VIR Vulnerability Intelligence Relay

CVEs from 2024

7,195 normalized CVEs published or assigned in this year.

Total
7,195
critical
critical 114
high
high 1,020
medium
medium 2,013
low
low 42
% Critical
1.6%
% with KEV
2.3%
% with exploit
2.3%

Top vendors

Top products

  • surveillance_station 12
  • checkmk 10
  • profilegrid 8
  • office 8
  • office_long_term_servicing_channel 6
  • glibc 5
  • virtual_traffic_manager 5
  • element_pack 5

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2024-0565 high 8.0 2y ago An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on… redhatrockylinuxsusedebian+1
CVE-2024-3019 high 8.0 2y ago Important: pcp security, bug fix, and enhancement update redhatrockylinuxsusedebian+1
CVE-2024-24784 high 8.0 2y ago Important: golang security update redhatrockylinuxdebiansuse+2
CVE-2024-26609 high 8.0 2y ago Important: kernel security, bug fix, and enhancement update redhatrockylinuxalmalinux
CVE-2024-26593 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twic… redhatrockylinuxsusedebian+1
CVE-2024-26585 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) m… redhatsuserockylinuxdebian+1
CVE-2024-26584 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the cr… redhatrockylinuxsusedebian+1
CVE-2024-1488 high 8.0 2y ago Important: unbound security update redhatrockylinuxsusedebian
CVE-2024-21896 high 8.0 2y ago Important: nodejs:20 security update redhatrockylinuxsusedebian+1
CVE-2024-30156 high 8.0 2y ago Important: varnish security update redhatrockylinuxdebianalmalinux
CVE-2024-21890 high 8.0 2y ago Important: nodejs:20 security update redhatrockylinuxsusedebian+1
CVE-2024-21891 high 8.0 2y ago Important: nodejs:20 security update redhatrockylinuxsusedebian+1
CVE-2024-22017 high 8.0 2y ago Important: nodejs:20 security update redhatrockylinuxsusedebian+1
CVE-2024-21892 high 8.0 2y ago Important: nodejs:20 security update redhatrockylinuxsusedebian+1
CVE-2024-1394 high 8.0 2y ago Important: osbuild and osbuild-composer security update redhatrockylinuxalmalinuxgolang
CVE-2024-22019 high 8.0 2y ago Important: nodejs:20 security update redhatrockylinuxsusedebian+1
CVE-2024-1597 high 8.0 2y ago Important: postgresql-jdbc security update redhatrockylinuxsusedebian+2
CVE-2024-25617 high 8.0 2y ago Important: squid security update redhatrockylinuxsusedebian
CVE-2024-25111 high 8.0 2y ago Important: squid security update redhatrockylinuxsusedebian
CVE-2024-0646 high 8.0 2y ago An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows… redhatsuserockylinuxdebian+1
CVE-2024-0985 high 8.0 2y ago Important: postgresql:15 security update redhatrockylinuxsusedebian+1
CVE-2024-1548 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-1549 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-1551 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-1552 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-1550 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-1547 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-1546 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-1553 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-26130 high 8.0 2y ago Important: python3.12-cryptography security update redhatsuserockylinuxdebian+1
CVE-2024-21404 high 8.0 2y ago Important: .NET 8.0 security update redhatrockylinux
CVE-2024-21386 high 8.0 2y ago Important: dotnet7.0 security update redhatrockylinuxnuget
CVE-2024-0964 high 8.0 2y ago A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request. python
CVE-2024-21626 high 8.0 2y ago Important: container-tools:4.0 security update redhatrockylinuxsusedebian+1
CVE-2024-0750 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0741 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-0747 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0753 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0755 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0746 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0742 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0751 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-0749 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebian
CVE-2024-20918 high 8.0 2y ago Important: java-17-openjdk security and bug fix update redhatsusedebianalmalinux
CVE-2024-20952 high 8.0 2y ago Important: java-17-openjdk security and bug fix update almalinuxredhatsusedebian
CVE-2024-20945 high 8.0 2y ago Important: java-17-openjdk security and bug fix update redhatalmalinuxsusedebian
CVE-2024-20932 high 8.0 2y ago Important: java-17-openjdk security and bug fix update redhatsusedebianalmalinux
CVE-2024-20921 high 8.0 2y ago Important: java-17-openjdk security and bug fix update redhatalmalinuxsusedebian
CVE-2024-20919 high 8.0 2y ago Important: java-17-openjdk security and bug fix update redhatsusedebianalmalinux
CVE-2024-20926 high 8.0 2y ago Important: java-11-openjdk security update redhatsusedebianalmalinux
CVE-2024-0057 high 8.0 2y ago Important: .NET 8.0 security update redhatrockylinuxalmalinuxnuget
CVE-2024-21319 high 8.0 2y ago Important: .NET 8.0 security update redhatrockylinuxalmalinuxnuget
CVE-2024-0056 high 8.0 2y ago Important: .NET 8.0 security update redhatrockylinuxalmalinuxnuget
CVE-2024-0443 high 8.0 3y ago A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is o… redhatsusedebian
CVE-2024-26649 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer … redhatrockylinuxsusedebian+1
CVE-2024-57876 high 8.0 3y ago In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix resetting msg rx state after topology removal If the MST topology is removed during the reception of an MST down … redhatsusedebian
CVE-2024-23252 high 8.0 3y ago RHSA-2023:4201: webkit2gtk3 security update (Important) redhatsuse
CVE-2024-27834 high 8.0 3y ago The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with … redhatsusedebian
