CVEs from 2024
Total
7,195
critical
critical 114
high
high 1,044
medium
medium 1,991
low
low 40
% Critical
1.6%
% with KEV
2.3%
% with exploit
2.3%
Top vendors
Top products
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2024-29816 | medium | 5.9 | 5.9 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in htdat Woo Viet allows Stored XSS.This issue affects Woo Viet: from n/a through 1.5.2. | |
| CVE-2024-29815 | medium | 5.9 | 5.9 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aminur Islam WP Change Email Sender allows Stored XSS.This issue affects WP Change Email Sender: … | |
| CVE-2024-29813 | medium | 5.9 | 5.9 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CartFlows Inc. Funnel Builder by CartFlows allows Stored XSS.This issue affects Funnel Builder by… | |
| CVE-2024-29819 | medium | 5.9 | 5.9 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Syam Mohan WPFront Notification Bar allows Stored XSS.This issue affects WPFront Notification Bar… | |
| CVE-2024-29929 | medium | 5.9 | 5.9 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce allows Stored XSS.This issue affects WCFM – Fro… | |
| CVE-2024-29922 | medium | 5.9 | 5.9 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Quantum Cloud Slider Hero allows Stored XSS.This issue affects Slider Hero: from n/a through 8.6.… | |
| CVE-2024-2579 | medium | 5.9 | 5.9 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16. | |
| CVE-2024-29105 | medium | 5.9 | 5.9 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5. | |
| CVE-2024-29124 | medium | 5.9 | 5.9 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Stored XSS.This issue affects Advanced Access Manager: from n/… | |
| CVE-2024-29140 | medium | 5.9 | 5.9 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Manning MJM Clinic allows Stored XSS.This issue affects MJM Clinic: from n/a through 1.1.22. | |
| CVE-2024-35910 | medium | 5.8 | 5.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: properly terminate timers for kernel sockets We had various syzbot reports about tcp timers firing after the corresponding n… | |
| CVE-2024-32587 | medium | 5.8 | 5.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvialoSimple EnvíaloSimple allows Reflected XSS.This issue affects EnvíaloSimple: from n/a throu… | |
| CVE-2024-32547 | medium | 5.8 | 5.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Bond Code Insert Manager (Q2W3 Inc Manager) allows Reflected XSS.This issue affects Code Inse… | |
| CVE-2024-31122 | medium | 5.8 | 5.8 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism IT Systems User Rights Access Manager allows Reflected XSS.This issue affects User Rights A… | |
| CVE-2024-36894 | medium | 5.6 | 5.6 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() cal… | |
| CVE-2024-33655 | medium | — | 5.5 | 10d ago | Moderate: unbound security update | |
| CVE-2024-51394 | medium | 5.5 | 5.5 | 15d ago | Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp c… | |
| CVE-2024-26766 | medium | — | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the `… | |
| CVE-2024-56690 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Since commit 8f4f68e788c3 ("crypto: pcrypt - … | |
| CVE-2024-50195 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pc_clock_settime() As Andrew pointed out, it will make sense that the PTP core check… | |
| CVE-2024-56786 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |
| CVE-2024-47679 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: vfs: fix race between evice_inodes() and find_inode()&iput() Hi, all Recently I noticed a bug[1] in btrfs, after digged it into … | |
| CVE-2024-53229 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the qp flush warnings in req When the qp is in error state, the status of WQEs in the queue should be set to error.… | |
| CVE-2024-58083 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Explicitly verify the target vCPU is fully online _prior_ to clamp… | |
| CVE-2024-45777 | medium | — | 5.5 | 7mo ago | Moderate: grub2 security update | |
| CVE-2024-49864 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix a race between socket set up and I/O thread creation In rxrpc_open_socket(), it sets up the socket and then sets up th… | |
| CVE-2024-53090 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afs_wake_up_async_call() can incur lock recursion. The problem is that it is called from AF_RXRPC whilst… | |
| CVE-2024-54456 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() name is char[64] where the size of clnt->cl_program->name remain… | |
| CVE-2024-57988 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() devm_kstrdup() can return a NULL pointer on failure,but this returned … | |
| CVE-2024-57987 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() If insert an USB dongle which chip is not maintained in ic_id_table, it… | |
