CVEs from 2024
Total
6,656
critical
critical 114
high
high 1,034
medium
medium 1,997
low
low 47
% Critical
1.7%
% with KEV
2.4%
% with exploit
3.3%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-24789 | medium | — | 5.5 | 2y ago | RHSA-2024:5291: grafana security update (Moderate) | |||
| CVE-2024-39468 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such deadlo… | |||
| CVE-2024-0450 | medium | — | 5.5 | 2y ago | RHSA-2024:4243: python3 security update (Moderate) | |||
| CVE-2024-33847 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: don't allow unaligned truncation on released compress inode f2fs image may be corrupted after below testcase: - m… | |||
| CVE-2024-3652 | medium | — | 5.5 | 2y ago | RHSA-2024:4376: libreswan security update (Moderate) | |||
| CVE-2024-38780 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore fr… | |||
| CVE-2024-36288 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token->pages[] array is not NULL terminated. This resu… | |||
| CVE-2024-36484 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time. Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/af_in… | |||
| CVE-2024-36286 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-38589 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netrom: fix possible dead-lock in nr_rt_ioctl() syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1] Make sure … | |||
| CVE-2024-38567 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a … | |||
| CVE-2024-38565 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an … | |||
| CVE-2024-38547 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries The allocation failure of mycs->yuv_scaler_binary … | |||
| CVE-2024-26664 | medium | — | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-37891 | medium | — | 5.5 | 2y ago | RHSA-2024:8843: python3.11-urllib3 security update (Moderate) | |||
| CVE-2024-34064 | medium | — | 5.5 | 2y ago | RHSA-2024:4231: python-jinja2 security update (Moderate) | |||
| CVE-2024-28176 | medium | — | 5.5 | 2y ago | RHSA-2024:5294: jose security update (Moderate) | |||
| CVE-2024-2905 | medium | — | 5.5 | 2y ago | Moderate: rpm-ostree security update | |||
| CVE-2024-24788 | medium | — | 5.5 | 2y ago | RHSA-2024:6969: container-tools:rhel8 security update (Moderate) | |||
| CVE-2024-2947 | medium | — | 5.5 | 2y ago | A flaw was found in Cockpit. Deleting a sosreport with a crafted name via the Cockpit web interface can lead to a command injection vulnerability, resulting in privilege escalation. This issue affect… | |||
| CVE-2024-3651 | medium | — | 5.5 | 2y ago | RHSA-2024:4260: python-idna security update (Moderate) | |||
| CVE-2024-27282 | medium | — | 5.5 | 2y ago | RHSA-2024:4499: ruby security update (Moderate) | |||
| CVE-2024-26693 | medium | — | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-27056 | medium | — | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-26919 | medium | — | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-26779 | medium | — | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-26694 | medium | — | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-26610 | medium | — | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-26993 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-36959 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the referen… | |||
| CVE-2024-26642 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-26643 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-26673 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTO_{IPV4,IPV… | |||
| CVE-2024-1062 | medium | — | 5.5 | 2y ago | RHSA-2024:3047: 389-ds:1.4 security update (Moderate) | |||
| CVE-2024-36008 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree … | |||
| CVE-2024-36007 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:4352: kernel-rt security and bug fix update (Important) | |||
| CVE-2024-36004 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:4352: kernel-rt security and bug fix update (Important) | |||
| CVE-2024-35997 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operatio… | |||
| CVE-2024-35996 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: cpu: Re-enable CPU mitigations by default for !X86 architectures Rename x86's to CPU_MITIGATIONS, define it in generic code, and … | |||
| CVE-2024-35990 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: dma: xilinx_dpdma: Fix locking There are several places where either chan->lock or chan->vchan.lock was not held. Add appropriate… | |||
| CVE-2024-35988 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: riscv: Fix TASK_SIZE on 64-bit NOMMU On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of… | |||
| CVE-2024-35984 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Ta… | |||
| CVE-2024-35982 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmi… | |||
| CVE-2024-35940 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Add a null pointer check to the psz_kmsg_read kasprintf() returns a pointer to dynamically allocated memory which ca… | |||
| CVE-2024-35936 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() The unhandled case in btrfs_relocate_sys_chunks() loop is a … | |||
| CVE-2024-35922 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: fbmon: prevent division by zero in fb_videomode_from_videomode() The expression htotal * vtotal can have a zero value on overflow… | |||
| CVE-2024-35915 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet syzbot reported the following uninit-value access issue [1][2]: nci_… | |||
| CVE-2024-35902 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman add… | |||