CVE-2024-27833 high 8.0 3y ago An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing malic… redhatsusedebian
CVE-2024-54658 high 8.0 3y ago The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content m… redhatsusedebian
CVE-2024-27808 high 8.0 3y ago The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content m… redhatsusedebian
CVE-2024-36333 high 7.8 7.8 14d ago A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. amd
CVE-2024-47091 high 7.8 7.8 15d ago Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MyS…
CVE-2024-58072 high 7.8 7.8 7mo ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: remove unused check_buddy_priv Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global list of pri… redhatsuserockylinuxdebian+2
CVE-2024-46744 high 7.8 7.8 7mo ago In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an unini… redhatsuserockylinuxdebian+2
CVE-2024-58240 high 7.8 7.8 9mo ago In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no … susedebianlinux
CVE-2024-46759 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow… redhatsusedebianlinux
CVE-2024-49889 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: ext4: avoid use-after-free in ext4_ext_show_leaf() In ext4_find_extent(), path may be freed by error or be reallocated, so using … redhatsusedebianlinux
CVE-2024-50121 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the normal case, when we excute `echo 0 > /proc/fs/… redhatsusedebianlinux
CVE-2024-50127 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch /… redhatsusedebianlinux
CVE-2024-49884 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at() We hit the following use-after-free: ===================================… redhatsusedebianlinux
CVE-2024-47718 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular an… redhatsusedebianlinux
CVE-2024-50150 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmode should keep reference to parent The altmode device release refers to its parent device, but without keeping a… redhatsusedebianlinux
CVE-2024-50151 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2_IOCTL request When using encryption, either enforced by the server or when using 'seal' … redhatsusedebianlinux
CVE-2024-53057 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed t… redhatsusedebianlinux
CVE-2024-56631 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() Fix a use-after-free bug in sg_release(), detected by syzbot with KASAN: … redhatsusedebianlinux
CVE-2024-47745 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: mm: call the security_mmap_file() LSM hook in remap_file_pages() The remap_file_pages syscall handler calls do_mmap() directly, w… redhatsusedebianlinux
CVE-2024-53059 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() 1. The size of the response packet is not validated. 2. … redhatsusedebianlinux
CVE-2024-46871 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX [Why & How] It actually exposes '6' types in enum dmu… redhatsusedebianlinux
CVE-2024-49883 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is … redhatsusedebianlinux
CVE-2024-49882 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse() the buffer of the extents path In ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has bee… redhatsusedebianlinux
CVE-2024-46853 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the da… redhatsusedebianlinux
CVE-2024-44987 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longe… redhatsusedebianlinux
CVE-2024-42302 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Keith reports a use-after-free when a DPC event occurs concurrently… redhatsusedebianlinux
CVE-2024-53166 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by b… redhatsusedebianlinux
CVE-2024-49930 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix array out-of-bound access in SoC stats Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with … redhatsusedebianlinux
CVE-2024-57979 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sys_exit() from gpsd when r… rockylinuxsusedebianlinux
CVE-2024-57258 high 7.8 7.8 1y ago Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64. susedebian
CVE-2024-12251 high 7.8 7.8 1y ago In Progress Telerik UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.
CVE-2024-57951 high 7.8 7.8 1y ago In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from CPUHP_ONLINE to halfway through … susedebianlinux
CVE-2024-50262 high 7.8 7.8 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, whi… redhatsusedebianlinux+1
CVE-2024-23307 high 7.8 7.8 2y ago Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow. redhatrockylinuxsusedebian+2
CVE-2024-36974 high 7.8 7.8 2y ago In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_par… redhatsusedebianlinux
CVE-2024-43830 high 7.8 7.8 2y ago In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate() Triggers which have trigger specific sysfs attributes typi… redhatrockylinuxsusedebian+2
CVE-2024-35905 high 7.8 7.8 2y ago In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack m… redhatsusedebianlinux
CVE-2024-26882 high 7.8 7.8 2y ago In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() Apply the same fix than ones found in : 8d975c15c0cd ("ip6_tun… redhatsusedebianlinux
CVE-2024-26988 high 7.8 7.8 2y ago In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' … redhatsusedebianlinux+1
CVE-2024-26958 high 7.8 7.8 2y ago In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here ]----… redhatrockylinuxsusedebian+2
CVE-2024-26951 high 7.8 7.8 2y ago In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via is_dead instead of empty list If all peers are removed via wg_peer_remove_all(), … redhatsusedebianlinux
CVE-2024-27395 high 7.8 7.8 2y ago In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of… redhatrockylinuxsusedebian+2