Home / 2024 Advisories Archive

2024 Advisories Archive

Severity	Date Published	Date Updated	Check Point Reference	Source	Industry Reference	Description
Critical	25 Mar 2024	1 Apr 2025	CPAI-2024-0121			Server-Side Include Injection
Critical	26 Sep 2024	1 Apr 2025	CPAI-2024-0852		CVE-2024-20439	Cisco Smart Licensing Utility Use of Hard-coded Credentials (CVE-2024-20439)
Critical	29 Aug 2024	1 Apr 2025	CPAI-2021-2137		CVE-2021-33044	Dahua Security Multiple Products Authentication Bypass (CVE-2021-33044)
High	23 Dec 2024	31 Mar 2025	CPAI-2019-3245		CVE-2019-11001	Reolink Multiple Products Command Injection (CVE-2019-11001)
Medium	1 Jul 2024	31 Mar 2025	CPAI-2020-4187		CVE-2020-13965	Roundcube Webmail Cross-Site Scripting (CVE-2020-13965)
High	16 May 2024	31 Mar 2025	CPAI-2024-0254		CVE-2024-3721	TBK DVR Devices Command Injection (CVE-2024-3721)
Critical	12 May 2024	31 Mar 2025	CPAI-2024-0210		CVE-2024-31982	XWiki Remote Code Execution (CVE-2024-31982)
Critical	26 Dec 2024	30 Mar 2025	CPAI-2024-1197		CVE-2024-45387	Apache Traffic Control SQL Injection (CVE-2024-45387)
Critical	23 Dec 2024	30 Mar 2025	CPAI-2021-2231		CVE-2021-40407	Reolink RLC-410W Command Injection (CVE-2021-40407)
Critical	8 Dec 2024	30 Mar 2025	CPAI-2024-1139		CVE-2024-51378	CyberPanel Command Injection (CVE-2024-51378)
High	20 Oct 2024	30 Mar 2025	CPAI-2024-0957		CVE-2024-37397	Ivanti Endpoint Manager XML External Entity Injection (CVE-2024-37397)
Critical	8 Jun 2024	30 Mar 2025	CPAI-2024-0392		CVE-2024-4577	PHP CGI Argument Injection (CVE-2024-4577)
High	15 Apr 2024	30 Mar 2025	CPAI-2023-1652		CVE-2023-47565	QNAP QVR Command Injection (CVE-2023-47565)
High	4 Jan 2024	30 Mar 2025	CPAI-2023-1415		CVE-2023-49897	FXC AE1021 Command Injection (CVE-2023-49897)
Critical	17 Apr 2024	26 Mar 2025	CPAI-2024-0137			PHP Functions Remote Code Execution
Critical	13 Oct 2024	25 Mar 2025	CPAI-2024-0944		CVE-2024-46419 CVE-2024-46424 CVE-2024-46451	TOTOLINK AC1200 Buffer Overflow (CVE-2024-46419; CVE-2024-46424; CVE-2024-46451)
Critical	9 Jun 2024	24 Mar 2025	CPAI-2024-0389		CVE-2024-1800 CVE-2024-4358	Progress Telerik Report Server Remote Code Execution (CVE-2024-1800; CVE-2024-4358)
Critical	8 Dec 2024	23 Mar 2025	CPAI-2024-1141		CVE-2024-35286	Mitel MiCollab SQL Injection (CVE-2024-35286)
Critical	1 Feb 2024	23 Mar 2025	CPAI-2023-1483		CVE-2023-46574 CVE-2024-22663	TOTOLINK A3700R Command Injection (CVE-2023-46574; CVE-2024-22663)
Medium	8 Dec 2024	20 Mar 2025	CPAI-2024-1133		CVE-2024-43451	Microsoft Windows Spoofing (CVE-2024-43451)
High	30 Jun 2024	20 Mar 2025	CPAI-2023-1768		CVE-2023-35628	Microsoft Windows Remote Code Execution (CVE-2023-35628)
Critical	28 Jan 2024	18 Mar 2025	CPAI-2024-0020		CVE-2024-23897	Jenkins Information Disclosure (CVE-2024-23897)
