to a directory traversal issue in /process/upload.php. The "fichier... | E | |
| CVE-2024-57174 | A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered d... | | |
| CVE-2024-57175 | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Cert... | E | |
| CVE-2024-57176 | An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a di... | E | |
| CVE-2024-57177 | A host header injection vulnerability exists in the NPM package of perfood/couch-auth <= 0.21.2. By ... | | |
| CVE-2024-57178 | An SQL injection vulnerability exists in Stock-Forecaster <=01-04-2020. By sending a specially craft... | | |
| CVE-2024-57184 | An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer o... | E S | |
| CVE-2024-57186 | In Erxes <1.6.2, an unauthenticated attacker can read arbitrary files from the system using a Path T... | E S | |
| CVE-2024-57189 | In Erxes <1.6.2, an authenticated attacker can write to arbitrary files on the system using a Path T... | E S | |
| CVE-2024-57190 | Erxes <1.6.1 is vulnerable to Incorrect Access Control. An attacker can bypass authentication by pro... | E S | |
| CVE-2024-57211 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2024-57212 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2024-57213 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2024-57214 | TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability vi... | E | |
| CVE-2024-57222 | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname ... | E | |
| CVE-2024-57223 | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname ... | E | |
| CVE-2024-57224 | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname ... | E | |
| CVE-2024-57225 | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname... | E | |
| CVE-2024-57226 | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface p... | E | |
| CVE-2024-57227 | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname ... | E | |
| CVE-2024-57228 | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface p... | E | |
| CVE-2024-57229 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerabil... | E | |
| CVE-2024-57230 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerabil... | E | |
| CVE-2024-57231 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerabil... | E | |
| CVE-2024-57232 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerabil... | E | |
| CVE-2024-57233 | NETGEAR RAX5 (AX1600 WiFi Router) v1.0.2.26 was discovered to contain a command injection vulnerabil... | E | |
| CVE-2024-57234 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerabil... | E | |
| CVE-2024-57235 | NETGEAR RAX5 (AX1600 WiFi Router) V1.0.2.26 was discovered to contain a command injection vulnerabil... | E | |
| CVE-2024-57237 | Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting (XSS) in the /r... | | |
| CVE-2024-57238 | Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/pro... | | |
| CVE-2024-57240 | A Cross-Site Scripting (XSS) vulnerability in the Rendering Engine component in Apryse WebViewer v11... | E | |
| CVE-2024-57241 | Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. In the web application, a logic error doe... | | |
| CVE-2024-57248 | Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve... | | |
| CVE-2024-57249 | Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attack... | | |
| CVE-2024-57252 | OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read... | | |
| CVE-2024-57254 | An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size c... | | |
| CVE-2024-57255 | An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted sq... | | |
| CVE-2024-57256 | An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (addin... | | |
| CVE-2024-57257 | A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashf... | | |
| CVE-2024-57258 | Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs... | | |
| CVE-2024-57259 | sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap mem... | | |
| CVE-2024-57261 | In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related is... | | |
| CVE-2024-57262 | In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to a... | | |
| CVE-2024-57272 | SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnerable to Cross Site Scripting (X... | | |
| CVE-2024-57273 | Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cros... | | |
| CVE-2024-57276 | In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service pa... | | |
| CVE-2024-57277 | InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload.... | | |
| CVE-2024-57278 | A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingSca... | E | |
| CVE-2024-57279 | A reflected Cross-Site Scripting (XSS) vulnerability has been identified in the LDAP User Manager <=... | E | |
| CVE-2024-57326 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Piz... | E | |
| CVE-2024-57328 | A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vuln... | E | |
| CVE-2024-57329 | HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field... | E | |
| CVE-2024-57336 | Incorrect access control in M2Soft CROWNIX Report & ERS affected v7.x to v7.4.3.599 and v8.x to v8.0... | | |