| CVE-2024-35893 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-35884 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:7001: kernel-rt security update (Important) | |||
| CVE-2024-35828 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocati… | |||
| CVE-2024-35815 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct k… | |||
| CVE-2024-35813 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid negative index with array access Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") assigns prev_… | |||
| CVE-2024-35811 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach This is the candidate patch of CVE-2023-47233 : https://nvd.nist.… | |||
| CVE-2024-4770 | medium | — | 5.5 | 2y ago | RHSA-2024:3784: thunderbird security update (Moderate) | |||
| CVE-2024-4768 | medium | — | 5.5 | 2y ago | RHSA-2024:3784: thunderbird security update (Moderate) | |||
| CVE-2024-4769 | medium | — | 5.5 | 2y ago | RHSA-2024:3784: thunderbird security update (Moderate) | |||
| CVE-2024-4777 | medium | — | 5.5 | 2y ago | RHSA-2024:3784: thunderbird security update (Moderate) | |||
| CVE-2024-4767 | medium | — | 5.5 | 2y ago | RHSA-2024:3784: thunderbird security update (Moderate) | |||
| CVE-2024-28182 | medium | — | 5.5 | 2y ago | RHSA-2024:4252: nghttp2 security update (Moderate) | |||
| CVE-2024-25742 | medium | — | 5.5 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2024-25743 | medium | — | 5.5 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2024-33948 | medium | 5.5 | 5.5 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixel Industry TweetScroll Widget allows Stored XSS.This issue affects TweetScroll Widget: from n… | |||
| CVE-2024-25062 | medium | — | 5.5 | 2y ago | RHSA-2024:3626: libxml2 security update (Moderate) | |||
| CVE-2024-27078 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and every error-handling pa… | |||
| CVE-2024-27077 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity The entity->name (i.e. name) is allocated in v4l2_m2m_register_ent… | |||
| CVE-2024-27076 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Free the memory allocated in v4l2_ctrl_handler_init on release. | |||
| CVE-2024-27072 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() because are useless and may led… | |||
| CVE-2024-27059 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-27047 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: phy: fix phy_get_internal_delay accessing an empty array The phy_get_internal_delay function could try to access to an empty… | |||
| CVE-2024-25580 | medium | — | 5.5 | 2y ago | RHSA-2024:3056: qt5-qtbase security update (Moderate) | |||
| CVE-2024-28102 | medium | — | 5.5 | 2y ago | RHSA-2024:3267: idm:DL1 and idm:client security update (Moderate) | |||
| CVE-2024-26602 | medium | — | 5.5 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2024-24259 | medium | — | 5.5 | 2y ago | RHSA-2024:3120: freeglut security update (Moderate) | |||
| CVE-2024-24258 | medium | — | 5.5 | 2y ago | RHSA-2024:3120: freeglut security update (Moderate) | |||
| CVE-2024-1481 | medium | — | 5.5 | 2y ago | RHSA-2024:3044: idm:DL1 security update (Moderate) | |||
| CVE-2024-26671 | medium | — | 5.5 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2024-0727 | medium | 5.5 | 5.5 | 2y ago | Low: openssl and openssl-fips-provider security update | |||
| CVE-2024-24786 | medium | — | 5.5 | 2y ago | RHSA-2024:4246: container-tools security update (Moderate) | |||
| CVE-2024-24784 | medium | — | 5.5 | 2y ago | RHSA-2024:6969: container-tools:rhel8 security update (Moderate) | |||
| CVE-2024-25744 | medium | — | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-0409 | medium | — | 5.5 | 2y ago | RHSA-2024:2996: xorg-x11-server-Xwayland security update (Moderate) | |||
| CVE-2024-0408 | medium | — | 5.5 | 2y ago | RHSA-2024:2996: xorg-x11-server-Xwayland security update (Moderate) | |||
| CVE-2024-0690 | medium | — | 5.5 | 2y ago | RHSA-2024:3043: ansible-core bug fix, enhancement, and security update (Moderate) | |||
| CVE-2024-26593 | medium | — | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-1441 | medium | — | 5.5 | 2y ago | Moderate: libvirt security and bug fix update | |||
| CVE-2024-24783 | medium | — | 5.5 | 2y ago | RHSA-2024:6969: container-tools:rhel8 security update (Moderate) | |||
| CVE-2024-2496 | medium | — | 5.5 | 2y ago | Moderate: libvirt security update | |||
| CVE-2024-22195 | medium | — | 5.5 | 2y ago | RHSA-2024:3102: python-jinja2 security update (Moderate) | |||
| CVE-2024-26830 | medium | — | 5.5 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2024-28180 | medium | — | 5.5 | 2y ago | RHSA-2024:3968: container-tools:rhel8 bug fix and enhancement update (Moderate) | |||
| CVE-2024-2494 | medium | — | 5.5 | 2y ago | RHSA-2024:3253: virt:rhel and virt-devel:rhel security update (Moderate) | |||
| CVE-2024-1048 | medium | — | 5.5 | 2y ago | RHSA-2024:3184: grub2 security update (Moderate) | |||
| CVE-2024-22365 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:3163: pam security update (Moderate) | |||
| CVE-2024-2307 | medium | — | 5.5 | 2y ago | RHSA-2024:2961: Image builder components bug fix, enhancement and security update (Moderate) | |||
| CVE-2024-26609 | medium | — | 5.5 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2024-0841 | medium | — | 5.5 | 2y ago | RHSA-2024:3138: kernel security, bug fix, and enhancement update (Moderate) | |||
| CVE-2024-2357 | medium | — | 5.5 | 2y ago | RHSA-2024:1998: libreswan security update (Moderate) | |||
| CVE-2024-21012 | medium | — | 5.5 | 2y ago | RHSA-2024:1828: java-21-openjdk security update (Moderate) | |||
| CVE-2024-31229 | medium | 5.5 | 5.5 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.This issue affects Really Simple SSL: from n/a through 7.2.3. |