CVEs from 2024
Total
6,989
critical
critical 114
high
high 1,032
medium
medium 1,998
low
low 47
% Critical
1.6%
% with KEV
2.3%
% with exploit
2.8%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1062 | medium | — | 5.5 | 2y ago | RHSA-2024:3047: 389-ds:1.4 security update (Moderate) | |||
| CVE-2024-36008 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree … | |||
| CVE-2024-36007 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:4352: kernel-rt security and bug fix update (Important) | |||
| CVE-2024-36004 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:4352: kernel-rt security and bug fix update (Important) | |||
| CVE-2024-35997 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operatio… | |||
| CVE-2024-35996 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: cpu: Re-enable CPU mitigations by default for !X86 architectures Rename x86's to CPU_MITIGATIONS, define it in generic code, and … | |||
| CVE-2024-35990 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: dma: xilinx_dpdma: Fix locking There are several places where either chan->lock or chan->vchan.lock was not held. Add appropriate… | |||
| CVE-2024-35988 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: riscv: Fix TASK_SIZE on 64-bit NOMMU On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of… | |||
| CVE-2024-35984 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Ta… | |||
| CVE-2024-35982 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmi… | |||
| CVE-2024-35940 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Add a null pointer check to the psz_kmsg_read kasprintf() returns a pointer to dynamically allocated memory which ca… | |||
| CVE-2024-35936 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() The unhandled case in btrfs_relocate_sys_chunks() loop is a … | |||
| CVE-2024-35922 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: fbmon: prevent division by zero in fb_videomode_from_videomode() The expression htotal * vtotal can have a zero value on overflow… | |||
| CVE-2024-35915 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet syzbot reported the following uninit-value access issue [1][2]: nci_… | |||
| CVE-2024-35902 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman add… | |||
| CVE-2024-35893 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-35884 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:7001: kernel-rt security update (Important) | |||
| CVE-2024-35828 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocati… | |||
| CVE-2024-35815 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct k… | |||
| CVE-2024-35813 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") assigns prev_… | |||
| CVE-2024-35811 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach This is the candidate patch of CVE-2023-47233 : https://nvd.nist.… | |||
| CVE-2024-4770 | medium | — | 5.5 | 2y ago | RHSA-2024:3784: thunderbird security update (Moderate) | |||
| CVE-2024-4777 | medium | — | 5.5 | 2y ago | RHSA-2024:3784: thunderbird security update (Moderate) | |||
| CVE-2024-4767 | medium | — | 5.5 | 2y ago | RHSA-2024:3784: thunderbird security update (Moderate) | |||
| CVE-2024-4768 | medium | — | 5.5 | 2y ago | RHSA-2024:3784: thunderbird security update (Moderate) | |||
| CVE-2024-4769 | medium | — | 5.5 | 2y ago | RHSA-2024:3784: thunderbird security update (Moderate) | |||
| CVE-2024-28182 | medium | — | 5.5 | 2y ago | RHSA-2024:4252: nghttp2 security update (Moderate) | |||
| CVE-2024-25742 | medium | — | 5.5 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2024-25743 | medium | — | 5.5 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2024-33948 | medium | 5.5 | 5.5 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixel Industry TweetScroll Widget allows Stored XSS.This issue affects TweetScroll Widget: from n… | |||
| CVE-2024-25062 | medium | — | 5.5 | 2y ago | RHSA-2024:3626: libxml2 security update (Moderate) | |||
| CVE-2024-27078 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and every error-handling pa… | |||
| CVE-2024-27077 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity The entity->name (i.e. name) is allocated in v4l2_m2m_register_ent… | |||
| CVE-2024-27076 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Free the memory allocated in v4l2_ctrl_handler_init on release. | |||
| CVE-2024-27072 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() because are useless and may led… | |||
| CVE-2024-27059 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-27047 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: phy: fix phy_get_internal_delay accessing an empty array The phy_get_internal_delay function could try to access to an empty… | |||
| CVE-2024-1441 | medium | — | 5.5 | 2y ago | Moderate: libvirt security and bug fix update | |||
| CVE-2024-25580 | medium | — | 5.5 | 2y ago | RHSA-2024:3056: qt5-qtbase security update (Moderate) | |||
| CVE-2024-26830 | medium | — | 5.5 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2024-22195 | medium | — | 5.5 | 2y ago | RHSA-2024:3102: python-jinja2 security update (Moderate) | |||
| CVE-2024-1481 | medium | — | 5.5 | 2y ago | RHSA-2024:3044: idm:DL1 security update (Moderate) | |||
| CVE-2024-2307 | medium | — | 5.5 | 2y ago | RHSA-2024:2961: Image builder components bug fix, enhancement and security update (Moderate) | |||