| CVE-2024-57989 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links In mt7925_change_vif_links() devm_kzalloc() may return NULL b… | |
| CVE-2024-57990 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_load_clc() This comparison should be >= instead of > to prevent an out of bounds rea… | |
| CVE-2024-57995 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() In ath12k_mac_assign_vif_to_vdev(), if arvif is crea… | |
| CVE-2024-53680 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with Cl… | |
| CVE-2024-56645 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_session_new(): fix skb reference counting Since j1939_session_skb_queue() does an extra skb_get() for each new … | |
| CVE-2024-56675 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors Uprobes always use bpf_prog_run_array_uprobe() under tasks-trace-RCU… | |
| CVE-2024-53241 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hyperc… | |
| CVE-2024-50060 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring: check if we need to reschedule during overflow flush In terms of normal application usage, this list will always be emp… | |
| CVE-2024-58062 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: avoid NULL pointer dereference When iterating over the links of a vif, we need to make sure that the pointer … | |
| CVE-2024-58057 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: idpf: convert workqueues to unbound When a workqueue is created with `WQ_UNBOUND`, its work items are served by special worker-po… | |
| CVE-2024-58015 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix for out-of bound access error Selfgen stats are placed in a buffer using print_array_to_buf_index() function. A… | |
| CVE-2024-58012 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the top… | |
| CVE-2024-56662 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Fix an issue detected by syzbot with KASAN: BUG: KASAN: vmalloc-out-of-b… | |
| CVE-2024-53216 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: release svc_expkey/svc_export with rcu_work The last reference for `cache_head` can be reduced to zero in `c_show` and `e_s… | |
| CVE-2024-50294 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted (e.g. because kafs saw a signal) between it being queued … | |
| CVE-2024-58068 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrie… | |
| CVE-2024-57998 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq index to the assert function to make sure w… | |
| CVE-2024-57993 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check syzbot has found a type mismatch between a USB … | |
| CVE-2024-57986 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections A report in 2019 by the syzbot fuzzer was fo… | |
| CVE-2024-57981 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference on certain command aborts If a command is queued to the final usable TRB of a ring segmen… | |
| CVE-2024-49570 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe/tracing: Fix a potential TP_printk UAF The commit afd2627f727b ("tracing: Check "%s" dereference via the field and not the… | |
| CVE-2024-56739 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() If the __rtc_read_time call fails,, the struct rtc_time tm; m… | |
| CVE-2024-56709 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring: check if iowq is killed before queuing task work can be executed after the task has gone through io_uring termination, … | |
| CVE-2024-53135 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKE… | |
| CVE-2024-53119 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix accept_queue memory leak As the final stages of socket destruction may be delayed, it is possible that virtio_t… | |
| CVE-2024-47727 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the … | |
| CVE-2024-46689 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protec… | |
| CVE-2024-58088 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commit bc235cdb423a ("bpf: Prevent deadlock from recursive bpf_task_s… | |
| CVE-2024-58077 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback commit 1f5664351410 ("ASoC: lower "no backend DAIs enabled for ... Po… | |
| CVE-2024-58075 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - do not transfer req when tegra init fails The tegra_cmac_init or tegra_sha_init function may return an error when… | |
| CVE-2024-53170 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: block: fix uaf for flush rq while iterating tags blk_mq_clear_flush_rq_mapping() is not called during scsi probe, by checking blk… | |
| CVE-2024-52332 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the dca_… | |
| CVE-2024-53052 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write When io_uring starts a write, it'll call kiocb_start_write() to bu… | |
