VIR Vulnerability Intelligence Relay

CVEs from 2024

7,377 normalized CVEs published or assigned in this year.

Total
7,377
critical
critical 114
high
high 1,043
medium
medium 1,991
low
low 40
% Critical
1.5%
% with KEV
2.2%
% with exploit
2.2%

Top vendors

Top products

  • checkmk 10
  • office 8
  • profilegrid 8
  • office_long_term_servicing_channel 6
  • glibc 5
  • virtual_traffic_manager 5
  • element_pack 5
  • propertyhive 5

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2024-28109 high 8.0 2y ago veraPDF has potential XSLT injection vulnerability when using policy files java
CVE-2024-4767 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse
CVE-2024-4768 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse
CVE-2024-4769 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse
CVE-2024-4770 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse
CVE-2024-4777 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse
CVE-2024-29800 high 8.0 8.0 2y ago timber/timber vulnerable to Deserialization of Untrusted Data php
CVE-2024-30046 high 8.0 2y ago Important: .NET 7.0 security update redhatrockylinuxnuget
CVE-2024-30045 high 8.0 2y ago Important: .NET 8.0 security update redhatrockylinuxnuget
CVE-2024-22025 high 8.0 2y ago Important: nodejs:18 security update redhatrockylinuxdebian
CVE-2024-28182 high 8.0 2y ago Important: nodejs security update redhatrockylinuxsusedebian
CVE-2024-25629 high 8.0 2y ago Important: nodejs security update redhatdebianrockylinuxsuse
CVE-2024-27983 high 8.0 2y ago Important: nodejs security update redhatarchrockylinuxsuse+1
CVE-2024-27982 high 8.0 2y ago Important: nodejs security update redhatarchrockylinuxsuse+1
CVE-2024-31270 high 8.0 8.0 2y ago Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.
CVE-2024-3019 high 8.0 2y ago Important: pcp security, bug fix, and enhancement update redhatrockylinuxsusedebian
CVE-2024-24786 high 8.0 2y ago Important: container-tools:rhel8 security update redhatrockylinuxdebiansuse+1
CVE-2024-23271 high 8.0 2y ago Important: webkit2gtk3 security update redhatrockylinuxsusedebian
CVE-2024-24784 high 8.0 2y ago Important: golang security update redhatrockylinuxdebiansuse+1
CVE-2024-24783 high 8.0 2y ago Important: golang security update redhatrockylinuxdebiansuse+1
CVE-2024-28180 high 8.0 2y ago Important: container-tools:rhel8 security update redhatrockylinuxdebiansuse+1
CVE-2024-24785 high 8.0 2y ago Important: golang security update rockylinuxredhatdebiansuse+1
CVE-2024-26830 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: i40e: Do not allow untrusted VF to remove administratively set MAC Currently when PF administratively sets VF's MAC address and t… redhatsusedebian
CVE-2024-26633 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is… redhatsusedebianalmalinux
CVE-2024-26583 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as … redhatrockylinuxsusedebian+1
CVE-2024-26586 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets… redhatsuserockylinuxdebian+1
CVE-2024-26585 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) m… redhatsuserockylinuxdebian+1
CVE-2024-26584 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the cr… redhatrockylinuxsusedebian+1
CVE-2024-26582 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear… redhatsusedebianalmalinux
CVE-2024-1085 high 8.0 2y ago A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whet… redhatsusedebianalmalinux
CVE-2024-0565 high 8.0 2y ago An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on… redhatrockylinuxsusedebian+1
CVE-2024-1753 high 8.0 2y ago Important: container-tools:rhel8 security update redhatrockylinuxdebiansuse+1
CVE-2024-1488 high 8.0 2y ago Important: unbound security update redhatrockylinuxsusedebian
CVE-2024-22017 high 8.0 2y ago Important: nodejs:20 security update redhatrockylinuxsusedebian
CVE-2024-21891 high 8.0 2y ago Important: nodejs:20 security update redhatrockylinuxsusedebian
CVE-2024-21890 high 8.0 2y ago Important: nodejs:20 security update redhatrockylinuxsusedebian
CVE-2024-30156 high 8.0 2y ago Important: varnish security update redhatrockylinuxdebian
CVE-2024-21896 high 8.0 2y ago Important: nodejs:20 security update redhatrockylinuxsusedebian
CVE-2024-21892 high 8.0 2y ago Important: nodejs:20 security update redhatrockylinuxsusedebian
CVE-2024-1394 high 8.0 2y ago Important: golang security update redhatrockylinuxgolang
CVE-2024-22019 high 8.0 2y ago Important: nodejs:20 security update redhatrockylinuxsusedebian
CVE-2024-1597 high 8.0 2y ago Important: postgresql-jdbc security update redhatrockylinuxsusedebian+1
CVE-2024-25617 high 8.0 2y ago Important: squid security update redhatrockylinuxsusedebian
CVE-2024-25111 high 8.0 2y ago Important: squid security update redhatrockylinuxsusedebian
CVE-2024-0646 high 8.0 2y ago An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows… redhatsuserockylinuxdebian+1
CVE-2024-1548 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-1549 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-1550 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-1547 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-1546 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0985 high 8.0 2y ago Important: postgresql security update redhatrockylinuxsusedebian
