CVEs from 2024
Total
6,992
critical
critical 121
high
high 1,017
medium
medium 2,009
low
low 42
% Critical
1.7%
% with KEV
2.3%
% with exploit
2.8%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-24786 | high | — | 8.0 | 2y ago | Important: container-tools:rhel8 security update | |||
| CVE-2024-26586 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets… | |||
| CVE-2024-26830 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i40e: Do not allow untrusted VF to remove administratively set MAC Currently when PF administratively sets VF's MAC address and t… | |||
| CVE-2024-23271 | high | — | 8.0 | 2y ago | Important: webkit2gtk3 security update | |||
| CVE-2024-25744 | high | — | 8.0 | 2y ago | In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. | |||
| CVE-2024-26582 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear… | |||
| CVE-2024-28180 | high | — | 8.0 | 2y ago | Important: container-tools:rhel8 security update | |||
| CVE-2024-1753 | high | — | 8.0 | 2y ago | Important: container-tools:rhel8 security update | |||
| CVE-2024-1488 | high | — | 8.0 | 2y ago | Important: unbound security update | |||
| CVE-2024-21896 | high | — | 8.0 | 2y ago | Important: nodejs:20 security update | |||
| CVE-2024-21891 | high | — | 8.0 | 2y ago | Important: nodejs:20 security update | |||
| CVE-2024-30156 | high | — | 8.0 | 2y ago | Important: varnish security update | |||
| CVE-2024-22017 | high | — | 8.0 | 2y ago | Important: nodejs:20 security update | |||
| CVE-2024-21890 | high | — | 8.0 | 2y ago | Important: nodejs:20 security update | |||
| CVE-2024-21892 | high | — | 8.0 | 2y ago | Important: nodejs:20 security update | |||
| CVE-2024-1394 | high | — | 8.0 | 2y ago | Important: osbuild and osbuild-composer security update | |||
| CVE-2024-22019 | high | — | 8.0 | 2y ago | Important: nodejs:20 security update | |||
| CVE-2024-1597 | high | — | 8.0 | 2y ago | Important: postgresql-jdbc security update | |||
| CVE-2024-25111 | high | — | 8.0 | 2y ago | Important: squid security update | |||
| CVE-2024-25617 | high | — | 8.0 | 2y ago | Important: squid security update | |||
| CVE-2024-0646 | high | — | 8.0 | 2y ago | An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows… | |||
| CVE-2024-1550 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-1551 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-1548 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-1553 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-1549 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-1552 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-1546 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-1547 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-0985 | high | — | 8.0 | 2y ago | Important: postgresql security update | |||
| CVE-2024-26130 | high | — | 8.0 | 2y ago | Important: python3.12-cryptography security update | |||
| CVE-2024-21404 | high | — | 8.0 | 2y ago | Important: .NET 8.0 security update | |||
| CVE-2024-21386 | high | — | 8.0 | 2y ago | Important: dotnet7.0 security update | |||
| CVE-2024-0964 | high | — | 8.0 | 2y ago | A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request. | |||
| CVE-2024-0749 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-0742 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-0746 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-0750 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-0755 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-0753 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-0747 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-0741 | high | — | 8.0 | 2y ago | Important: thunderbird security update | |||
| CVE-2024-0751 | high | — | 8.0 | 2y ago | Important: firefox security update | |||
| CVE-2024-20926 | high | — | 8.0 | 2y ago | Important: java-11-openjdk security update | |||
| CVE-2024-20919 | high | — | 8.0 | 2y ago | Important: java-17-openjdk security and bug fix update | |||
| CVE-2024-20918 | high | — | 8.0 | 2y ago | Important: java-17-openjdk security and bug fix update | |||
| CVE-2024-20952 | high | — | 8.0 | 2y ago | Important: java-17-openjdk security and bug fix update | |||
| CVE-2024-20932 | high | — | 8.0 | 2y ago | Important: java-17-openjdk security and bug fix update | |||
| CVE-2024-20945 | high | — | 8.0 | 2y ago | Important: java-17-openjdk security and bug fix update | |||
| CVE-2024-20921 | high | — | 8.0 | 2y ago | Important: java-17-openjdk security and bug fix update | |||
| CVE-2024-0057 | high | — | 8.0 | 2y ago | Important: .NET 8.0 security update | |||
| CVE-2024-0056 | high | — | 8.0 | 2y ago | Important: .NET 8.0 security update | |||
| CVE-2024-21319 | high | — | 8.0 | 2y ago | Important: .NET 8.0 security update | |||
| CVE-2024-57876 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix resetting msg rx state after topology removal If the MST topology is removed during the reception of an MST down … | |||
| CVE-2024-26649 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer … | |||
| CVE-2024-0443 | high | — | 8.0 | 3y ago | A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is o… | |||
| CVE-2024-23252 | high | — | 8.0 | 3y ago | RHSA-2023:4201: webkit2gtk3 security update (Important) | |||