Critical	2 Apr 2024	17 Mar 2025	CPAI-2023-1623		CVE-2022-32039 CVE-2022-32040 CVE-2022-32043 CVE-2023-37710 CVE-2023-37714 CVE-2023-37715 CVE-2023-37716 CVE-2023-37717 CVE-2023-37718 CVE-2023-37719 CVE-2023-37721 CVE-2023-37722 CVE-2023-37723 CVE-2023-51093	Tenda Multiple Products Stack Overflow (CVE-2022-32039; CVE-2022-32040; CVE-2022-32043; CVE-2023-37710; CVE-2023-37714; CVE-2023-37715; CVE-2023-37716; CVE-2023-37717; CVE-2023-37718; CVE-2023-37719; CVE-2023-37721; CVE-2023-37722; CVE-2023-37723; CVE-2023-51093)
Critical	23 Feb 2024	16 Mar 2025	CPAI-2024-0070		CVE-2024-25600	WordPress Brick Builder Theme Remote Code Execution (CVE-2024-25600)
High	6 May 2024	13 Mar 2025	CPAI-2020-4162		CVE-2020-3259	Cisco Multiple Products Information Disclosure (CVE-2020-3259)
Critical	21 Jul 2024	9 Mar 2025	CPAI-2024-0589		CVE-2024-4879 CVE-2024-5178 CVE-2024-5217	ServiceNow Server-Side Template Injection (CVE-2024-4879; CVE-2024-5178; CVE-2024-5217)
Critical	5 Aug 2024	5 Mar 2025	CPAI-2023-1859		CVE-2024-42736 CVE-2024-42737 CVE-2024-42738 CVE-2024-42739 CVE-2024-42740 CVE-2024-42741 CVE-2024-42742 CVE-2024-42743 CVE-2024-42744 CVE-2024-42745 CVE-2024-42747 CVE-2024-42748 CVE-2024-43533	TOTOLINK Multiple Routers Command Injection (CVE-2024-42736; CVE-2024-42737; CVE-2024-42738; CVE-2024-42739; CVE-2024-42740; CVE-2024-42741; CVE-2024-42742; CVE-2024-42743; CVE-2024-42744; CVE-2024-42745; CVE-2024-42747; CVE-2024-42748; CVE-2024-43533)
Critical	7 Aug 2024	4 Mar 2025	CPAI-2024-0626		CVE-2024-4885	Progress WhatsUp Gold Remote Code Execution (CVE-2024-4885)
High	3 Jun 2024	3 Mar 2025	CPAI-2023-1735		CVE-2022-27286 CVE-2022-27287 CVE-2022-27288 CVE-2022-27289 CVE-2023-43860 CVE-2023-43861 CVE-2023-43862 CVE-2023-43863 CVE-2023-43864 CVE-2023-43865 CVE-2023-43866 CVE-2023-43867 CVE-2023-43868 CVE-2023-43869	D-Link Multiple Products Buffer Overflow (CVE-2022-27286; CVE-2022-27287; CVE-2022-27288; CVE-2022-27289; CVE-2023-43860; CVE-2023-43861; CVE-2023-43862; CVE-2023-43863; CVE-2023-43864; CVE-2023-43865; CVE-2023-43866; CVE-2023-43867; CVE-2023-43868; CVE-2023-43869)
Critical	26 Dec 2024	3 Mar 2025	CPAI-2024-1164		CVE-2024-53677	Apache Struts Remote Code Execution (CVE-2024-53677)
Critical	8 Dec 2024	3 Mar 2025	CPAI-2024-1140		CVE-2024-41713 CVE-2024-55550	Mitel MiCollab Path Traversal (CVE-2024-41713; CVE-2024-55550)
Critical	28 Nov 2024	3 Mar 2025	CPAI-2024-1083		CVE-2024-41730	SAP BusinessObjects Business Intelligence Platform Authentication Bypass (CVE-2024-41730)
Critical	6 Aug 2024	3 Mar 2025	CPAI-2024-0661		CVE-2024-7593	Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
