CVEs from 2024
Total
7,034
critical
critical 114
high
high 1,020
medium
medium 2,013
low
low 42
% Critical
1.6%
% with KEV
2.3%
% with exploit
2.8%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-21199 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21236 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21230 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21201 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21231 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21238 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21247 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21241 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21239 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21194 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21196 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21197 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21237 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21193 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21198 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21218 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-21219 | high | — | 8.0 | 1y ago | Important: mysql security update | |||
| CVE-2024-12797 | high | — | 8.0 | 1y ago | Important: openssl security update | |||
| CVE-2024-11218 | high | — | 8.0 | 1y ago | Important: podman security update | |||
| CVE-2024-52531 | high | — | 8.0 | 1y ago | Important: libsoup security update | |||
| CVE-2024-51741 | high | — | 8.0 | 1y ago | Important: redis:7 security update | |||
| CVE-2024-46981 | high | — | 8.0 | 1y ago | Important: redis:6 security update | |||
| CVE-2024-53263 | high | — | 8.0 | 1y ago | Important: git-lfs security update | |||
| CVE-2024-12085 | high | — | 8.0 | 1y ago | Important: rsync security update | |||
| CVE-2024-56201 | high | — | 8.0 | 1y ago | Important: fence-agents security update | |||
| CVE-2024-57823 | high | — | 8.0 | 1y ago | Important: raptor2 security update | |||
| CVE-2024-11831 | high | — | 8.0 | 1y ago | A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object type… | |||
| CVE-2024-56326 | high | — | 8.0 | 1y ago | Important: fence-agents security update | |||
| CVE-2024-54502 | high | — | 8.0 | 1y ago | Important: webkit2gtk3 security update | |||
| CVE-2024-54505 | high | — | 8.0 | 1y ago | Important: webkit2gtk3 security update | |||
| CVE-2024-11614 | high | — | 8.0 | 1y ago | Important: dpdk security update | |||
| CVE-2024-53580 | high | — | 8.0 | 1y ago | Important: iperf3 security update | |||
| CVE-2024-54479 | high | — | 8.0 | 1y ago | Important: webkit2gtk3 security update | |||
| CVE-2024-53122 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path man… | |||
| CVE-2024-50208 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Avoid memory corruption while setting up Level-2 PBL pages for the non… | |||
| CVE-2024-46713 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, … | |||
| CVE-2024-50252 | high | — | 8.0 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address The device stores IPv6 addresses that are used for encaps… | |||
| CVE-2024-34156 | high | — | 8.0 | 2y ago | Important: delve and golang security update | |||
| CVE-2024-8508 | high | — | 8.0 | 2y ago | Important: unbound security update | |||
| CVE-2024-47537 | high | — | 8.0 | 2y ago | Important: gstreamer1-plugins-good security update | |||
| CVE-2024-47540 | high | — | 8.0 | 2y ago | Important: gstreamer1-plugins-good security update | |||
| CVE-2024-47538 | high | — | 8.0 | 2y ago | Important: gstreamer1-plugins-base security update | |||
| CVE-2024-47615 | high | — | 8.0 | 2y ago | Important: gstreamer1-plugins-base security update | |||
| CVE-2024-47539 | high | — | 8.0 | 2y ago | Important: gstreamer1-plugins-good security update | |||
| CVE-2024-47606 | high | — | 8.0 | 2y ago | Important: gstreamer1-plugins-good security update | |||
| CVE-2024-47613 | high | — | 8.0 | 2y ago | Important: gstreamer1-plugins-good security update | |||
| CVE-2024-47607 | high | — | 8.0 | 2y ago | Important: gstreamer1-plugins-base security update | |||
| CVE-2024-12254 | high | — | 8.0 | 2y ago | Important: python3.12 security update | |||
| CVE-2024-10976 | high | — | 8.0 | 2y ago | Important: postgresql:16 security update | |||
| CVE-2024-10978 | high | — | 8.0 | 2y ago | Important: postgresql:16 security update | |||
| CVE-2024-10979 | high | — | 8.0 | 2y ago | Important: postgresql:16 security update | |||
| CVE-2024-11695 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-11692 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-11699 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-11697 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-52804 | high | — | 8.0 | 2y ago | Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to ex… | |||
