| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2024-58000 | io_uring: prevent reg-wait speculations | | |
| CVE-2024-58001 | ocfs2: handle a symlink read error correctly | | |
| CVE-2024-58002 | media: uvcvideo: Remove dangling pointers | S | |
| CVE-2024-58003 | media: i2c: ds90ub9x3: Fix extra fwnode_handle_put() | | |
| CVE-2024-58004 | media: intel/ipu6: remove cpu latency qos request on error | | |
| CVE-2024-58005 | tpm: Change to kvalloc() in eventlog/acpi.c | S | |
| CVE-2024-58006 | PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() | | |
| CVE-2024-58007 | soc: qcom: socinfo: Avoid out of bounds read of serial number | S | |
| CVE-2024-58008 | KEYS: trusted: dcp: fix improper sg use with CONFIG_VMAP_STACK=y | | |
| CVE-2024-58009 | Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc | | |
| CVE-2024-58010 | binfmt_flat: Fix integer overflow bug on 32 bit systems | S | |
| CVE-2024-58011 | platform/x86: int3472: Check for adev == NULL | S | |
| CVE-2024-58012 | ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params | S | |
| CVE-2024-58013 | Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync | S | |
| CVE-2024-58014 | wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() | | |
| CVE-2024-58015 | wifi: ath12k: Fix for out-of bound access error | | |
| CVE-2024-58016 | safesetid: check size of policy writes | | |
| CVE-2024-58017 | printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX | S | |
| CVE-2024-58018 | nvkm: correctly calculate the available space of the GSP cmdq buffer | | |
| CVE-2024-58019 | nvkm/gsp: correctly advance the read pointer of GSP message queue | | |
| CVE-2024-58020 | HID: multitouch: Add NULL check in mt_input_configured | S | |
| CVE-2024-58021 | HID: winwing: Add NULL check in winwing_init_led() | S | |
| CVE-2024-58022 | mailbox: th1520: Fix a NULL vs IS_ERR() bug | S | |
| CVE-2024-58034 | memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code() | S | |
| CVE-2024-58036 | Net::Dropbox::API 1.9 and earlier for Perl uses insecure rand() function for cryptographic functions | | |
| CVE-2024-58042 | rhashtable: Fix potential deadlock by moving schedule_work outside lock | S | |
| CVE-2024-58043 | Permission bypass vulnerability in the window module Impact: Successful exploitation of this vulnera... | | |
| CVE-2024-58044 | Permission verification bypass vulnerability in the notification module Impact: Successful exploitat... | | |
| CVE-2024-58045 | Multi-concurrency vulnerability in the media digital copyright protection module Impact: Successful ... | | |
| CVE-2024-58046 | Permission management vulnerability in the lock screen module Impact: Successful exploitation of thi... | | |
| CVE-2024-58047 | Permission verification vulnerability in the media library module Impact: Successful exploitation of... | | |
| CVE-2024-58048 | Multi-thread problem vulnerability in the package management module Impact: Successful exploitation ... | | |
| CVE-2024-58049 | Permission verification vulnerability in the media library module Impact: Successful exploitation of... | | |
| CVE-2024-58050 | Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of thi... | | |
| CVE-2024-58051 | ipmi: ipmb: Add check devm_kasprintf() returned value | | |
| CVE-2024-58052 | drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table | S | |
| CVE-2024-58053 | rxrpc: Fix handling of received connection abort | | |
| CVE-2024-58054 | staging: media: max96712: fix kernel oops when removing module | | |
| CVE-2024-58055 | usb: gadget: f_tcm: Don't free command immediately | S | |
| CVE-2024-58056 | remoteproc: core: Fix ida_free call while not allocated | | |
| CVE-2024-58057 | idpf: convert workqueues to unbound | | |
| CVE-2024-58058 | ubifs: skip dumping tnc tree when zroot is null | S | |
| CVE-2024-58059 | media: uvcvideo: Fix deadlock during uvc_probe | S | |
| CVE-2024-58060 | bpf: Reject struct_ops registration that uses module ptr and the module btf_id is missing | S | |
| CVE-2024-58061 | wifi: mac80211: prohibit deactivating all links | | |
| CVE-2024-58062 | wifi: iwlwifi: mvm: avoid NULL pointer dereference | S | |
| CVE-2024-58063 | wifi: rtlwifi: fix memory leaks and invalid access at probe error path | S | |
| CVE-2024-58064 | wifi: cfg80211: tests: Fix potential NULL dereference in test_cfg80211_parse_colocated_ap() | S | |
| CVE-2024-58065 | clk: mmp: pxa1908-apbc: Fix NULL vs IS_ERR() check | S | |
| CVE-2024-58066 | clk: mmp: pxa1908-apbcp: Fix a NULL vs IS_ERR() check | S | |
| CVE-2024-58067 | clk: mmp: pxa1908-mpmu: Fix a NULL vs IS_ERR() check | S | |
| CVE-2024-58068 | OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized | S | |
| CVE-2024-58069 | rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read | S | |
| CVE-2024-58070 | bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT | S | |
| CVE-2024-58071 | team: prevent adding a device which is already a team device lower | S | |
| CVE-2024-58072 | wifi: rtlwifi: remove unused check_buddy_priv | | |
| CVE-2024-58073 | drm/msm/dpu: check dpu_plane_atomic_print_state() for valid sspp | S | |
| CVE-2024-58074 | drm/i915: Grab intel_display from the encoder to avoid potential oopsies | | |
| CVE-2024-58075 | crypto: tegra - do not transfer req when tegra init fails | | |
| CVE-2024-58076 | clk: qcom: gcc-sm6350: Add missing parent_map for two clocks | S | |
| CVE-2024-58077 | ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback | | |
| CVE-2024-58078 | misc: misc_minor_alloc to use ida for all dynamic/misc dynamic minors | | |
| CVE-2024-58079 | media: uvcvideo: Fix crash during unbind if gpio unit is in use | | |
| CVE-2024-58080 | clk: qcom: dispcc-sm6350: Add missing parent_map for a clock | S | |
| CVE-2024-58081 | clk: mmp2: call pm_genpd_init() only after genpd.name is set | S | |
| CVE-2024-58082 | media: nuvoton: Fix an error check in npcm_video_ece_init() | | |
| CVE-2024-58083 | KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() | S | |
| CVE-2024-58084 | firmware: qcom: scm: Fix missing read barrier in qcom_scm_get_tzmem_pool() | S | |
| CVE-2024-58085 | tomoyo: don't emit warning in tomoyo_write_control() | | |
| CVE-2024-58086 | drm/v3d: Stop active perfmon if it is being destroyed | | |