| CVE-2024-56603 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: net: af_can: do not leave a dangling sk pointer in can_create() On error can_create() frees the allocated sk object, but sock_ini… | |
| CVE-2024-13176 | medium | — | 5.5 | 8mo ago | Moderate: mysql:8.4 security update | |
| CVE-2024-36357 | medium | — | 5.5 | 9mo ago | A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged bounda… | |
| CVE-2024-47252 | medium | — | 5.5 | 9mo ago | Moderate: httpd security update | |
| CVE-2024-36350 | medium | — | 5.5 | 10mo ago | A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. | |
| CVE-2024-47081 | medium | — | 5.5 | 10mo ago | Moderate: python-requests security update | |
| CVE-2024-57980 | medium | — | 5.5 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the … | |
| CVE-2024-52615 | medium | — | 5.5 | 10mo ago | Moderate: avahi security update | |
| CVE-2024-58002 | medium | — | 5.5 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Remove dangling pointers When an async control is written, we copy a pointer to the file handle that started the… | |
| CVE-2024-50379 | medium | — | 5.5 | 11mo ago | Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability | |
| CVE-2024-23337 | medium | — | 5.5 | 11mo ago | Moderate: jq security update | |
| CVE-2024-54661 | medium | — | 5.5 | 11mo ago | Moderate: socat security update | |
| CVE-2024-53064 | medium | — | 5.5 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpf_vc_core_init error path In an event where the platform running the device control plane is rebooted, reset is dete… | |
| CVE-2024-45332 | medium | — | 5.5 | 11mo ago | Moderate:microcode_ctl bug fix and enhancement update | |
| CVE-2024-43420 | medium | — | 5.5 | 11mo ago | Moderate:microcode_ctl bug fix and enhancement update | |
| CVE-2024-4453 | medium | — | 5.5 | 1y ago | Moderate: gstreamer1, gstreamer1-plugins-bad-free, gstreamer1-plugins-ugly-free, and gstreamer1-rtsp-server security update | |
| CVE-2024-49967 | medium | — | 5.5 | 1y ago | RHSA-2025:6966: kernel security update (Moderate) | |
| CVE-2024-45774 | medium | — | 5.5 | 1y ago | Moderate: grub2 security update | |
| CVE-2024-47835 | medium | — | 5.5 | 1y ago | Moderate: gstreamer1-plugins-base security update | |
| CVE-2024-47545 | medium | — | 5.5 | 1y ago | Moderate: gstreamer1-plugins-good security update | |
| CVE-2024-50046 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() On the node of an NFS client, some files saved in the mountpoi… | |
| CVE-2024-0444 | medium | — | 5.5 | 1y ago | Moderate: gstreamer1, gstreamer1-plugins-bad-free, gstreamer1-plugins-ugly-free, and gstreamer1-rtsp-server security update | |
| CVE-2024-47668 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and… | |
| CVE-2024-56826 | medium | — | 5.5 | 1y ago | Moderate: openjpeg2 security update | |
| CVE-2024-49938 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Syzbot points out that skb_trim() has a sanity check on… | |
| CVE-2024-28047 | medium | — | 5.5 | 1y ago | Moderate: microcode_ctl security update | |
| CVE-2024-50256 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() I got a syzbot report without a repro [1] crashing in nf_send_… | |
| CVE-2024-49851 | medium | 5.5 | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up TPM space after command failure tpm_dev_transmit prepares the TPM space before attempting command transmission. How… | |
| CVE-2024-12087 | medium | — | 5.5 | 1y ago | Moderate: rsync security update | |
| CVE-2024-53085 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: tpm: Lock TPM chip in tpm_pm_suspend() first Setting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racy according… | |
| CVE-2024-56654 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating The usage of rcu_read_(un)lock while inside list_for_each_entry… | |
| CVE-2024-56757 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect MediaTek claim an special usb intr interface for ISO data t… | |
| CVE-2024-49856 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Fix deadlock in SGX NUMA node search When the current node doesn't have an EPC section configured by firmware and all ot… | |
| CVE-2024-47687 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix invalid mr resource destroy Certain error paths from mlx5_vdpa_dev_add() can end up releasing mr resources which n… | |
| CVE-2024-49860 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is retur… | |
| CVE-2024-49861 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix helper writes to read-only maps Lonial found an issue that despite user- and BPF-side frozen BPF map (like in case of .r… | |
| CVE-2024-49870 | medium | — | 5.5 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix dentry leak in cachefiles_open_file() A dentry leak may be caused when a lookup cookie and a cull are concurrent:… |