CVEs from 2024
Total
6,700
critical
critical 138
high
high 1,058
medium
medium 2,045
low
low 49
% Critical
2.1%
% with KEV
2.4%
% with exploit
3.3%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-56749 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dlm: fix dlm_recover_members refcount on error If dlm_recover_members() fails we don't drop the references of the previous create… | |||
| CVE-2024-56750 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: erofs: fix blksize < PAGE_SIZE for file-backed mounts Adjust sb->s_blocksize{,_bits} directly for file-backed mounts when the fs … | |||
| CVE-2024-56751 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipv6: release nexthop on device removal The CI is hitting some aperiodic hangup at device removal time in the pmtu.sh self-test: … | |||
| CVE-2024-56752 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() When the call to gf100_grctx_generate() fails, unlock gr->fecs.mu… | |||
| CVE-2024-56754 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: caam - Fix the pointer passed to caam_qi_shutdown() The type of the last parameter given to devm_add_action_or_reset() is… | |||
| CVE-2024-56755 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING In fscache_create_volume(), there is a missing memory barrier bet… | |||
| CVE-2024-56756 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table The HMB descriptor table is sized to the maximum number of descriptors that cou… | |||
| CVE-2024-56759 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we h… | |||
| CVE-2024-56761 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into WAIT… | |||
| CVE-2024-56763 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user… | |||
| CVE-2024-56764 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ublk: detach gendisk from ublk device if add_disk() fails Inside ublk_abort_requests(), gendisk is grabbed for aborting all infli… | |||
| CVE-2024-56766 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() t… | |||
| CVE-2024-56767 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will… | |||
| CVE-2024-56768 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP disab… | |||
| CVE-2024-56775 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix handling of plane refcount [Why] The mechanism to backup and restore plane states doesn't maintain refcount,… | |||
| CVE-2024-56769 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by K… | |||
| CVE-2024-56771 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information These four chips: * W25N512GW * W25N01GW * W25N01JW * W25N0… | |||
| CVE-2024-56773 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: kunit: Fix potential null dereference in kunit_device_driver_test() kunit_kzalloc() may return a NULL pointer, dereferencing it w… | |||
| CVE-2024-56774 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfs_search_slot() Syzbot reports a null-ptr-deref in btrfs_search_slot(). The repr… | |||
| CVE-2024-56776 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drm_atomic_get_crtc_state() needs to be checked. To av… | |||
| CVE-2024-56777 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check The return value of drm_atomic_get_crtc_state() ne… | |||
| CVE-2024-56778 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check The return value of drm_atomic_get_crtc_state() … | |||
| CVE-2024-56780 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: quota: flush quota_release_work upon quota writeback One of the paths quota writeback is called from is: freeze_super() sync_f… | |||
| CVE-2024-56785 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Fix the dtc warnings: arch/mips/boot/dts/loongson/ls7a-pch.dtsi:6… | |||
| CVE-2024-56782 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() acpi_dev_hid_match() does not check for adev == NULL, dere… | |||
| CVE-2024-56784 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How] Array indices out of bound caused memory corru… | |||
| CVE-2024-56788 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: oa_tc6: fix tx skb race condition between reference pointers There are two skb pointers to manage tx skb's enqueue… | |||
| CVE-2024-56787 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driver_async_probe=* on kernel command line, the following trace is prod… | |||