| CVE-2024-58087 | ksmbd: fix racy issue from session lookup and expire | S | |
| CVE-2024-58088 | bpf: Fix deadlock when freeing cgroup storage | S | |
| CVE-2024-58089 | btrfs: fix double accounting race when btrfs_run_delalloc_range() failed | S | |
| CVE-2024-58090 | sched/core: Prevent rescheduling when interrupts are disabled | | |
| CVE-2024-58091 | drm/fbdev-dma: Add shadow buffering for deferred I/O | | |
| CVE-2024-58092 | nfsd: fix legacy client tracking initialization | | |
| CVE-2024-58093 | PCI/ASPM: Fix link state exit during switch upstream function removal | | |
| CVE-2024-58094 | jfs: add check read-only before truncation in jfs_truncate_nolock() | | |
| CVE-2024-58095 | jfs: add check read-only before txBeginAnon() call | | |
| CVE-2024-58096 | wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode | | |
| CVE-2024-58097 | wifi: ath11k: fix RCU stall while reaping monitor destination ring | S | |
| CVE-2024-58098 | bpf: track changes_pkt_data property for global functions | | |
| CVE-2024-58099 | vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame | S | |
| CVE-2024-58100 | bpf: check changes_pkt_data property for extension programs | | |
| CVE-2024-58101 | Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user i... | | |
| CVE-2024-58102 | An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit... | | |
| CVE-2024-58103 | Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader... | | |
| CVE-2024-58104 | A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could all... | | |
| CVE-2024-58105 | A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could all... | | |
| CVE-2024-58106 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerabil... | | |
| CVE-2024-58107 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerabil... | | |
| CVE-2024-58108 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerabil... | | |
| CVE-2024-58109 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerabil... | | |
| CVE-2024-58110 | Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerabil... | | |
| CVE-2024-58111 | Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Suc... | | |
| CVE-2024-58112 | Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Suc... | | |
| CVE-2024-58113 | Vulnerability of improper resource management in the memory management module Impact: Successful exp... | | |
| CVE-2024-58114 | Resource allocation control failure vulnerability in the ArkUI framework Impact: Successful exploita... | | |
| CVE-2024-58115 | Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful ex... | | |
| CVE-2024-58116 | Buffer overflow vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful ex... | | |
| CVE-2024-58117 | Stack overflow risk when vector images are parsed during file preview Impact: Successful exploitatio... | | |
| CVE-2024-58124 | Access control vulnerability in the security verification module Impact: Successful exploitation of ... | | |
| CVE-2024-58125 | Access control vulnerability in the security verification module Impact: Successful exploitation of ... | | |
| CVE-2024-58126 | Access control vulnerability in the security verification module Impact: Successful exploitation of ... | | |
| CVE-2024-58127 | Access control vulnerability in the security verification module Impact: Successful exploitation of ... | | |
| CVE-2024-58128 | In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using... | S | |
| CVE-2024-58129 | In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without ... | S | |
| CVE-2024-58130 | In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a ... | S | |
| CVE-2024-58131 | FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, b... | E | |
| CVE-2024-58132 | In chainmaker-go (aka ChainMaker) before 2.3.6, multiple updates to a single node's configuration ca... | | |
| CVE-2024-58133 | In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configurati... | | |
| CVE-2024-58134 | Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default | E S | |
| CVE-2024-58135 | Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets | E S | |
| CVE-2024-58136 | Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a ... | KEV E S | |
| CVE-2024-58237 | bpf: consider that tail calls invalidate packet pointers | | |
| CVE-2024-58238 | Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test | | |
| CVE-2024-58239 | tls: stop recv() if initial process_rx_list gave us non-DATA | | |
| CVE-2024-58240 | tls: separate no-async decryption request handling from async | | |
| CVE-2024-58248 | nopCommerce before 4.80.0 does not offer locking for order placement. Thus there is a race condition... | | |
| CVE-2024-58249 | In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused i... | | |
| CVE-2024-58250 | The passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.... | | |
| CVE-2024-58251 | In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] ... | | |
| CVE-2024-58252 | Vulnerability of insufficient information protection in the media library module Impact: Successful ... | | |
| CVE-2024-58253 | In the obfstr crate before 0.4.4 for Rust, the obfstr! argument type is not restricted to string sli... | | |
| CVE-2024-58254 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-11738. Reason: This candidat... | R | |
| CVE-2024-58255 | EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may l... | | |
| CVE-2024-58256 | EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may l... | | |
| CVE-2024-58257 | EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may l... | | |
| CVE-2024-58258 | SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type o... | | |
| CVE-2024-58261 | The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: ... | E | |
| CVE-2024-58262 | The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve sca... | S | |
| CVE-2024-58263 | The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows that cause incorrect contract ... | E S | |
| CVE-2024-58264 | The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data... | | |
| CVE-2024-58265 | The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a no... | | |
| CVE-2024-58266 | The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 char... | |