| CVE-2024-11159 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-11694 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-11696 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-52336 | high | — | 8.0 | 2y ago | Important: tuned security update | |||
| CVE-2024-52337 | high | — | 8.0 | 2y ago | Important: tuned security update | |||
| CVE-2024-10963 | high | — | 8.0 | 2y ago | Important: pam:1.5.1 security update | |||
| CVE-2024-53899 | high | — | 8.0 | 2y ago | Important: python36:3.6 security update | |||
| CVE-2024-9632 | high | — | 8.0 | 2y ago | Important: tigervnc security update | |||
| CVE-2024-45802 | high | — | 8.0 | 2y ago | Important: squid security update | |||
| CVE-2024-43498 | high | — | 8.0 | 2y ago | Important: .NET 9.0 security update | |||
| CVE-2024-9050 | high | — | 8.0 | 2y ago | Important: NetworkManager-libreswan security update | |||
| CVE-2024-43499 | high | — | 8.0 | 2y ago | Important: .NET 9.0 security update | |||
| CVE-2024-44296 | high | — | 8.0 | 2y ago | Important: webkit2gtk3 security update | |||
| CVE-2024-44244 | high | — | 8.0 | 2y ago | Important: webkit2gtk3 security update | |||
| CVE-2024-52532 | high | — | 8.0 | 2y ago | Important: libsoup security update | |||
| CVE-2024-52530 | high | — | 8.0 | 2y ago | Important: libsoup security update | |||
| CVE-2024-26843 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: efi: runtime: Fix potential overflow of soft-reserved region size md_size will have been narrowed if we have >= 4GB worth of page… | |||
| CVE-2024-41060 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bo_va->bo is non-NULL before using it The call to radeon_vm_clear_freed might clear bo_va->bo, so we have to ch… | |||
| CVE-2024-41065 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc… | |||
| CVE-2024-26675 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Wi… | |||
| CVE-2024-42124 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Make qedf_execute_tmf() non-preemptible Stop calling smp_processor_id() from preemptible code in qedf_execute_tmf90. … | |||
| CVE-2024-27011 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak in map from abort path The delete set command does not rely on the transaction object for eleme… | |||
| CVE-2024-35809 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: PCI/PM: Drain runtime-idle callbacks before driver removal A race condition between the .runtime_idle() callback and the .remove(… | |||
| CVE-2024-26940 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed The driver creates /sys/kernel/debug/dri/0/mob_ttm even when… | |||
| CVE-2024-39499 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in event_deliver() Coverity spotted that event_msg is controlled by user-spac… | |||
| CVE-2024-35854 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to a… | |||
| CVE-2024-26846 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'le… | |||
| CVE-2024-35824 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume When not configured for wakeup lis3lv02d_i2c_su… | |||
| CVE-2024-35810 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix the lifetime of the bo cursor memory The cleanup can be dispatched while the atomic update is still active, which… | |||
| CVE-2024-35814 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: swiotlb: Fix double-allocation of slots due to broken alignment handling Commit bbb73a103fbb ("swiotlb: fix a braino in the align… | |||
| CVE-2024-26772 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block b… | |||
| CVE-2024-36901 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_out… | |||
| CVE-2024-26939 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free … | |||
| CVE-2024-36896 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in port.c:disable_stor… | |||
| CVE-2024-41038 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into t… | |||
| CVE-2024-26669 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload When a qdisc is deleted from a net device the stack instructs the underlying driver… | |||
| CVE-2024-26614 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following is… | |||
| CVE-2024-26686 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats lock_task_sighand() can trigger a hard lockup. I… | |||
| CVE-2024-26759 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads swapin the same … | |||
| CVE-2024-41039 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw he… | |||
| CVE-2024-39501 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-26660 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'stream_enc_regs' array is an array of dcn10_stream… | |||
| CVE-2024-41012 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created l… | |||
| CVE-2024-26740 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: use the backlog for mirred ingress The test Davide added in commit ca22da2fbd69 ("act_mirred: use the back… |