CVEs from 2024
Total
6,647
critical
critical 114
high
high 1,034
medium
medium 1,997
low
low 47
% Critical
1.7%
% with KEV
2.5%
% with exploit
3.3%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-28834 | medium | — | 5.5 | 2y ago | RHSA-2024:1784: gnutls security update (Moderate) | |||
| CVE-2024-21085 | medium | — | 5.5 | 2y ago | RHSA-2024:1822: java-11-openjdk security update (Moderate) | |||
| CVE-2024-28835 | medium | — | 5.5 | 2y ago | Moderate: gnutls security update | |||
| CVE-2024-21011 | medium | — | 5.5 | 2y ago | RHSA-2024:1828: java-21-openjdk security update (Moderate) | |||
| CVE-2024-21068 | medium | — | 5.5 | 2y ago | RHSA-2024:1828: java-21-openjdk security update (Moderate) | |||
| CVE-2024-26891 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hot… | |||
| CVE-2024-26877 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering t… | |||
| CVE-2024-26851 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:8870: kernel-rt security update (Moderate) | |||
| CVE-2024-26820 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE… | |||
| CVE-2024-26816 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes s… | |||
| CVE-2024-26787 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: … | |||
| CVE-2024-28219 | medium | — | 5.5 | 2y ago | RHSA-2024:4227: python-pillow security update (Moderate) | |||
| CVE-2024-26659 | medium | 5.5 | 5.5 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-26651 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to tran… | |||
| CVE-2024-0743 | medium | — | 5.5 | 2y ago | An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||
| CVE-2024-2614 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-1936 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-2607 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-2610 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-2608 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-2611 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-2612 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-27280 | medium | — | 5.5 | 2y ago | RHSA-2024:4499: ruby security update (Moderate) | |||
| CVE-2024-27281 | medium | — | 5.5 | 2y ago | RHSA-2024:4499: ruby security update (Moderate) | |||
| CVE-2024-29141 | medium | 5.5 | 5.5 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PDF Embedder allows Stored XSS.This issue affects PDF Embedder: from n/a through 4.6.4. | |||
| CVE-2024-21392 | medium | — | 5.5 | 2y ago | RHSA-2024:1311: .NET 8.0 security update (Moderate) | |||
| CVE-2024-0914 | medium | — | 5.5 | 2y ago | RHSA-2024:1608: opencryptoki security update (Moderate) | |||
| CVE-2024-21050 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21055 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21056 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21200 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21061 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21053 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21137 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21052 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21051 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20993 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20982 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20977 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20974 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20978 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20984 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20963 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20973 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20983 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20967 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20969 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20971 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20965 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20981 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20960 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20970 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20966 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-23301 | medium | — | 5.5 | 2y ago | RHSA-2024:1719: rear security update (Moderate) | |||
| CVE-2024-20961 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20964 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20962 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21049 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20985 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20968 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20972 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20976 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21057 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-26596 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events After the blamed commit, we started doing this d… | |||
| CVE-2024-25126 | medium | — | 5.5 | 2y ago | RHSA-2024:2953: pcs security update (Moderate) | |||
| CVE-2024-26141 | medium | — | 5.5 | 2y ago | RHSA-2024:2953: pcs security update (Moderate) | |||
| CVE-2024-26146 | medium | — | 5.5 | 2y ago | RHSA-2024:2953: pcs security update (Moderate) | |||
| CVE-2024-23650 | medium | — | 5.5 | 2y ago | RHSA-2024:2988: container-tools:rhel8 security update (Moderate) | |||
| CVE-2024-21886 | medium | — | 5.5 | 2y ago | RHSA-2024:2996: xorg-x11-server-Xwayland security update (Moderate) | |||
| CVE-2024-21885 | medium | — | 5.5 | 2y ago | RHSA-2024:2996: xorg-x11-server-Xwayland security update (Moderate) | |||
| CVE-2024-0229 | medium | — | 5.5 | 2y ago | RHSA-2024:2996: xorg-x11-server-Xwayland security update (Moderate) | |||
| CVE-2024-0553 | medium | — | 5.5 | 2y ago | RHSA-2024:0627: gnutls security update (Moderate) | |||
| CVE-2024-0567 | medium | — | 5.5 | 2y ago | Moderate: gnutls security update | |||
| CVE-2024-20945 | medium | — | 5.5 | 2y ago | RHSA-2024:1481: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2024-21094 | medium | — | 5.5 | 2y ago | RHSA-2024:1828: java-21-openjdk security update (Moderate) | |||
| CVE-2024-20926 | medium | — | 5.5 | 2y ago | RHSA-2024:1481: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2024-20918 | medium | — | 5.5 | 2y ago | RHSA-2024:1481: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2024-20921 | medium | — | 5.5 | 2y ago | RHSA-2024:1481: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2024-20952 | medium | — | 5.5 | 2y ago | RHSA-2024:1481: java-1.8.0-ibm security update (Moderate) | |||
| CVE-2024-33724 | medium | 5.4 | 5.4 | 24d ago | SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php. | |||
| CVE-2024-37925 | medium | 5.4 | 5.4 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in BUDDYBOSS LLC BuddyBoss Theme allows Cross Site Request Forgery.This issue affects BuddyBoss Theme: from n/a through 2.4.61. | |||
| CVE-2024-37438 | medium | 5.4 | 5.4 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a befor… | |||
| CVE-2024-49665 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Web Bricks Web Bricks Addons for Elementor allows Stored XSS.This issue affects Web Bricks… | |||
| CVE-2024-37229 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AuburnForest Blogmentor – Blog Layouts for Elementor allows Stored XSS.This issue affects … | |||
| CVE-2024-37959 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atlas Public Policy Power BI Embedded for WordPress allows Stored XSS.This issue affects P… | |||
| CVE-2024-34443 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: f… | |||
| CVE-2024-35167 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affe… | |||
| CVE-2024-34816 | medium | 5.4 | 5.4 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8. | |||
| CVE-2024-34445 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor… | |||
| CVE-2024-34436 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor… | |||
| CVE-2024-34432 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.This issue affects… | |||
| CVE-2024-34547 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For El… | |||
| CVE-2024-34566 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Conte… | |||
| CVE-2024-34562 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Element… | |||
| CVE-2024-34381 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10. | |||
| CVE-2024-34374 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady… | |||
| CVE-2024-33588 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.… | |||
| CVE-2024-33636 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through 1.0.1. | |||
| CVE-2024-33641 | medium | 5.4 | 5.4 | 2y ago | Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through 0.3. | |||
| CVE-2024-33634 | medium | 5.4 | 5.4 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. |