| CVE-2024-27833 | high | — | 8.0 | 3y ago | An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing malic… | |||
| CVE-2024-27808 | high | — | 8.0 | 3y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content m… | |||
| CVE-2024-27834 | high | — | 8.0 | 3y ago | The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with … | |||
| CVE-2024-54658 | high | — | 8.0 | 3y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content m… | |||
| CVE-2024-36333 | high | 7.8 | 7.8 | 15d ago | A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |||
| CVE-2024-47091 | high | 7.8 | 7.8 | 17d ago | Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MyS… | |||
| CVE-2024-58072 | high | 7.8 | 7.8 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: remove unused check_buddy_priv Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global list of pri… | |||
| CVE-2024-46744 | high | 7.8 | 7.8 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an unini… | |||
| CVE-2024-58240 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no … | |||
| CVE-2024-53059 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() 1. The size of the response packet is not validated. 2. … | |||
| CVE-2024-46853 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the da… | |||
| CVE-2024-42302 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Keith reports a use-after-free when a DPC event occurs concurrently… | |||
| CVE-2024-46871 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX [Why & How] It actually exposes '6' types in enum dmu… | |||
| CVE-2024-53057 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed t… | |||
| CVE-2024-47745 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: mm: call the security_mmap_file() LSM hook in remap_file_pages() The remap_file_pages syscall handler calls do_mmap() directly, w… | |||
| CVE-2024-53166 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by b… | |||
| CVE-2024-44987 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longe… | |||
| CVE-2024-47718 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular an… | |||
| CVE-2024-50151 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2_IOCTL request When using encryption, either enforced by the server or when using 'seal' … | |||
| CVE-2024-56631 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() Fix a use-after-free bug in sg_release(), detected by syzbot with KASAN: … | |||
| CVE-2024-50150 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmode should keep reference to parent The altmode device release refers to its parent device, but without keeping a… | |||
| CVE-2024-49930 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix array out-of-bound access in SoC stats Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with … | |||
| CVE-2024-50121 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the normal case, when we excute `echo 0 > /proc/fs/… | |||
| CVE-2024-46759 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow… | |||
| CVE-2024-49882 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse() the buffer of the extents path In ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has bee… | |||
| CVE-2024-49883 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is … | |||
| CVE-2024-49884 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at() We hit the following use-after-free: ===================================… | |||
| CVE-2024-49889 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid use-after-free in ext4_ext_show_leaf() In ext4_find_extent(), path may be freed by error or be reallocated, so using … | |||
| CVE-2024-50127 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch /… | |||
| CVE-2024-57979 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sys_exit() from gpsd when r… | |||
| CVE-2024-57258 | high | 7.8 | 7.8 | 1y ago | Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64. | |||
| CVE-2024-12251 | high | 7.8 | 7.8 | 1y ago | In Progress Telerik UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements. | |||
| CVE-2024-57951 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from CPUHP_ONLINE to halfway through … | |||
| CVE-2024-50262 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, whi… | |||
| CVE-2024-43830 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate() Triggers which have trigger specific sysfs attributes typi… | |||
| CVE-2024-36974 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_par… | |||
| CVE-2024-26907 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------[ cut here ]------------ memcpy: detected field-s… | |||
| CVE-2024-26951 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via is_dead instead of empty list If all peers are removed via wg_peer_remove_all(), … | |||
| CVE-2024-26958 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here ]----… | |||
| CVE-2024-26934 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, th… | |||
| CVE-2024-36940 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). I… | |||
| CVE-2024-27395 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of… | |||
| CVE-2024-26988 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' … |