| CVE-2024-57337 | An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ER... | | |
| CVE-2024-57338 | An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to ... | | |
| CVE-2024-57348 | Cross Site Scripting vulnerability in PecanProject pecan through v.1.8.0 allows a remote attacker to... | E | |
| CVE-2024-57357 | An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to ex... | E | |
| CVE-2024-57360 | https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type ... | | |
| CVE-2024-57362 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54840. Reason: This candidat... | R | |
| CVE-2024-57369 | Clickjacking vulnerability in typecho v1.2.1.... | | |
| CVE-2024-57370 | Cross Site Scripting vulnerability in sunnygkp10 Online Exam System master version allows a remote a... | | |
| CVE-2024-57372 | Cross Site Scripting vulnerability in InformationPush master version allows a remote attacker to obt... | | |
| CVE-2024-57373 | Cross Site Request Forgery (CSRF) vulnerability in LifestyleStore v1.0 allows a remote attacker to e... | | |
| CVE-2024-57375 | Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically pro... | | |
| CVE-2024-57376 | Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N fr... | | |
| CVE-2024-57378 | Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the... | | |
| CVE-2024-57386 | Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary ... | E | |
| CVE-2024-57392 | Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remote attacker to execute arbitra... | | |
| CVE-2024-57394 | The quarantine - restore function in Qi-ANXIN Tianqing Endpoint Security Management System v10.0 all... | E | |
| CVE-2024-57395 | Password Vulnerability in Safety production process management system v1.0 allows a remote attacker ... | | |
| CVE-2024-57401 | SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to ex... | | |
| CVE-2024-57407 | An arbitrary file upload vulnerability in the component /userPicture of Timo v2.0.3 allows attackers... | | |
| CVE-2024-57408 | An arbitrary file upload vulnerability in the component /comm/upload of cool-admin-java v1.0 allows ... | E | |
| CVE-2024-57409 | A stored cross-site scripting (XSS) vulnerability in the Parameter List module of cool-admin-java v1... | E | |
| CVE-2024-57423 | A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to ... | E | |
| CVE-2024-57426 | NetMod VPN Client 5.3.1 is vulnerable to DLL injection, allowing an attacker to execute arbitrary co... | | |
| CVE-2024-57427 | PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting (XSS). Multipl... | E | |
| CVE-2024-57428 | A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists du... | | |
| CVE-2024-57429 | A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinem... | | |
| CVE-2024-57430 | An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v... | | |
| CVE-2024-57432 | macrozheng mall-tiny 1.0.1 suffers from Insecure Permissions. The application's JWT signing keys are... | | |
| CVE-2024-57433 | macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After ... | E | |
| CVE-2024-57434 | macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by d... | E | |
| CVE-2024-57435 | In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interfac... | E | |
| CVE-2024-57436 | RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in t... | E | |
| CVE-2024-57437 | RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /m... | E | |
| CVE-2024-57438 | Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assign... | E | |
| CVE-2024-57439 | An issue in the reset password interface of ruoyi v4.8.0 allows attackers with Admin privileges to c... | E | |
| CVE-2024-57440 | D-Link DSL-3788 revA1 1.01R1B036_EU_EN is vulnerable to Buffer Overflow via the COMM_MAKECustomMsg f... | | |
| CVE-2024-57450 | ChestnutCMS <=1.5.0 is vulnerable to File Upload via the Create template function.... | E | |
| CVE-2024-57451 | ChestnutCMS <=1.5.0 has a directory traversal vulnerability in contentcore.controller.FileController... | E | |
| CVE-2024-57452 | ChestnutCMS <=1.5.0 has an arbitrary file deletion vulnerability in contentcore.controller.FileContr... | E | |
| CVE-2024-57459 | A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Pr... | | |
| CVE-2024-57471 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in ... | | |
| CVE-2024-57473 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in ... | | |
| CVE-2024-57479 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in ... | | |
| CVE-2024-57480 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in ... | | |
| CVE-2024-57482 | H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in ... | | |
| CVE-2024-57483 | Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function.... | | |
| CVE-2024-57487 | In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extens... | | |
| CVE-2024-57488 | Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehic... | | |
| CVE-2024-57490 | Guangzhou Hongfan Technology Co., LTD. iOffice20 has any user login vulnerability. An attacker can l... | | |
