CVEs from 2024
Total
6,961
critical
critical 114
high
high 1,032
medium
medium 1,998
low
low 47
% Critical
1.6%
% with KEV
2.3%
% with exploit
2.8%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- glibc 5
- virtual_traffic_manager 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-49884 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at() We hit the following use-after-free: ===================================… | |||
| CVE-2024-57979 | high | 7.8 | 7.8 | 1y ago | RHSA-2025:2474: kernel-rt security update (Important) | |||
| CVE-2024-57258 | high | 7.8 | 7.8 | 1y ago | Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64. | |||
| CVE-2024-12251 | high | 7.8 | 7.8 | 1y ago | In Progress Telerik UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements. | |||
| CVE-2024-57951 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from CPUHP_ONLINE to halfway through … | |||
| CVE-2024-50262 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, whi… | |||
| CVE-2024-35886 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix infinite recursion in fib6_dump_done(). syzkaller reported infinite recursive calls of fib6_dump_done() during netlink … | |||
| CVE-2024-27395 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-26951 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via is_dead instead of empty list If all peers are removed via wg_peer_remove_all(), … | |||
| CVE-2024-26988 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' … | |||
| CVE-2024-26958 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-35905 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack m… | |||
| CVE-2024-36940 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-23307 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-26882 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() Apply the same fix than ones found in : 8d975c15c0cd ("ip6_tun… | |||
| CVE-2024-43830 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:7000: kernel security update (Important) | |||
| CVE-2024-36974 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_par… | |||
| CVE-2024-26907 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:4352: kernel-rt security and bug fix update (Important) | |||
| CVE-2024-26934 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:3627: kernel-rt security and bug fix update (Moderate) | |||
| CVE-2024-50246 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add rough attr alloc_size check | |||
| CVE-2024-50131 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. I… | |||
| CVE-2024-26961 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-49924 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fix possible use after free in pxafb_task() In the pxafb_probe function, it calls the pxafb_init_fbinfo function, a… | |||
| CVE-2024-49894 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in degamma hardware format translation Fixes index out of bounds issue in `cm_helper_tra… | |||
| CVE-2024-47742 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained forma… | |||
| CVE-2024-47730 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core re… | |||
| CVE-2024-47701 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem When looking up for an entry in an inlined directory, if… | |||
| CVE-2024-47698 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error Ensure index in rtl2832_pid_filter does not exceed 31 to … | |||
| CVE-2024-47697 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Ensure index in rtl2830_pid_filter does not exceed 31 to … | |||
| CVE-2024-47696 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency In the commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free… | |||
| CVE-2024-36978 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-39502 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-46859 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF a… | |||
| CVE-2024-46852 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix off-by-one in CMA heap fault handler Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps: D… | |||
| CVE-2024-46849 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'p… | |||
| CVE-2024-46830 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will for… | |||
| CVE-2024-46821 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clk_idex as an index into an array pptable->DpmDesc… | |||
| CVE-2024-46813 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_index before accessing dc->links[] [WHY & HOW] dc->links[] has max size of MAX_LINKS and NULL is retu… | |||
| CVE-2024-46812 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration [Why] Coverity reports Memory - illegal accesses. … | |||
| CVE-2024-38250 | high | 7.8 | 7.8 | 2y ago | Windows Graphics Component Elevation of Privilege Vulnerability | |||
| CVE-2024-43858 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: jfs: Fix array-index-out-of-bounds in diFree | |||
| CVE-2024-40958 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:7001: kernel-rt security update (Important) | |||
| CVE-2024-27065 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-35789 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:4352: kernel-rt security and bug fix update (Important) | |||
| CVE-2024-26852 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-36904 | high | 7.8 | 7.8 | 2y ago | RHSA-2024:5102: kernel-rt security update (Important) | |||
| CVE-2024-41000 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer show… | |||
| CVE-2024-38578 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The 'TAG 66 Packet Format' description is missing the cipher code and checksum fields… | |||
| CVE-2024-38552 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color … | |||
| CVE-2024-30104 | high | 7.8 | 7.8 | 2y ago | Microsoft Office Remote Code Execution Vulnerability | |||
| CVE-2024-27396 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dell… | |||
| CVE-2024-27024 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/rds: fix WARNING in rds_conn_connect_if_down If connection isn't established yet, get_mr() will fail, trigger connection afte… | |||
| CVE-2024-26898 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: … | |||
| CVE-2024-26895 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces wilc_netdev_cleanup currently triggers a KASAN warn… | |||
| CVE-2024-26885 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix DEVMAP_HASH overflow check on 32-bit arches The devmap code allocates a number hash buckets equal to the next power of t… | |||
| CVE-2024-26884 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash bu… | |||