Critical	15 Sep 2024	25 Feb 2025	CPAI-2024-0812		CVE-2024-28986 CVE-2024-28988	SolarWinds Web Help Desk Insecure Deserialization (CVE-2024-28986; CVE-2024-28988)
Critical	12 May 2024	25 Feb 2025	CPAI-2024-0252		CVE-2024-2876	WordPress Icegram Express Plugin SQL Injection (CVE-2024-2876)
Critical	9 May 2024	24 Feb 2025	CPAI-2024-0255		CVE-2024-2389	Flowmon Command Injection (CVE-2024-2389)
High	10 Sep 2024	23 Feb 2025	CPAI-2024-1374	Microsoft CVE-2024-38242	CVE-2024-38242	Microsoft Kernel Streaming Service Driver Elevation of Privilege (CVE-2024-38242)
High	10 Sep 2024	23 Feb 2025	CPAI-2024-1373	Microsoft CVE-2024-38243	CVE-2024-38243	Microsoft Kernel Streaming Service Driver Elevation of Privilege (CVE-2024-38243)
High	10 Sep 2024	23 Feb 2025	CPAI-2024-0759	Microsoft CVE-2024-38238	CVE-2024-38238	Microsoft Kernel Streaming Service Driver Elevation of Privilege (CVE-2024-38238)
High	13 Aug 2024	23 Feb 2025	CPAI-2024-0646	Microsoft CVE-2024-38125	CVE-2024-38125	Microsoft Kernel Streaming WOW Thunk Service Driver Elevation of Privilege (CVE-2024-38125)
High	13 Aug 2024	23 Feb 2025	CPAI-2024-0641	Microsoft CVE-2024-38147	CVE-2024-38147	Microsoft DWM Core Library Elevation of Privilege (CVE-2024-38147)
High	13 Feb 2024	23 Feb 2025	CPAI-2024-0060	Adobe APSB24-07	CVE-2024-20731	Adobe Acrobat and Reader Use After Free (APSB24-07: CVE-2024-20731)
High	13 Feb 2024	23 Feb 2025	CPAI-2024-0059	Adobe APSB24-07	CVE-2024-20733	Adobe Acrobat and Reader Improper Input Validation (APSB24-07: CVE-2024-20733)
High	13 Feb 2024	23 Feb 2025	CPAI-2024-0058	Adobe APSB24-07	CVE-2024-20734	Adobe Acrobat and Reader Use After Free (APSB24-07: CVE-2024-20734)
High	13 Feb 2024	23 Feb 2025	CPAI-2024-0052	Adobe APSB24-07	CVE-2024-20729	Adobe Acrobat and Reader Use After Free (APSB24-07: CVE-2024-20729)
High	13 Feb 2024	23 Feb 2025	CPAI-2024-0051	Adobe APSB24-07	CVE-2024-20730	Adobe Acrobat and Reader Integer Overflow or Wraparound (APSB24-07: CVE-2024-20730)
High	13 Feb 2024	23 Feb 2025	CPAI-2024-0050	Adobe APSB24-07	CVE-2024-20727	Adobe Acrobat and Reader Out-of-bounds Write (APSB24-07: CVE-2024-20727)
High	13 Feb 2024	23 Feb 2025	CPAI-2024-0049	Adobe APSB24-07	CVE-2024-20728	Adobe Acrobat and Reader Out-of-bounds Write (APSB24-07: CVE-2024-20728)
Critical	7 Mar 2024	23 Feb 2025	CPAI-2022-2028		CVE-2020-10973 CVE-2020-12127 CVE-2022-31847 CVE-2022-34045 CVE-2022-34046 CVE-2022-34047 CVE-2022-34049 CVE-2022-34576 CVE-2022-48165 CVE-2024-38892	Wavlink Routers Authentication Bypass (CVE-2020-10973; CVE-2020-12127; CVE-2022-31847; CVE-2022-34045; CVE-2022-34046; CVE-2022-34047; CVE-2022-34049; CVE-2022-34576; CVE-2022-48165; CVE-2024-38892)
Critical	12 Aug 2024	20 Feb 2025	CPAI-2024-0669		CVE-2024-6782	Calibre Remote Code Execution (CVE-2024-6782)