| CVE-2024-57491 | Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this... | | |
| CVE-2024-57492 | An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of servi... | E | |
| CVE-2024-57493 | An issue in redoxOS relibc before commit 98aa4ea5 allows a local attacker to cause a denial of servi... | E | |
| CVE-2024-57498 | Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalat... | E | |
| CVE-2024-57509 | Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a ... | | |
| CVE-2024-57510 | Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a ... | E | |
| CVE-2024-57513 | A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in ... | | |
| CVE-2024-57514 | The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handlin... | E | |
| CVE-2024-57519 | An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogs_dbi_au... | E S | |
| CVE-2024-57520 | Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary cod... | | |
| CVE-2024-57522 | SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS)... | E | |
| CVE-2024-57523 | Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management Syste... | E | |
| CVE-2024-57529 | Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to... | E | |
| CVE-2024-57536 | Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via wizard_... | E | |
| CVE-2024-57537 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed f... | E | |
| CVE-2024-57538 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed f... | E | |
| CVE-2024-57539 | Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via userEma... | E | |
| CVE-2024-57540 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed f... | E | |
| CVE-2024-57541 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed f... | E | |
| CVE-2024-57542 | Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via the fie... | E | |
| CVE-2024-57543 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed f... | E | |
| CVE-2024-57544 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed f... | E | |
| CVE-2024-57545 | Linksys E8450 v1.2.00.360516 was discovered to contain a buffer overflow vulnerability. The parsed f... | E | |
| CVE-2024-57546 | An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted s... | E | |
| CVE-2024-57547 | Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive i... | E | |
| CVE-2024-57548 | CMSimple 5.16 allows the user to edit log.php file via print page.... | E | |
| CVE-2024-57549 | CMSimple 5.16 allows the user to read cms source code through manipulation of the file name in the f... | E | |
| CVE-2024-57556 | Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to e... | E M | |
| CVE-2024-57575 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the for... | | |
| CVE-2024-57577 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in th... | | |
| CVE-2024-57578 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in th... | E | |
| CVE-2024-57579 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in... | | |
| CVE-2024-57580 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the ... | E | |
| CVE-2024-57581 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in t... | E | |
| CVE-2024-57582 | Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the ... | E | |
| CVE-2024-57583 | Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName ... | | |
| CVE-2024-57587 | Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows rem... | E | |
| CVE-2024-57590 | TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interfac... | | |
| CVE-2024-57595 | DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_... | | |
| CVE-2024-57598 | A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in func... | E | |
| CVE-2024-57599 | Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbi... | E | |
| CVE-2024-57601 | Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attac... | | |
| CVE-2024-57602 | An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges... | E | |
| CVE-2024-57603 | An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lac... | E | |
| CVE-2024-57604 | An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the tok... | E | |
| CVE-2024-57605 | Cross Site Scripting vulnerability in Daylight Studio Fuel CMS v.1.5.2 allows an attacker to escalat... | E | |
| CVE-2024-57606 | SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allow... | | |
| CVE-2024-57608 | An issue in Via Browser 6.1.0 allows a a remote attacker to execute arbitrary code via the mark.via.... | E | |
| CVE-2024-57609 | An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a remote attacker to obtain sensitive inf... | | |
| CVE-2024-57610 | A rate limiting issue in Sylius v2.0.2 allows a remote attacker to perform unrestricted brute-force ... | | |
| CVE-2024-57611 | 07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminActio... | E | |
| CVE-2024-57615 | An issue in the BATcalcbetween_intern component of MonetDB Server v11.47.11 allows attackers to caus... | E | |
| CVE-2024-57616 | An issue in the vscanf component of MonetDB Server v11.47.11 allows attackers to cause a Denial of S... | E | |