| CVE-2024-26883 | high | 7.8 | 7.8 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check on 32-bit arches The stackmap code relies on roundup_pow_of_two() to compute the number of hash … | |||
| CVE-2024-26257 | high | 7.8 | 7.8 | 2y ago | Microsoft Excel Remote Code Execution Vulnerability | |||
| CVE-2024-20673 | high | 7.8 | 7.8 | 2y ago | Microsoft Office Remote Code Execution Vulnerability | |||
| CVE-2024-1438 | high | 7.7 | 7.7 | 2y ago | Missing Authorization vulnerability in PressFore Rolo Slider.This issue affects Rolo Slider: from n/a through 1.0.9. | |||
| CVE-2024-54284 | high | 7.6 | 7.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through … | |||
| CVE-2024-54283 | high | 7.6 | 7.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through … | |||
| CVE-2024-34386 | high | 7.6 | 7.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lucian Apostol Auto Affiliate Links.This issue affects Auto Affiliate Links: from n/a through 6.4… | |||
| CVE-2024-32810 | high | 7.6 | 7.6 | 2y ago | Missing Authorization vulnerability in ShortPixel ShortPixel Critical CSS.This issue affects ShortPixel Critical CSS: from n/a through 1.0.2. | |||
| CVE-2024-32693 | high | 7.6 | 7.6 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in ValvePress Automatic.This issue affects Automatic: from n/a before 3.93.0. | |||
| CVE-2024-32551 | high | 7.6 | 7.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager : from… | |||
| CVE-2024-32136 | high | 7.6 | 7.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through … | |||
| CVE-2024-32135 | high | 7.6 | 7.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPZest Disable Comments | WPZest.This issue affects Disable Comments | WPZest: from n/a through 1… | |||
| CVE-2024-32134 | high | 7.6 | 7.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nasirahmed Forms to Zapier, Integromat, IFTTT, Workato, Automate.Io, elastic.Io, Built.Io, APIANT… | |||
| CVE-2024-32132 | high | 7.6 | 7.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codeboxr Team CBX Bookmark & Favorite.This issue affects CBX Bookmark & Favorite: from n/a throug… | |||
| CVE-2024-32098 | high | 7.6 | 7.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter.This issue affects Advanced Page Visit Counter: fr… | |||
| CVE-2024-31356 | high | 7.6 | 7.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log.This issue affects User Activity Log: from n/a through 1.8. | |||
| CVE-2024-31241 | high | 7.6 | 7.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through … | |||
| CVE-2024-30494 | high | 7.6 | 7.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 沈唁 OSS Aliyun.This issue affects OSS Aliyun: from n/a through 1.4.10. | |||
| CVE-2024-30487 | high | 7.6 | 7.6 | 2y ago | Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.… | |||
| CVE-2024-25924 | high | 7.6 | 7.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trustindex.Io WP Testimonials.This issue affects WP Testimonials: from n/a through 1.4.3. | |||
| CVE-2024-30237 | high | 7.6 | 7.6 | 2y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Supsystic Slider by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.10. | |||
| CVE-2024-46508 | high | 7.5 | 7.5 | 22d ago | yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET). | |||
| CVE-2024-27686 | high | 7.5 | 7.5 | 22d ago | Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445. | |||
| CVE-2024-52911 | high | 7.5 | 7.5 | 25d ago | Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14. | |||
| CVE-2024-13971 | high | 7.5 | 7.5 | 1mo ago | Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server a… | |||
| CVE-2024-39847 | high | 7.5 | 7.5 | 1mo ago | Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adja… | |||
| CVE-2024-14033 | high | 7.5 | 7.5 | 2mo ago | Hirschmann EagleSDV firmware prior to 05.4.02 contains a denial-of-service vulnerability in TLS session establishment. Attackers can crash the device during TLS handshake by exploiting protocol downg… | |||
| CVE-2024-43333 | high | 7.5 | 7.5 | 1y ago | Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through … | |||
| CVE-2024-54508 | high | 7.5 | 7.5 | 1y ago | RHSA-2025:0145: webkit2gtk3 security update (Important) | |||
| CVE-2024-56067 | high | 7.5 | 7.5 | 1y ago | Missing Authorization vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/… | |||
| CVE-2024-21548 | high | 7.5 | 7.5 | 2y ago | Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo | |||
| CVE-2024-54279 | high | 7.5 | 7.5 | 2y ago | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tobias Keller WP-NERD Toolkit wp-nerd-toolkit.This issue affects WP-NERD Toolkit: from n/a through <= 1.1. | |||
| CVE-2024-53804 | high | 7.5 | 7.5 | 2y ago | Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.16… | |||
| CVE-2024-52481 | high | 7.5 | 7.5 | 2y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify jobify allows Relative Path Traversal.This issue affects Jobify: from n/a through < 4… | |||
| CVE-2024-52449 | high | 7.5 | 7.5 | 2y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Navneil Naicer Bootscraper allows PHP Local File Inclusion.This issue affects Bootscraper: from n/a thr… | |||
| CVE-2024-49997 | high | 7.5 | 7.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclo… | |||
| CVE-2024-49317 | high | 7.5 | 7.5 | 2y ago | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ZIPANG Point Maker point-maker allows PHP Local File Inclusion.This issue affe… | |||
| CVE-2024-49235 | high | 7.5 | 7.5 | 2y ago | Insertion of Sensitive Information Into Sent Data vulnerability in videowhisper Contact Forms, Live Support, CRM, Video Messages live-support-tickets allows Retrieve Embedded Sensitive Data.This issu… | |||
| CVE-2024-49245 | high | 7.5 | 7.5 | 2y ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in nahimsalami Ahime Image Printer ahime-image-printer.This issue affects Ahime Image Printer: from n/a th… | |||
| CVE-2024-38863 | high | 7.5 | 7.5 | 2y ago | Exposure of CSRF tokens in query parameters on specific requests in Checkmk GmbH's Checkmk versions <2.3.0p18, <2.2.0p35 and <2.1.0p48 could lead to a leak of the token to facilitate targeted phishin… | |||
| CVE-2024-46382 | high | 7.5 | 7.5 | 2y ago | A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminOrderController.java. | |||
| CVE-2024-45490 | high | 7.5 | 7.5 | 2y ago | RHSA-2024:6989: expat security update (Moderate) | |||
| CVE-2024-6119 | high | 7.5 | 7.5 | 2y ago | Moderate: openssl security update | |||
| CVE-2024-37370 | high | 7.5 | 7.5 | 2y ago | RHSA-2024:5312: krb5 security update (Moderate) |