CVEs from 2024
Total
6,992
critical
critical 121
high
high 1,017
medium
medium 2,009
low
low 42
% Critical
1.7%
% with KEV
2.3%
% with exploit
2.8%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-9400 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-9396 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-9403 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-47850 | high | — | 8.0 | 2y ago | CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability t… | |||
| CVE-2024-41035 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore (see the… | |||
| CVE-2024-38562 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: Avoid address calculations via out of bounds array indexing Before request->channels[] can be used, request->n_cha… | |||
| CVE-2024-36953 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU tha… | |||
| CVE-2024-36919 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when ses… | |||
| CVE-2024-41064 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: avoid possible crash when edev->pdev changes If a PCI device is removed during eeh_pe_report_edev(), edev->pdev will… | |||
| CVE-2024-26739 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcf_mirr… | |||
| CVE-2024-26991 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes Fix KVM_SET_MEMORY_ATTRIBUTES to not overflow lpage_info ar… | |||
| CVE-2024-38573 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from d… | |||
| CVE-2024-26947 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 ("arm: extend pfn_valid to … | |||
| CVE-2024-38570 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ares still locks in that lockspace… | |||
| CVE-2024-26931 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to h… | |||
| CVE-2024-39506 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet In lio_vf_rep_copy_packet() pg_info->page is compared to … | |||
| CVE-2024-38601 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The reader code in rb_get_reader_page() swaps a new reader page into th… | |||
| CVE-2024-42246 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket When using a BPF program on kernel_connect(), the c… | |||
| CVE-2024-42225 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data | |||
| CVE-2024-26665 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tunnels: fix out of bounds access when building IPv6 PMTU error If the ICMPv6 error is built from a non-linear skb we get the fol… | |||
| CVE-2024-26930 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha->vp_map pointer Coverity scan reported potential risk of double free of the pointer ha->… | |||
| CVE-2024-36016 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mo… | |||
| CVE-2024-26929 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-41071 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-41097 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacru_bind() Syzbot is still reporting quite an old issue [1] that occurs due to inco… | |||
| CVE-2024-27022 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: … | |||
| CVE-2024-26595 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an erro… | |||
| CVE-2024-26769 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid deadlock on delete association path When deleting an association the shutdown path is deadlocking because we try … | |||
| CVE-2024-41023 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix task_struct reference leak During the execution of the following stress test with linux-rt: stress-ng --cycl… | |||
| CVE-2024-34158 | high | — | 8.0 | 2y ago | Important: buildah security update | |||
| CVE-2024-34155 | high | — | 8.0 | 2y ago | Important: buildah security update | |||
| CVE-2024-8384 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-7652 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-8383 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-8394 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-8385 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-8386 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-8387 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-8382 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-8381 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-42472 | high | — | 8.0 | 2y ago | Important: bubblewrap and flatpak security update | |||
| CVE-2024-37298 | high | — | 8.0 | 2y ago | Important: podman security update | |||
| CVE-2024-36025 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() The app_reply->elem[] array is allocated earlier in this function and it… | |||
| CVE-2024-41091 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tu… | |||
| CVE-2024-4317 | high | — | 8.0 | 2y ago | Important: postgresql:15 security update | |||
| CVE-2024-36003 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ice: fix LAG and VF lock dependency in ice_reset_vf() 9f74a3dfcf83 ("ice: Fix VF Reset paths when interface in a failed over aggr… | |||
| CVE-2024-26668 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps a… | |||
| CVE-2024-27016 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Val… | |||
| CVE-2024-40957 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors input_action_end_dx4() and input_action_end_d… | |||
| CVE-2024-42152 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmet_sq_destroy we capture sq->ctrl early and if it is… | |||
| CVE-2024-41090 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the ta… | |||
| CVE-2024-41076 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4_set_security_label We leak nfs_fattr and nfs4_label every time we set a security xattr. | |||
| CVE-2024-26581 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that … | |||