| CVE-2024-57617 | An issue in the dameraulevenshtein component of MonetDB Server v11.49.1 allows attackers to cause a ... | E | |
| CVE-2024-57618 | An issue in the bind_col_exp component of MonetDB Server v11.47.11 allows attackers to cause a Denia... | E | |
| CVE-2024-57619 | An issue in the atom_get_int component of MonetDB Server v11.47.11 allows attackers to cause a Denia... | E | |
| CVE-2024-57620 | An issue in the trimchars component of MonetDB Server v11.47.11 allows attackers to cause a Denial o... | E | |
| CVE-2024-57621 | An issue in the GDKanalytical_correlation component of MonetDB Server v11.47.11 allows attackers to ... | E | |
| CVE-2024-57622 | An issue in the exp_bin component of MonetDB Server v11.49.1 allows attackers to cause a Denial of S... | E | |
| CVE-2024-57623 | An issue in the HEAP_malloc component of MonetDB Server v11.49.1 allows attackers to cause a Denial ... | E | |
| CVE-2024-57624 | An issue in the exp_atom component of MonetDB Server v11.49.1 allows attackers to cause a Denial of ... | E | |
| CVE-2024-57625 | An issue in the merge_table_prune_and_unionize component of MonetDB Server v11.49.1 allows attackers... | E | |
| CVE-2024-57626 | An issue in the mat_join2 component of MonetDB Server v11.49.1 allows attackers to cause a Denial of... | E | |
| CVE-2024-57627 | An issue in the gc_col component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Se... | E | |
| CVE-2024-57628 | An issue in the exp_values_set_supertype component of MonetDB Server v11.49.1 allows attackers to ca... | E | |
| CVE-2024-57629 | An issue in the tail_type component of MonetDB Server v11.49.1 allows attackers to cause a Denial of... | E | |
| CVE-2024-57630 | An issue in the exps_card component of MonetDB Server v11.49.1 allows attackers to cause a Denial of... | E | |
| CVE-2024-57631 | An issue in the exp_ref component of MonetDB Server v11.49.1 allows attackers to cause a Denial of S... | E | |
| CVE-2024-57632 | An issue in the is_column_unique component of MonetDB Server v11.49.1 allows attackers to cause a De... | E | |
| CVE-2024-57633 | An issue in the exps_bind_column component of MonetDB Server v11.49.1 allows attackers to cause a De... | | |
| CVE-2024-57634 | An issue in the exp_copy component of MonetDB Server v11.49.1 allows attackers to cause a Denial of ... | E | |
| CVE-2024-57635 | An issue in the chash_array component of openlink virtuoso-opensource v7.2.11 allows attackers to ca... | E | |
| CVE-2024-57636 | An issue in the itc_sample_row_check component of openlink virtuoso-opensource v7.2.11 allows attack... | E | |
| CVE-2024-57637 | An issue in the dfe_unit_gb_dependant component of openlink virtuoso-opensource v7.2.11 allows attac... | E | |
| CVE-2024-57638 | An issue in the dfe_body_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to ... | E | |
| CVE-2024-57639 | An issue in the dc_elt_size component of openlink virtuoso-opensource v7.2.11 allows attackers to ca... | E | |
| CVE-2024-57640 | An issue in the dc_add_int component of openlink virtuoso-opensource v7.2.11 allows attackers to cau... | E | |
| CVE-2024-57641 | An issue in the sqlexp component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a... | E | |
| CVE-2024-57642 | An issue in the dfe_inx_op_col_def_table component of openlink virtuoso-opensource v7.2.11 allows at... | E | |
| CVE-2024-57643 | An issue in the box_deserialize_string component of openlink virtuoso-opensource v7.2.11 allows atta... | E | |
| CVE-2024-57644 | An issue in the itc_hash_compare component of openlink virtuoso-opensource v7.2.11 allows attackers ... | E | |
| CVE-2024-57645 | An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attacker... | E | |
| CVE-2024-57646 | An issue in the psiginfo component of openlink virtuoso-opensource v7.2.11 allows attackers to cause... | E | |
| CVE-2024-57647 | An issue in the row_insert_cast component of openlink virtuoso-opensource v7.2.11 allows attackers t... | E | |
| CVE-2024-57648 | An issue in the itc_set_param_row component of openlink virtuoso-opensource v7.2.11 allows attackers... | E | |
| CVE-2024-57649 | An issue in the qst_vec_set component of openlink virtuoso-opensource v7.2.11 allows attackers to ca... | E | |
| CVE-2024-57650 | An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attacker... | E | |
| CVE-2024-57651 | An issue in the jp_add component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a... | E | |
| CVE-2024-57652 | An issue in the numeric_to_dv component of openlink virtuoso-opensource v7.2.11 allows attackers to ... | E | |
| CVE-2024-57653 | An issue in the qst_vec_set_copy component of openlink virtuoso-opensource v7.2.11 allows attackers ... | E | |
| CVE-2024-57654 | An issue in the qst_vec_get_int64 component of openlink virtuoso-opensource v7.2.11 allows attackers... | E | |
| CVE-2024-57655 | An issue in the dfe_n_in_order component of openlink virtuoso-opensource v7.2.11 allows attackers to... | E | |
| CVE-2024-57656 | An issue in the sqlc_add_distinct_node component of openlink virtuoso-opensource v7.2.11 allows atta... | E | |
