VIR Vulnerability Intelligence Relay

CVEs from 2024

7,195 normalized CVEs published or assigned in this year.

Total
7,195
critical
critical 114
high
high 1,020
medium
medium 2,013
low
low 42
% Critical
1.6%
% with KEV
2.3%
% with exploit
2.3%

Top vendors

Top products

  • surveillance_station 12
  • checkmk 10
  • profilegrid 8
  • office 8
  • office_long_term_servicing_channel 6
  • glibc 5
  • virtual_traffic_manager 5
  • element_pack 5

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2024-36017 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Each attribute inside a nested IFLA_VF_VLAN_LIST is assumed to b… redhatrockylinuxsusedebian+1
CVE-2024-36921 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: guard against invalid STA ID on removal Guard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that wo… redhatrockylinuxsusedebian+1
CVE-2024-36922 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq->read_ptr under lock If we read txq->read_ptr without lock, we can read the same value twice, then obtain… redhatrockylinuxsusedebian+1
CVE-2024-36941 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here. redhatrockylinuxsusedebian+1
CVE-2024-35911 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ice: fix memory corruption bug with suspend and rebuild The ice driver would previously panic after suspend. This is caused from … redhatsuserockylinuxdebian+1
CVE-2024-27417 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID val… redhatsuserockylinuxdebian+1
CVE-2024-7522 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse
CVE-2024-7519 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse
CVE-2024-26828 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the siz… redhatsuserockylinuxdebian+1
CVE-2024-26808 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in … redhatsuserockylinuxdebian+1
CVE-2024-7526 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebiansuse
CVE-2024-7521 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse
CVE-2024-7529 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebiansuse
CVE-2024-7520 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse
CVE-2024-26868 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: nfs: fix panic when nfs4_ff_layout_prepare_ds() fails We've been seeing the following panic in production BUG: kernel NULL point… redhatsuserockylinuxdebian+1
CVE-2024-26600 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not imp… redhatrockylinuxsusedebian+1
CVE-2024-7525 high 8.0 2y ago Important: firefox security update redhatrockylinuxdebiansuse
CVE-2024-7524 high 8.0 2y ago Important: firefox security update redhatdebiansuse
CVE-2024-27434 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the f… redhatrockylinuxsusedebian+1
CVE-2024-21823 high 8.0 2y ago Hardware logic with insecure de-synchronization in Intel(R) DSA and Intel(R) IAA for some Intel(R) 4th or 5th generation Xeon(R) processors may allow an authorized user to potentially enable escalati… redhatrockylinuxsusedebian+1
CVE-2024-40928 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() Clang static checker (scan-build) warning: net/ethtool/i… redhatsuserockylinuxdebian+1
CVE-2024-35852 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the n… redhatrockylinuxsusedebian+1
CVE-2024-35848 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read … redhatsuserockylinuxdebian+1
CVE-2024-27049 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to … redhatsuserockylinuxdebian+1
CVE-2024-35790 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs no… rockylinuxsusedebianalmalinux
CVE-2024-27388 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after thei… rockylinuxsusedebianalmalinux
CVE-2024-26698 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove In commit ac5047671758 ("hv_netvsc: Disable NAPI before clos… rockylinuxsusedebianalmalinux
CVE-2024-38476 high 8.0 2y ago Important: httpd security update debianredhatrockylinuxsuse+1
CVE-2024-36954 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after… rockylinuxsusedebianalmalinux
CVE-2024-40974 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plpar_hcall(), plpar_hcall9(), and related functions expect caller… rockylinuxsusedebianalmalinux
CVE-2024-26802 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: stmmac: Clear variable when destroying workqueue Currently when suspending driver and stopping workqueue it is checked whether wo… rockylinuxsusedebianalmalinux
CVE-2024-36950 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset inte… rockylinuxsusedebianalmalinux
CVE-2024-35952 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: drm/ast: Fix soft lockup There is a while-loop in ast_dp_set_on_off() that could lead to infinite-loop. This is because the regis… redhatrockylinuxsusedebian+1
CVE-2024-38474 high 8.0 2y ago Important: httpd security update debianredhatsuserockylinux+1
CVE-2024-38473 high 8.0 2y ago Important: httpd security update debianredhatsuserockylinux+1
CVE-2024-39573 high 8.0 2y ago Important: httpd security update debianredhatsuserockylinux+1
CVE-2024-38477 high 8.0 2y ago Important: httpd security update debianredhatrockylinuxsuse+1
CVE-2024-39936 high 8.0 2y ago Important: qt5-qtbase security update redhatrockylinuxsusedebian+1
CVE-2024-5564 high 8.0 2y ago Important: libndp security update redhatrockylinuxsusedebian
CVE-2024-21144 high 8.0 2y ago Important: java-1.8.0-openjdk security update redhatrockylinuxsusedebian+1
CVE-2024-27435 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA,… redhatsuserockylinuxdebian+1
CVE-2024-26858 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map Just simply r… redhatsuserockylinuxdebian+1