| CVE-2024-7348 | high | — | 8.0 | 2y ago | Important: postgresql:15 security update | |||
| CVE-2024-40939 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail In case of region creation fail in ipc_devlink_create… | |||
| CVE-2024-39476 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING Xiao reported that lvm2 test lvconvert-raid-ta… | |||
| CVE-2024-27019 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() nft_unregister_obj() can concurrent with __nft_obj_type_get… | |||
| CVE-2024-38544 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt In rxe_comp_queue_pkt() an incoming response packet skb is enqueued to the resp_pkt… | |||
| CVE-2024-38540 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq Undefined behavior is triggered when bnxt_qplib_alloc_init_h… | |||
| CVE-2024-26908 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-27415 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skb… | |||
| CVE-2024-38608 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix netif state handling mlx5e_suspend cleans resources only if netif_device_present() returns true. However, mlx5e_re… | |||
| CVE-2024-35839 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: replace physindev with physinif in nf_bridge_info An skb can be added to a neigh->arp_queue while waiting for … | |||
| CVE-2024-38538 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's x… | |||
| CVE-2024-42110 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() The following is emitted when using idxd (DSA)… | |||
| CVE-2024-40929 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids In some versions of cfg80211, the ssids poinet might be a valid one … | |||
| CVE-2024-40911 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Lock wiphy in cfg80211_get_station Wiphy should be locked before calling rdev_get_station() (see lockdep assert i… | |||
| CVE-2024-40983 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before entering… | |||
| CVE-2024-40914 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: don't unpoison huge_zero_folio When I did memory failure tests recently, below panic occurs: kernel BUG at incl… | |||
| CVE-2024-41041 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). syzkaller triggered the warning [0] in udp_v4_early_demux(). In udp_v[46]_… | |||
| CVE-2024-34750 | high | — | 8.0 | 2y ago | Apache Tomcat - Denial of Service | |||
| CVE-2024-38286 | high | — | 8.0 | 2y ago | Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability | |||
| CVE-2024-6221 | high | — | 8.0 | 2y ago | A vulnerability in corydolphin/flask-cors up to version 4.0.1 allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default, without any configuration option. This behavi… | |||
| CVE-2024-35852 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the n… | |||
| CVE-2024-38575 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: pcie: handle randbuf allocation failure The kzalloc() in brcmf_pcie_download_fw_nvram() will return null if the p… | |||
| CVE-2024-35911 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ice: fix memory corruption bug with suspend and rebuild The ice driver would previously panic after suspend. This is caused from … | |||
| CVE-2024-26808 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in … | |||
| CVE-2024-35848 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read … | |||
| CVE-2024-39487 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() In function bond_option_arp_ip_targets_set(), if newval->stri… | |||
| CVE-2024-36941 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here. | |||
| CVE-2024-26853 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: igc: avoid returning frame twice in XDP_REDIRECT When a frame can not be transmitted in XDP_REDIRECT (e.g. due to a full queue), … | |||
| CVE-2024-7521 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-36921 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: guard against invalid STA ID on removal Guard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that wo… | |||
| CVE-2024-36903 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in __ip6_make_skb() As it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access… | |||
| CVE-2024-38391 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-7527 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-4076 | high | — | 8.0 | 2y ago | Important: bind and bind-dyndb-ldap security update | |||
| CVE-2024-7524 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-36922 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq->read_ptr under lock If we read txq->read_ptr without lock, we can read the same value twice, then obtain… | |||
| CVE-2024-27417 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID val… | |||
| CVE-2024-26600 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not imp… | |||
| CVE-2024-37353 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-26868 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nfs: fix panic when nfs4_ff_layout_prepare_ds() fails We've been seeing the following panic in production BUG: kernel NULL point… | |||
| CVE-2024-7528 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-7520 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-35800 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel Check if get_next_variable() is actually valid pointer before calling it. In kdump kernel this met… | |||
| CVE-2024-1737 | high | — | 8.0 | 2y ago | Important: bind and bind-dyndb-ldap security update | |||
| CVE-2024-7522 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-1975 | high | — | 8.0 | 2y ago | Important: bind and bind-dyndb-ldap security update | |||
| CVE-2024-27049 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to … |