| CVE-2024-57657 | An issue in the sqlg_vec_upd component of openlink virtuoso-opensource v7.2.11 allows attackers to c... | E | |
| CVE-2024-57658 | An issue in the sql_tree_hash_1 component of openlink virtuoso-opensource v7.2.11 allows attackers t... | E | |
| CVE-2024-57659 | An issue in the sqlg_parallel_ts_seq component of openlink virtuoso-opensource v7.2.11 allows attack... | E | |
| CVE-2024-57660 | An issue in the sqlo_expand_jts component of openlink virtuoso-opensource v7.2.11 allows attackers t... | E | |
| CVE-2024-57661 | An issue in the sqlo_df component of openlink virtuoso-opensource v7.2.11 allows attackers to cause ... | E | |
| CVE-2024-57662 | An issue in the sqlg_hash_source component of openlink virtuoso-opensource v7.2.11 allows attackers ... | E | |
| CVE-2024-57663 | An issue in the sqlg_place_dpipes component of openlink virtuoso-opensource v7.2.11 allows attackers... | E | |
| CVE-2024-57664 | An issue in the sqlg_group_node component of openlink virtuoso-opensource v7.2.11 allows attackers t... | E | |
| CVE-2024-57665 | JFinalCMS 1.0 is vulnerable to SQL Injection in rc/main/java/com/cms/entity/Content.java. The cause ... | E | |
| CVE-2024-57668 | In Code-projects Shopping Portal v1.0, the insert-product.php page has an arbitrary file upload vuln... | E | |
| CVE-2024-57669 | Directory Traversal vulnerability in Zrlog backup-sql-file.jar v.3.0.31 allows a remote attacker to ... | | |
| CVE-2024-57672 | An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Ma... | | |
| CVE-2024-57673 | An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Ma... | E | |
| CVE-2024-57676 | An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011... | | |
| CVE-2024-57677 | An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allo... | | |
| CVE-2024-57678 | An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 all... | | |
| CVE-2024-57679 | An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D... | | |
| CVE-2024-57680 | An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011... | | |
| CVE-2024-57681 | An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allo... | | |
| CVE-2024-57682 | An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R... | | |
| CVE-2024-57683 | An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D882... | | |
| CVE-2024-57684 | An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allow... | | |
| CVE-2024-57685 | An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a cr... | | |
| CVE-2024-57686 | A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGur... | E | |
| CVE-2024-57687 | An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul ... | E | |
| CVE-2024-57698 | An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and o... | | |
| CVE-2024-57699 | A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially craft... | | |
| CVE-2024-57703 | Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the f... | E | |
| CVE-2024-57704 | Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the f... | E | |
| CVE-2024-57707 | An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and passwo... | E | |
| CVE-2024-57708 | An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Objec... | | |
| CVE-2024-57716 | An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive informati... | | |
| CVE-2024-57719 | lunasvg v3.0.0 was discovered to contain a segmentation violation via the component blend_transforme... | E | |
| CVE-2024-57720 | lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_blend.... | E | |
| CVE-2024-57721 | lunasvg v3.0.0 was discovered to contain a segmentation violation via the component plutovg_path_add... | E | |
| CVE-2024-57722 | lunasvg v3.0.0 was discovered to contain a allocation-size-too-big bug via the component plutovg_sur... | E | |
| CVE-2024-57723 | lunasvg v3.0.0 was discovered to contain a segmentation violation via the component composition_sour... | E | |
| CVE-2024-57724 | lunasvg v3.0.0 was discovered to contain a segmentation violation via the component gray_record_cell... | E | |
| CVE-2024-57725 | An issue in the Arcadyan Livebox Fibra PRV3399B_B_LT allows a remote or local attacker to modify the... | | |
| CVE-2024-57726 | SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges ... | | |
| CVE-2024-57727 | SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulner... | KEV | |
| CVE-2024-57728 | SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files an... | | |
| CVE-2024-57757 | JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /intercepto... | E | |
| CVE-2024-57760 | JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId p... | E | |
| CVE-2024-57761 | An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows... | | |
| CVE-2024-57762 | MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml co... | E | |
| CVE-2024-57763 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the co... | E | |
| CVE-2024-57764 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the co... | E | |
| CVE-2024-57765 | MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parame... | E | |