| CVE-2024-26602 | medium | — | 5.5 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2024-26609 | medium | — | 5.5 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2024-0841 | medium | — | 5.5 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2024-0408 | medium | — | 5.5 | 2y ago | RHSA-2024:2996: xorg-x11-server-Xwayland security update (Moderate) | |||
| CVE-2024-28180 | medium | — | 5.5 | 2y ago | RHSA-2024:3968: container-tools:rhel8 bug fix and enhancement update (Moderate) | |||
| CVE-2024-24786 | medium | — | 5.5 | 2y ago | RHSA-2024:4246: container-tools security update (Moderate) | |||
| CVE-2024-2494 | medium | — | 5.5 | 2y ago | RHSA-2024:3253: virt:rhel and virt-devel:rhel security update (Moderate) | |||
| CVE-2024-1048 | medium | — | 5.5 | 2y ago | RHSA-2024:3184: grub2 security update (Moderate) | |||
| CVE-2024-0409 | medium | — | 5.5 | 2y ago | RHSA-2024:2996: xorg-x11-server-Xwayland security update (Moderate) | |||
| CVE-2024-24784 | medium | — | 5.5 | 2y ago | RHSA-2024:6969: container-tools:rhel8 security update (Moderate) | |||
| CVE-2024-22365 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:3163: pam security update (Moderate) | |||
| CVE-2024-24783 | medium | — | 5.5 | 2y ago | RHSA-2024:6969: container-tools:rhel8 security update (Moderate) | |||
| CVE-2024-24258 | medium | — | 5.5 | 2y ago | RHSA-2024:3120: freeglut security update (Moderate) | |||
| CVE-2024-24259 | medium | — | 5.5 | 2y ago | RHSA-2024:3120: freeglut security update (Moderate) | |||
| CVE-2024-2496 | medium | — | 5.5 | 2y ago | Moderate: libvirt security update | |||
| CVE-2024-26671 | medium | — | 5.5 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2024-25744 | medium | — | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-28102 | medium | — | 5.5 | 2y ago | RHSA-2024:3267: idm:DL1 and idm:client security update (Moderate) | |||
| CVE-2024-0727 | medium | 5.5 | 5.5 | 2y ago | Low: openssl and openssl-fips-provider security update | |||
| CVE-2024-0690 | medium | — | 5.5 | 2y ago | RHSA-2024:3043: ansible-core bug fix, enhancement, and security update (Moderate) | |||
| CVE-2024-26593 | medium | — | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-2357 | medium | — | 5.5 | 2y ago | RHSA-2024:1998: libreswan security update (Moderate) | |||
| CVE-2024-21012 | medium | — | 5.5 | 2y ago | RHSA-2024:1828: java-21-openjdk security update (Moderate) | |||
| CVE-2024-31229 | medium | 5.5 | 5.5 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.This issue affects Really Simple SSL: from n/a through 7.2.3. | |||
| CVE-2024-21085 | medium | — | 5.5 | 2y ago | RHSA-2024:1822: java-11-openjdk security update (Moderate) | |||
| CVE-2024-21011 | medium | — | 5.5 | 2y ago | RHSA-2024:1828: java-21-openjdk security update (Moderate) | |||
| CVE-2024-21068 | medium | — | 5.5 | 2y ago | RHSA-2024:1828: java-21-openjdk security update (Moderate) | |||
| CVE-2024-28834 | medium | — | 5.5 | 2y ago | RHSA-2024:1784: gnutls security update (Moderate) | |||
| CVE-2024-28835 | medium | — | 5.5 | 2y ago | Moderate: gnutls security update | |||
| CVE-2024-26891 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hot… | |||
| CVE-2024-26877 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering t… | |||
| CVE-2024-26851 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:8870: kernel-rt security update (Moderate) | |||
| CVE-2024-26820 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE… | |||
| CVE-2024-26816 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes s… | |||
| CVE-2024-26787 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: … | |||
| CVE-2024-28219 | medium | — | 5.5 | 2y ago | RHSA-2024:4227: python-pillow security update (Moderate) | |||
| CVE-2024-26659 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-26651 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to tran… | |||
| CVE-2024-2612 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-2614 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-2608 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-1936 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-2607 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-2610 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-0743 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-2611 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-27280 | medium | — | 5.5 | 2y ago | RHSA-2024:4499: ruby security update (Moderate) | |||
| CVE-2024-27281 | medium | — | 5.5 | 2y ago | RHSA-2024:4499: ruby security update (Moderate) | |||
| CVE-2024-29141 | medium | 5.5 | 5.5 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PDF Embedder allows Stored XSS.This issue affects PDF Embedder: from n/a through 4.6.4. | |||
| CVE-2024-21392 | medium | — | 5.5 | 2y ago | RHSA-2024:1311: .NET 8.0 security update (Moderate) | |||
| CVE-2024-0914 | medium | — | 5.5 | 2y ago | RHSA-2024:1608: opencryptoki security update (Moderate) | |||
| CVE-2024-20977 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20973 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20982 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20966 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20963 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20960 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) |