CVE-2024-36957 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: avoid off-by-one read from userspace We try to access count + 1 byte from userspace with memdup_user(buffer, count … redhatsuserockylinuxdebian+1
CVE-2024-21138 high 8.0 2y ago Important: java-1.8.0-openjdk security update redhatrockylinuxsusedebian+1
CVE-2024-21131 high 8.0 2y ago Important: java-1.8.0-openjdk security update redhatrockylinuxsusedebian+1
CVE-2024-21145 high 8.0 2y ago Important: java-1.8.0-openjdk security update redhatrockylinuxsusedebian+1
CVE-2024-21147 high 8.0 2y ago Important: java-1.8.0-openjdk security update redhatrockylinuxsusedebian+1
CVE-2024-36886 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported a UAF in the tipc_buf_append()… redhatrockylinuxsusedebian+1
CVE-2024-38593 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: net: micrel: Fix receiving the timestamp in the frame for lan8841 The blamed commit started to use the ptp workqueue to get the s… redhatsuserockylinuxdebian+1
CVE-2024-38586 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: r8169: Fix possible ring buffer corruption on fragmented Tx packets. An issue was found on the RTL8125b when transmitting small f… redhatrockylinuxsusedebian+1
CVE-2024-26783 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index With numa balancing on, when a numa system is running where … redhatsuserockylinuxdebian+1
CVE-2024-21140 high 8.0 2y ago Important: java-1.8.0-openjdk security update redhatrockylinuxsusedebian+1
CVE-2024-38663 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"), ea… redhatsuserockylinuxdebian+1
CVE-2024-38543 high 8.0 2y ago In the Linux kernel, the following vulnerability has been resolved: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure The kcalloc() in dmirror_device_evict_chunk() will return null if… redhatsuserockylinuxdebian+1
CVE-2024-37560 high 8.0 8.0 2y ago Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0.
CVE-2024-6601 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse+1
CVE-2024-6604 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse+1
CVE-2024-6603 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse+1
CVE-2024-35264 high 8.0 2y ago Important: dotnet8.0 security update redhatrockylinuxnuget
CVE-2024-30105 high 8.0 2y ago Important: dotnet8.0 security update redhatrockylinuxnuget
CVE-2024-4467 high 8.0 2y ago Important: qemu-kvm security update redhatsusedebian
CVE-2024-32021 high 8.0 2y ago Important: git security update redhatrockylinuxdebiansuse
CVE-2024-32002 high 8.0 2y ago Important: git security update redhatrockylinuxdebiansuse
CVE-2024-32020 high 8.0 2y ago Important: git security update redhatrockylinuxdebiansuse
CVE-2024-0450 high 8.0 2y ago Important: python3.9 security update redhatrockylinuxsusedebian+1
CVE-2024-32465 high 8.0 2y ago Important: git security update redhatrockylinuxdebiansuse
CVE-2024-32004 high 8.0 2y ago Important: git security update redhatrockylinuxdebiansuse
CVE-2024-33871 high 8.0 2y ago Important: ghostscript security update redhatrockylinuxdebiansuse+1
CVE-2024-37890 high 8.0 2y ago ws affected by a DoS when handling a request with many HTTP headers debiannpm
CVE-2024-32462 high 8.0 2y ago Important: flatpak security update redhatrockylinuxdebiansuse+1
CVE-2024-5696 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-5702 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-5700 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-5691 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-5693 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-5688 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-5690 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebian
CVE-2024-3657 high 8.0 2y ago Important: 389-ds-base security update debianredhatrockylinuxsuse
CVE-2024-3651 high 8.0 2y ago Important: python39:3.9 and python39-devel:3.9 security update redhatrockylinuxsusedebian+1
CVE-2024-2199 high 8.0 2y ago Important: 389-ds-base security update debianredhatrockylinuxsuse
CVE-2024-3183 high 8.0 2y ago Important: ipa security update redhatrockylinuxdebianalmalinux
CVE-2024-2698 high 8.0 2y ago Important: ipa security update redhatrockylinuxdebianalmalinux
CVE-2024-3049 high 8.0 2y ago Important: booth security update redhatdebianrockylinuxsuse
CVE-2024-32487 high 8.0 2y ago Important: less security update redhatrockylinuxsusedebian
CVE-2024-23672 high 8.0 2y ago Denial of Service via incomplete cleanup vulnerability in Apache Tomcat redhatsuserockylinuxdebian+1
CVE-2024-24549 high 8.0 2y ago Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests redhatsuserockylinuxdebian+1
CVE-2024-23206 high 8.0 2y ago Important: webkit2gtk3 security update rockylinuxsusedebianalmalinux
CVE-2024-23213 high 8.0 2y ago Important: webkit2gtk3 security update rockylinuxsusedebianalmalinux
CVE-2024-28109 high 8.0 2y ago veraPDF has potential XSLT injection vulnerability when using policy files java
CVE-2024-4769 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse
CVE-2024-4770 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse
CVE-2024-4768 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse
CVE-2024-4777 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse
CVE-2024-4767 high 8.0 2y ago Important: thunderbird security update redhatrockylinuxdebiansuse
CVE-2024-29800 high 8.0 8.0 2y ago timber/timber vulnerable to Deserialization of Untrusted Data php
CVE-2024-30045 high 8.0 2y ago Important: .NET 8.0 security update redhatrockylinuxnuget
CVE-2024-30046 high 8.0 2y ago Important: .NET 7.0 security update redhatrockylinuxnuget
CVE-2024-22025 high 8.0 2y ago Important: nodejs:20 security update redhatrockylinuxdebianalmalinux
CVE-2024-25629 high 8.0 2y ago Important: nodejs:20 security update redhatdebianrockylinuxsuse+1
CVE-2024-27982 high 8.0 2y ago Important: nodejs:20 security update redhatarchrockylinuxsuse+2