| CVE-2024-57766 | MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the co... | E | |
| CVE-2024-57767 | MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the compo... | E | |
| CVE-2024-57768 | JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the componen... | E | |
| CVE-2024-57769 | JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the componen... | E | |
| CVE-2024-57770 | JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the componen... | E | |
| CVE-2024-57771 | A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA befo... | E | |
| CVE-2024-57772 | A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA... | E | |
| CVE-2024-57773 | A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA... | E | |
| CVE-2024-57774 | A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFina... | E | |
| CVE-2024-57775 | JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the componen... | E | |
| CVE-2024-57776 | A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA befo... | E | |
| CVE-2024-57777 | Directory Traversal vulnerability in Ianproxy v.0.1 and before allows a remote attacker to obtain se... | | |
| CVE-2024-57778 | An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate pri... | | |
| CVE-2024-57782 | An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service.... | | |
| CVE-2024-57783 | The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user... | | |
| CVE-2024-57784 | An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers... | | |
| CVE-2024-57785 | Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via th... | | |
| CVE-2024-57790 | IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root cr... | | |
| CVE-2024-57791 | net/smc: check return value of sock_recvmsg when draining clc data | | |
| CVE-2024-57792 | power: supply: gpio-charger: Fix set charge current limits | | |
| CVE-2024-57793 | virt: tdx-guest: Just leak decrypted memory on unrecoverable errors | | |
| CVE-2024-57795 | RDMA/rxe: Remove the direct link to net_device | S | |
| CVE-2024-57798 | drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() | S | |
| CVE-2024-57799 | phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM | S | |
| CVE-2024-57800 | ALSA: memalloc: prefer dma_mapping_error() over explicit address checking | | |
| CVE-2024-57801 | net/mlx5e: Skip restore TC rules for vport rep without loaded flag | S | |
| CVE-2024-57802 | netrom: check buffer length before accessing it | S | |
| CVE-2024-57804 | scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs | | |
| CVE-2024-57805 | ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP | | |
| CVE-2024-57806 | btrfs: fix transaction atomicity bug when enabling simple quotas | | |
| CVE-2024-57807 | scsi: megaraid_sas: Fix for a potential deadlock | S | |
| CVE-2024-57809 | PCI: imx6: Fix suspend/resume support on i.MX6QDL | | |
| CVE-2024-57811 | In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can lo... | E | |
| CVE-2024-57822 | In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing tri... | E | |
| CVE-2024-57823 | In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI wi... | | |
| CVE-2024-57834 | media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread | S | |
| CVE-2024-57835 | Amon2::Auth::Site::LINE versions through 0.04 for Perl uses insecure rand() function for cryptographic functions | | |
| CVE-2024-57838 | s390/entry: Mark IRQ entries to fix stack depot warnings | | |
| CVE-2024-57839 | Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" | | |
| CVE-2024-57841 | net: fix memory leak in tcp_conn_request() | S | |
| CVE-2024-57843 | virtio-net: fix overflow inside virtnet_rq_alloc | | |
| CVE-2024-57844 | drm/xe: Fix fault on fd close after unbind | | |
| CVE-2024-57849 | s390/cpum_sf: Handle CPU hotplug remove during sampling | | |
| CVE-2024-57850 | jffs2: Prevent rtime decompress memory corruption | S | |
| CVE-2024-57852 | firmware: qcom: scm: smc: Handle missing SCM device | | |
| CVE-2024-57857 | RDMA/siw: Remove direct link to net_device | S | |
| CVE-2024-57868 | Web::API 2.8 and earlier for Perl uses insecure rand() function for cryptographic functions | | |
| CVE-2024-57872 | scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() | S | |
| CVE-2024-57874 | arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL | S | |
| CVE-2024-57875 | block: RCU protect disk->conv_zones_bitmap | | |
| CVE-2024-57876 | drm/dp_mst: Fix resetting msg rx state after topology removal | | |
| CVE-2024-57877 | arm64: ptrace: fix partial SETREGSET for NT_ARM_POE | S | |
| CVE-2024-57878 | arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR | S | |
| CVE-2024-57879 | Bluetooth: iso: Always release hdev at the end of iso_listen_bis | | |
| CVE-2024-57880 | ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array | | |
| CVE-2024-57881 | mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() | S | |
| CVE-2024-57882 | mptcp: fix TCP options overflow. | S | |
| CVE-2024-57883 | mm: hugetlb: independent PMD page table shared count | | |