| CVE-2024-57791 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sock_recvmsg when draining clc data When receiving clc msg, the field length in smc_clc_msg_hdr in… | |||
| CVE-2024-57792 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: power: supply: gpio-charger: Fix set charge current limits Fix set charge current limits for devices which allow to set the lowes… | |||
| CVE-2024-36611 | unknown | — | — | — | In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request i… | |||
| CVE-2024-57793 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors In CoCo VMs it is possible for the untrusted host to cause se… | |||
| CVE-2024-57795 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b870… | |||
| CVE-2024-57893 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALS… | |||
| CVE-2024-57899 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes, w… | |||
| CVE-2024-57900 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nf_register_net_hooks() syzbot found a race in ila_add_mapping() [1] commit 031ae72825ce ("ila: call nf_… | |||
| CVE-2024-57904 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivc… | |||
| CVE-2024-57905 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a … | |||
| CVE-2024-57906 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a… | |||
| CVE-2024-57907 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchip_saradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space fr… | |||
| CVE-2024-57908 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a trig… | |||
| CVE-2024-57909 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1745: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a tr… | |||
| CVE-2024-57912 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space fro… | |||
| CVE-2024-52011 | unknown | — | — | 1d ago | launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attack… | |||
| CVE-2024-47097 | unknown | — | — | 5d ago | Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do. | |||
| CVE-2024-47096 | unknown | — | — | 5d ago | Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the showSupportExpiredMessage parameter of hand… | |||
| CVE-2024-5986 | unknown | — | — | 4mo ago | H2O has an External Control of File Name or Path vulnerability | |||
| CVE-2024-4027 | unknown | — | — | 4mo ago | Undertow Servlets Vulnerable to Remote DoS via OutOfMemoryError when Passed Large Parameter Names | |||
| CVE-2024-29371 | unknown | — | — | 6mo ago | jose4j is vulnerable to DoS via compressed JWE content | |||
| CVE-2024-3884 | unknown | — | — | 6mo ago | Undertow OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded | |||
| CVE-2024-44088 | unknown | — | — | 8mo ago | Apache Geode web-api is vulnerable to Cross-site Scripting | |||
| CVE-2024-6429 | unknown | — | — | 8mo ago | WSO2 Identity Server Apps allows content spoofing in logs | |||
| CVE-2024-43115 | unknown | — | — | 9mo ago | Apache DolphinScheduler vulnerable to Alert Script Attack | |||
| CVE-2024-43166 | unknown | — | — | 9mo ago | Apache DolphinScheduler Incorrect Default Permissions Vulnerability | |||
| CVE-2024-39954 | unknown | — | — | 10mo ago | Apache EventMesh Vulnerable to Server-Side Request Forgery in WebhookUtil.java | |||
| CVE-2024-41177 | unknown | — | — | 10mo ago | Apache Zeppelin: XSS in the Helium module | |||
| CVE-2024-51775 | unknown | — | — | 10mo ago | Apache Zeppelin: Missing Origin Validation in WebSockets vulnerability | |||
| CVE-2024-52279 | unknown | — | — | 10mo ago | Apache Zeppelin: Arbitrary file read by adding malicious JDBC connection string | |||
| CVE-2024-9408 | unknown | — | — | 11mo ago | Eclipse GlassFish is vulnerable to Server Side Request Forgery attacks through specific endpoints | |||
| CVE-2024-9342 | unknown | — | — | 11mo ago | Eclipse GlassFish is vulnerable to Login Brute Force attacks through unlimited failed login attempts | |||
| CVE-2024-10031 | unknown | — | — | 11mo ago | Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications | |||
| CVE-2024-10029 | unknown | — | — | 11mo ago | Eclipse GlassFish is vulnerable to Reflected XSS attacks through its Administration Console | |||
| CVE-2024-10032 | unknown | — | — | 11mo ago | Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console | |||
