Total
11443 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39948 | 1 Dahuasecurity | 112 Nvr4104-4ks2\/l, Nvr4104-4ks2\/l Firmware, Nvr4104-4ks3 and 109 more | 2026-06-17 | N/A | 7.5 HIGH |
| A vulnerability has been found in Dahua products. Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | |||||
| CVE-2024-39944 | 1 Dahuasecurity | 116 Ipc-hfs8449g-z7-led, Ipc-hfs8449g-z7-led Firmware, Ipc-hfs8849g-z3-led and 113 more | 2026-06-17 | N/A | 7.5 HIGH |
| A vulnerability has been found in Dahua products.Attackers can send carefully crafted data packets to the interface with vulnerabilities, causing the device to crash. | |||||
| CVE-2024-39827 | 1 Zoom | 1 Workplace Desktop | 2026-06-17 | N/A | 5.5 MEDIUM |
| Improper input validation in the installer for Zoom Workplace Desktop App for Windows before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access. | |||||
| CVE-2024-39811 | 2026-06-17 | N/A | 6.3 MEDIUM | ||
| Improper input validation in firmware for some Intel(R) Server M20NTP Family UEFI may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-39780 | 1 Openrobotics | 1 Robot Operating System | 2026-06-17 | N/A | 7.8 HIGH |
| A YAML deserialization vulnerability was found in the Robot Operating System (ROS) 'dynparam', a command-line tool for getting, setting, and deleting parameters of a dynamically configurable node, affecting ROS distributions Noetic and earlier. The issue is caused by the use of the yaml.load() function in the 'set' and 'get' verbs, and allows for the creation of arbitrary Python objects. Through this flaw, a local or remote user can craft and execute arbitrary Python code. | |||||
| CVE-2024-39606 | 2026-06-17 | N/A | 6.1 MEDIUM | ||
| Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2024-39573 | 2 Apache, Netapp | 2 Http Server, Ontap | 2026-06-17 | N/A | 7.5 HIGH |
| Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue. | |||||
| CVE-2024-39513 | 1 Juniper | 1 Junos Os Evolved | 2026-06-17 | N/A | 5.5 MEDIUM |
| An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS). When a specific "clear" command is run, the Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts. The crash impacts all traffic going through the FPCs, causing a DoS. Running the command repeatedly leads to a sustained DoS condition. This issue affects Junos OS Evolved: * All versions before 20.4R3-S9-EVO, * from 21.2-EVO before 21.2R3-S7-EVO, * from 21.3-EVO before 21.3R3-S5-EVO, * from 21.4-EVO before 21.4R3-S6-EVO, * from 22.1-EVO before 22.1R3-S4-EVO, * from 22.2-EVO before 22.2R3-S3-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO. | |||||
| CVE-2024-39511 | 1 Juniper | 1 Junos | 2026-06-17 | N/A | 5.5 MEDIUM |
| An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS). On running a specific operational dot1x command, the dot1x daemon crashes. An attacker can cause a sustained DoS condition by running this command repeatedly. When the crash occurs, the authentication status of any 802.1x clients is cleared, and any authorized dot1x port becomes unauthorized. The client cannot re-authenticate until the dot1x daemon restarts. This issue affects Junos OS: * All versions before 20.4R3-S10; * 21.2 versions before 21.2R3-S7; * 21.4 versions before 21.4R3-S6; * 22.1 versions before 22.1R3-S5; * 22.2 versions before 22.2R3-S3; * 22.3 versions before 22.3R3-S2; * 22.4 versions before 22.4R3-S1; * 23.2 versions before 23.2R2. | |||||
| CVE-2024-39281 | 2026-06-17 | N/A | 5.3 MEDIUM | ||
| The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator. | |||||
| CVE-2024-38879 | 1 Siemens | 1 Omnivise T3000 Application Server | 2026-06-17 | N/A | 7.5 HIGH |
| A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application. | |||||
| CVE-2024-38811 | 1 Vmware | 1 Fusion | 2026-06-17 | N/A | 8.8 HIGH |
| VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application. | |||||
| CVE-2024-38525 | 2026-06-17 | N/A | 7.5 HIGH | ||
| dd-trace-cpp is the Datadog distributed tracing for C++. When the library fails to extract trace context due to malformed unicode, it logs the list of audited headers and their values using the `nlohmann` JSON library. However, due to the way the JSON library is invoked, it throws an uncaught exception, which results in a crash. This vulnerability has been patched in version 0.2.2. | |||||
| CVE-2024-38483 | 1 Dell | 82 Embedded Box Pc 5000, Embedded Box Pc 5000 Firmware, Latitude 12 Rugged Extreme 7214 and 79 more | 2026-06-17 | N/A | 5.8 MEDIUM |
| Dell BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||||
| CVE-2024-38479 | 1 Apache | 1 Traffic Server | 2026-06-17 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue. | |||||
| CVE-2024-38420 | 1 Qualcomm | 320 Aqt1000, Aqt1000 Firmware, Ar8035 and 317 more | 2026-06-17 | N/A | 8.8 HIGH |
| Memory corruption while configuring a Hypervisor based input virtual device. | |||||
| CVE-2024-38413 | 1 Qualcomm | 14 Fastconnect 7800, Fastconnect 7800 Firmware, Snapdragon 8 Gen 3 Mobile and 11 more | 2026-06-17 | N/A | 6.6 MEDIUM |
| Memory corruption while processing frame packets. | |||||
| CVE-2024-38359 | 2026-06-17 | N/A | 6.5 MEDIUM | ||
| The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version > v0.17.0 to be protected. Users unable to upgrade may set the `--rejecthtlc` CLI flag and also disable forwarding on channels via the `UpdateChanPolicyCommand`, or disable listening on a public network interface via the `--nolisten` flag as a mitigation. | |||||
| CVE-2024-38355 | 2026-06-17 | N/A | 7.3 HIGH | ||
| Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. This issue is fixed by commit `15af22fc22` which has been included in `socket.io@4.6.2` (released in May 2023). The fix was backported in the 2.x branch as well with commit `d30630ba10`. Users are advised to upgrade. Users unable to upgrade may attach a listener for the "error" event to catch these errors. | |||||
| CVE-2024-38311 | 1 Apache | 1 Traffic Server | 2026-06-17 | N/A | 6.3 MEDIUM |
| Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue. | |||||