| CVE-2024-57884 | mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() | | |
| CVE-2024-57885 | mm/kmemleak: fix sleeping function called from invalid context at print message | | |
| CVE-2024-57886 | mm/damon/core: fix new damon_target objects leaks on damon_commit_targets() | | |
| CVE-2024-57887 | drm: adv7511: Fix use-after-free in adv7533_attach_dsi() | S | |
| CVE-2024-57888 | workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker | | |
| CVE-2024-57889 | pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking | | |
| CVE-2024-57890 | RDMA/uverbs: Prevent integer overflow issue | S | |
| CVE-2024-57891 | sched_ext: Fix invalid irq restore in scx_ops_bypass() | | |
| CVE-2024-57892 | ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv | S | |
| CVE-2024-57893 | ALSA: seq: oss: Fix races at processing SysEx messages | | |
| CVE-2024-57894 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-57895 | ksmbd: set ATTR_CTIME flags when setting mtime | S | |
| CVE-2024-57896 | btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount | S | |
| CVE-2024-57897 | drm/amdkfd: Correct the migration DMA map direction | | |
| CVE-2024-57898 | wifi: cfg80211: clear link ID from bitmap during link delete after clean up | | |
| CVE-2024-57899 | wifi: mac80211: fix mbss changed flags corruption on 32 bit systems | | |
| CVE-2024-57900 | ila: serialize calls to nf_register_net_hooks() | S | |
| CVE-2024-57901 | af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK | S | |
| CVE-2024-57902 | af_packet: fix vlan_get_tci() vs MSG_PEEK | S | |
| CVE-2024-57903 | net: restrict SO_REUSEPORT to inet sockets | | |
| CVE-2024-57904 | iio: adc: at91: call input_free_device() on allocated iio_dev | | |
| CVE-2024-57905 | iio: adc: ti-ads1119: fix information leak in triggered buffer | S | |
| CVE-2024-57906 | iio: adc: ti-ads8688: fix information leak in triggered buffer | S | |
| CVE-2024-57907 | iio: adc: rockchip_saradc: fix information leak in triggered buffer | S | |
| CVE-2024-57908 | iio: imu: kmx61: fix information leak in triggered buffer | S | |
| CVE-2024-57909 | iio: light: bh1745: fix information leak in triggered buffer | S | |
| CVE-2024-57910 | iio: light: vcnl4035: fix information leak in triggered buffer | S | |
| CVE-2024-57911 | iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer | S | |
| CVE-2024-57912 | iio: pressure: zpa2326: fix information leak in triggered buffer | S | |
| CVE-2024-57913 | usb: gadget: f_fs: Remove WARN_ON in functionfs_bind | S | |
| CVE-2024-57914 | usb: typec: tcpci: fix NULL pointer issue on shared irq case | S | |
| CVE-2024-57915 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-57916 | misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling | S | |
| CVE-2024-57917 | topology: Keep the cpumask unchanged when printing cpumap | | |
| CVE-2024-57918 | drm/amd/display: fix page fault due to max surface definition mismatch | | |
| CVE-2024-57919 | drm/amd/display: fix divide error in DM plane scale calcs | S | |
| CVE-2024-57920 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-57921 | drm/amdgpu: Add a lock when accessing the buddy trim function | | |
| CVE-2024-57922 | drm/amd/display: Add check for granularity in dml ceil/floor helpers | S | |
| CVE-2024-57923 | btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path | | |
| CVE-2024-57924 | fs: relax assertions on failure to encode file handles | | |
| CVE-2024-57925 | ksmbd: fix a missing return value check bug | S | |
| CVE-2024-57926 | drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err | S | |
| CVE-2024-57927 | nfs: Fix oops in nfs_netfs_init_request() when copying to cache | S | |
| CVE-2024-57928 | netfs: Fix enomem handling in buffered reads | | |
| CVE-2024-57929 | dm array: fix releasing a faulty array block twice in dm_array_cursor_end | | |
| CVE-2024-57930 | tracing: Have process_string() also allow arrays | | |
| CVE-2024-57931 | selinux: ignore unknown extended permissions | | |
| CVE-2024-57932 | gve: guard XDP xmit NDO on existence of xdp queues | | |
| CVE-2024-57933 | gve: guard XSK operations on the existence of queues | S | |
| CVE-2024-57934 | fgraph: Add READ_ONCE() when accessing fgraph_array[] | S | |
| CVE-2024-57935 | RDMA/hns: Fix accessing invalid dip_ctx during destroying QP | | |
| CVE-2024-57936 | RDMA/bnxt_re: Fix max SGEs for the Work Request | | |
| CVE-2024-57937 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2024-57938 | net/sctp: Prevent autoclose integer overflow in sctp_association_init() | S | |
| CVE-2024-57939 | riscv: Fix sleeping in invalid context in die() | S | |
| CVE-2024-57940 | exfat: fix the infinite loop in exfat_readdir() | S | |
| CVE-2024-57941 | netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled | | |
| CVE-2024-57942 | netfs: Fix ceph copy to cache on write-begin | | |
| CVE-2024-57943 | exfat: fix the new buffer was not zeroed before writing | S | |
| CVE-2024-57944 | iio: adc: ti-ads1298: Add NULL check in ads1298_init | S | |
| CVE-2024-57945 | riscv: mm: Fix the out of bound issue of vmemmap address | | |