| CVE-2024-9343 | unknown | — | — | 11mo ago | Eclipse GlassFish is vulnerable to Stored XSS attacks through its Administration Console | |||
| CVE-2024-41169 | unknown | — | — | 11mo ago | Apache Zeppelin exposes server resources to unauthenticated attackers | |||
| CVE-2024-56158 | unknown | — | — | 1y ago | XWiki allows SQL injection in query endpoint of REST API with Oracle | |||
| CVE-2024-40625 | unknown | — | — | 1y ago | Coverage REST API Server Side Request Forgery | |||
| CVE-2024-38524 | unknown | — | — | 1y ago | GWC Home Page communicate version and revision information | |||
| CVE-2024-34711 | unknown | — | — | 1y ago | GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) | |||
| CVE-2024-29198 | unknown | — | — | 1y ago | GeoServer Vulnerable to Unauthenticated SSRF via TestWfsPost | |||
| CVE-2024-8008 | unknown | — | — | 1y ago | WSO2 products vulnerable to Cross-site Scripting | |||
| CVE-2024-1440 | unknown | — | — | 1y ago | WSO2 is vulnerable to Open Redirect through multi-option URL in its authentication endpoint | |||
| CVE-2024-7096 | unknown | — | — | 1y ago | WSO2 products vulnerable to privilege escalation due to business logic flaw in SOAP admin services | |||
| CVE-2024-24780 | unknown | — | — | 1y ago | Apache IoTDB Vulnerable to Remote Code Execution | |||
| CVE-2024-13009 | unknown | — | — | 1y ago | **UNSUPPORTED WHEN ASSIGNED** GzipHandler causes part of request body to be seen as request body of a separate request | |||
| CVE-2024-52979 | unknown | — | — | 1y ago | Elasticsearch Uncontrolled Resource Consumption Vulnerability | |||
| CVE-2024-42699 | unknown | — | — | 1y ago | OpenCMS Cross-Site Scripting vulnerability | |||
| CVE-2024-41446 | unknown | — | — | 1y ago | OpenCMS cross-site scripting (XSS) vulnerability | |||
| CVE-2024-41447 | unknown | — | — | 1y ago | Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability | |||
| CVE-2024-55238 | unknown | — | — | 1y ago | OpenMetadata SQL Injection | |||
| CVE-2024-52981 | unknown | — | — | 1y ago | Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion | |||
| CVE-2024-52980 | unknown | — | — | 1y ago | Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function | |||
| CVE-2024-56325 | unknown | — | — | 1y ago | Apache Pinot Vulnerable to Authentication Bypass | |||
| CVE-2024-6875 | unknown | — | — | 1y ago | Infinispan Potential Out of Memory Error via REST Compare API Buffer API | |||
| CVE-2024-48944 | unknown | — | — | 1y ago | Apache Kylin Server-Side Request Forgery (SSRF) via `/kylin/api/xxx/diag` Endpoint | |||
| CVE-2024-12369 | unknown | — | — | 1y ago | WildFly Elytron OpenID Connect Client ExtensionOIDC authorization code injection attack | |||
| CVE-2024-8616 | unknown | — | — | 1y ago | H2O Vulnerable to Arbitrary File Overwrite | |||
| CVE-2024-8062 | unknown | — | — | 1y ago | H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request | |||
| CVE-2024-7765 | unknown | — | — | 1y ago | H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing | |||
| CVE-2024-7768 | unknown | — | — | 1y ago | H2O Vulnerable to Denial of Service (DoS) via `/3/ImportFiles` Endpoint | |||
| CVE-2024-6863 | unknown | — | — | 1y ago | H2O Vulnerable to Execution of Arbitrary Files | |||
| CVE-2024-6854 | unknown | — | — | 1y ago | H2O Vulnerable to Arbitrary File Overwrite via File Export | |||
| CVE-2024-10550 | unknown | — | — | 1y ago | H2O Vulnerable to Denial of Service (DoS) via `/3/ParseSetup` Endpoint | |||
| CVE-2024-10572 | unknown | — | — | 1y ago | H2O Vulnerable to Denial of Service (DoS) and File Write | |||
| CVE-2024-10549 | unknown | — | — | 1y ago | H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint | |||
| CVE-2024-10553 | unknown | — | — | 1y ago | H2O Deserialization of Untrusted Data Vulnerability | |||
| CVE-2024-54016 | unknown | — | — | 1y ago | Apache Seata Vulnerable to Data Amplification | |||
| CVE-2024-47552 | unknown | — | — | 1y ago | Apache Seata Vulnerable to Deserialization of Untrusted Data | |||
| CVE-2024-58103 | unknown | — | — | 1y ago | Wire has Uncontrolled Recursion on Nested Groups | |||
| CVE-2024-55532 | unknown | — | — | 1y ago | Apache Ranger Improper Neutralization of Formula Elements vulnerability |