CVE-2024-1552 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-1551 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-1553 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-26130 high 8.0 2y ago Important: python3.12-cryptography security update redhatsuserockylinuxdebian+1
CVE-2024-21404 high 8.0 2y ago Important: .NET 8.0 security update redhatrockylinux
CVE-2024-21386 high 8.0 2y ago Important: dotnet7.0 security update redhatrockylinuxnuget
CVE-2024-0964 high 8.0 2y ago A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request. python
CVE-2024-21626 high 8.0 2y ago Important: container-tools:4.0 security update redhatrockylinuxsusedebian+1
CVE-2024-0747 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0746 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0742 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0749 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0753 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0741 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-0751 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0750 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0755 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-20918 high 8.0 2y ago Important: java-17-openjdk security and bug fix update redhatsusedebian
CVE-2024-20926 high 8.0 2y ago Important: java-11-openjdk security update redhatsusedebian
CVE-2024-20932 high 8.0 2y ago Important: java-17-openjdk security and bug fix update redhatsusedebian
CVE-2024-20919 high 8.0 2y ago Important: java-17-openjdk security and bug fix update redhatsusedebian
CVE-2024-20921 high 8.0 2y ago Important: java-17-openjdk security and bug fix update redhatalmalinuxsusedebian
CVE-2024-20945 high 8.0 2y ago Important: java-17-openjdk security and bug fix update redhatalmalinuxsusedebian
CVE-2024-20952 high 8.0 2y ago Important: java-17-openjdk security and bug fix update almalinuxredhatsusedebian
CVE-2024-0057 high 8.0 2y ago Important: .NET 6.0 security update redhatrockylinuxnuget
CVE-2024-21319 high 8.0 2y ago Important: .NET 6.0 security update redhatrockylinuxnuget
CVE-2024-0056 high 8.0 2y ago Important: .NET 6.0 security update redhatrockylinuxnuget
CVE-2024-26649 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer … redhatrockylinuxsusedebian+1
CVE-2024-0443 high 8.0 3y ago A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is o… redhatsusedebian
CVE-2024-57876 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix resetting msg rx state after topology removal If the MST topology is removed during the reception of an MST down … redhatsusedebian
CVE-2024-23252 high 8.0 3y ago RHSA-2023:4201: webkit2gtk3 security update (Important) redhatsuse
CVE-2024-27834 high 8.0 3y ago The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with … redhatsusedebian
CVE-2024-27833 high 8.0 3y ago An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing malic… redhatsusedebian
CVE-2024-27808 high 8.0 3y ago The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content m… redhatsusedebian
CVE-2024-54658 high 8.0 3y ago The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content m… redhatsusedebian
CVE-2024-36333 high 7.8 7.8 13d ago A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. amd
CVE-2024-47091 high 7.8 7.8 15d ago Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MyS…
CVE-2024-46744 high 7.8 7.8 7mo ago In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an unini… redhatsuserockylinuxdebian+2
CVE-2024-58072 high 7.8 7.8 7mo ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: remove unused check_buddy_priv Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global list of pri… redhatsuserockylinuxdebian+2
CVE-2024-58240 high 7.8 7.8 9mo ago In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no … susedebianlinux
CVE-2024-49889 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: ext4: avoid use-after-free in ext4_ext_show_leaf() In ext4_find_extent(), path may be freed by error or be reallocated, so using … redhatsusedebianlinux
CVE-2024-49884 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at() We hit the following use-after-free: ===================================… redhatsusedebianlinux
CVE-2024-49883 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is … redhatsusedebianlinux
CVE-2024-49882 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse() the buffer of the extents path In ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has bee… redhatsusedebianlinux
CVE-2024-50121 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the normal case, when we excute `echo 0 > /proc/fs/… redhatsusedebianlinux
CVE-2024-47718 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular an… redhatsusedebianlinux
CVE-2024-46871 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX [Why & How] It actually exposes '6' types in enum dmu… redhatsusedebianlinux
CVE-2024-46853 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the da… redhatsusedebianlinux
CVE-2024-46759 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow… redhatsusedebianlinux