| CVE-2024-57946 | virtio-blk: don't keep queue frozen during system suspend | S | |
| CVE-2024-57947 | netfilter: nf_set_pipapo: fix initial map fill | | |
| CVE-2024-57948 | mac802154: check local interfaces before deleting sdata list | | |
| CVE-2024-57949 | irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() | S | |
| CVE-2024-57950 | drm/amd/display: Initialize denominator defaults to 1 | S | |
| CVE-2024-57951 | hrtimers: Handle CPU state correctly on hotplug | S | |
| CVE-2024-57952 | Revert "libfs: fix infinite directory reads for offset dir" | S | |
| CVE-2024-57953 | rtc: tps6594: Fix integer overflow on 32bit systems | S | |
| CVE-2024-57954 | Permission verification vulnerability in the media library module Impact: Successful exploitation of... | | |
| CVE-2024-57955 | Arbitrary write vulnerability in the Gallery module Impact: Successful exploitation of this vulnera... | | |
| CVE-2024-57956 | Out-of-bounds read vulnerability in the interpreter string module Impact: Successful exploitation of... | | |
| CVE-2024-57957 | Vulnerability of improper log information control in the UI framework module Impact: Successful expl... | | |
| CVE-2024-57958 | Out-of-bounds array read vulnerability in the FFRT module Impact: Successful exploitation of this vu... | | |
| CVE-2024-57959 | Use-After-Free (UAF) vulnerability in the display module Impact: Successful exploitation of this vul... | | |
| CVE-2024-57960 | Input verification vulnerability in the ExternalStorageProvider module Impact: Successful exploitati... | | |
| CVE-2024-57961 | Out-of-bounds write vulnerability in the emcom module Impact: Successful exploitation of this vulner... | | |
| CVE-2024-57962 | Vulnerability of incomplete verification information in the VPN service module Impact: Successful ex... | | |
| CVE-2024-57963 | Insecure Loading of Dynamic Link Libraries in USB-CONVERTERCABLE DRIVER | | |
| CVE-2024-57964 | Insecure Loading of Dynamic Link Libraries in HVAC Energy Saving Program | | |
| CVE-2024-57965 | In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an ... | | |
| CVE-2024-57966 | libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.... | | |
| CVE-2024-57967 | PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has p... | | |
| CVE-2024-57968 | Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended... | KEV E | |
| CVE-2024-57969 | app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.... | S | |
| CVE-2024-57970 | libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_su... | | |
| CVE-2024-57971 | DataSourceResource.java in the SpagoBI API support in Knowage Server in KNOWAGE before 8.1.30 does n... | | |
| CVE-2024-57972 | The pairing API request handler in Microsoft HoloLens 1 (Windows Holographic) through 10.0.17763.304... | E | |
| CVE-2024-57973 | rdma/cxgb4: Prevent potential integer overflow on 32bit | S | |
| CVE-2024-57974 | udp: Deal with race between UDP socket address change and rehash | | |
| CVE-2024-57975 | btrfs: do proper folio cleanup when run_delalloc_nocow() failed | | |
| CVE-2024-57976 | btrfs: do proper folio cleanup when cow_file_range() failed | | |
| CVE-2024-57977 | memcg: fix soft lockup in the OOM process | S | |
| CVE-2024-57978 | media: imx-jpeg: Fix potential error pointer dereference in detach_pm() | S | |
| CVE-2024-57979 | pps: Fix a use-after-free | S | |
| CVE-2024-57980 | media: uvcvideo: Fix double free in error path | S | |
| CVE-2024-57981 | usb: xhci: Fix NULL pointer dereference on certain command aborts | S | |
| CVE-2024-57982 | xfrm: state: fix out-of-bounds read during lookup | S | |
| CVE-2024-57983 | mailbox: th1520: Fix memory corruption due to incorrect array size | S | |
| CVE-2024-57984 | i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition | S | |
| CVE-2024-57985 | firmware: qcom: scm: Cleanup global '__scm' on probe failures | | |
| CVE-2024-57986 | HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections | | |
| CVE-2024-57987 | Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() | S | |
| CVE-2024-57988 | Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() | S | |
| CVE-2024-57989 | wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links | S | |
| CVE-2024-57990 | wifi: mt76: mt7925: fix off by one in mt7925_load_clc() | S | |
| CVE-2024-57991 | wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles() | S | |
| CVE-2024-57992 | wifi: wilc1000: unregister wiphy only if it has been registered | | |
| CVE-2024-57993 | HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check | | |
| CVE-2024-57994 | ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() | | |
| CVE-2024-57995 | wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() | S | |
| CVE-2024-57996 | net_sched: sch_sfq: don't allow 1 packet limit | S | |
| CVE-2024-57997 | wifi: wcn36xx: fix channel survey memory allocation size | S | |
| CVE-2024-57998 | OPP: add index check to assert to avoid buffer overflow in _read_freq() | | |
| CVE-2024-57999 | powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW | |