CVEs from 2024
Total
6,597
critical
critical 174
high
high 1,069
medium
medium 2,083
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- mbed_tls 15
- operations_analytics_log_analysis 14
- surveillance_station 12
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5274 | unknown | — | 1.5 | 2y ago | Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Ch… | |||
| CVE-2024-4947 | unknown | — | 1.5 | 2y ago | Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. | |||
| CVE-2024-4761 | unknown | — | 1.5 | 2y ago | Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, includ… | |||
| CVE-2024-30040 | unknown | — | 1.5 | 2y ago | Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass. | |||
| CVE-2024-30051 | unknown | — | 1.5 | 2y ago | Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges. | |||
| CVE-2024-4671 | unknown | — | 1.5 | 2y ago | Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers… | |||
| CVE-2024-29988 | unknown | — | 1.5 | 2y ago | Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-388… | |||
| CVE-2024-20353 | unknown | — | 1.5 | 2y ago | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition. | |||
| CVE-2024-20359 | unknown | — | 1.5 | 2y ago | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root. | |||
| CVE-2024-3272 | unknown | — | 1.5 | 2y ago | D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. | |||
| CVE-2024-3273 | unknown | — | 1.5 | 2y ago | D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution. | |||
| CVE-2024-29748 | unknown | — | 1.5 | 2y ago | Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app. | |||
| CVE-2024-29745 | unknown | — | 1.5 | 2y ago | Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices. | |||
| CVE-2024-23225 | unknown | — | 1.5 | 2y ago | Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory … | |||
| CVE-2024-23296 | unknown | — | 1.5 | 2y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. | |||
| CVE-2024-21410 | unknown | — | 1.5 | 2y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2024-21412 | unknown | — | 1.5 | 2y ago | Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass. | |||
| CVE-2024-21351 | unknown | — | 1.5 | 2y ago | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, wh… | |||
| CVE-2024-21762 | unknown | — | 1.5 | 2y ago | Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests. | |||
| CVE-2024-0519 | unknown | — | 1.5 | 2y ago | Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could … | |||
| CVE-2024-8517 | unknown | — | 1.0 | — | SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipar… | |||
| CVE-2024-7954 | unknown | — | 1.0 | — | The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP … | |||
| CVE-2024-51774 | unknown | — | 1.0 | — | qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors. | |||
| CVE-2024-6782 | unknown | — | 1.0 | — | Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. | |||
| CVE-2024-41947 | unknown | — | 1.0 | 2y ago | XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution | |||
| CVE-2024-23334 | unknown | — | 1.0 | 2y ago | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static f… | |||
| CVE-2024-27039 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: clk: hisilicon: hi3559a: Fix an erroneous devm_kfree() 'p_clk' is an array allocated just before the for loop for all clk that ne… | |||
| CVE-2024-27044 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' The 'stream' pointer is used in dc… | |||
| CVE-2024-27051 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value cpufreq_cpu_get may return NULL. To avoid NULL-derefer… | |||
| CVE-2024-27054 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device, deleting the device takes care… | |||
| CVE-2024-27058 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tmpfs: fix race on handling dquot rbtree A syzkaller reproducer found a race while attempting to remove dquot information from th… | |||
| CVE-2024-27063 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: leds: trigger: netdev: Fix kernel panic on interface rename trig notify Commit d5e01266e7f5 ("leds: trigger: netdev: add addition… | |||
| CVE-2024-35826 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: block: Fix page refcounts for unaligned buffers in __bio_release_pages() Fix an incorrect number of pages being released for buff… | |||
| CVE-2024-35830 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registe… | |||
| CVE-2024-35836 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dpll: fix pin dump crash for rebound module When a kernel module is unbound but the pin resources were not entirely freed (other … | |||
| CVE-2024-35841 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: tls, fix WARNIING in __sk_msg_free A splice with MSG_SPLICE_PAGES will cause tls code to use the tls_sw_sendmsg_splice path … | |||
| CVE-2024-35833 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dma_alloc_coherent() is undone neither in the remove… | |||
| CVE-2024-35837 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kern… | |||
| CVE-2024-35842 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Add NULL check for normal_link string It's not granted that all entries of struct sof_conn_stream dec… | |||
| CVE-2024-35844 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix reserve_cblocks counting error when out of space When a file only needs one direct_node, performing the follo… | |||
| CVE-2024-35850 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth line discipline… | |||
| CVE-2024-35856 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hci_devcd_append() would free the skb on error so the caller don't… | |||
| CVE-2024-35858 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix memory leak when bringing down interface When bringing down the TX rings we flush the rings but forget to reclai… | |||
| CVE-2024-35871 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. For… | |||
| CVE-2024-35873 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: riscv: Fix vector state restore in rt_sigreturn() The RISC-V Vector specification states in "Appendix D: Calling Convention for V… | |||
| CVE-2024-35874 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: aio: Fix null ptr deref in aio_complete() wakeup list_del_init_careful() needs to be the last access to the wait queue entry - it… | |||
| CVE-2024-35879 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: of: dynamic: Synchronize of_changeset_destroy() with the devlink removals In the following sequence: 1) of_platform_depopulate(… | |||
| CVE-2024-35887 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25_ds_del_timer When the ax25 device is detaching, the ax25_dev_device_down() calls ax2… | |||
| CVE-2024-35901 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix Rx DMA datasize and skb_over_panic mana_get_rxbuf_cfg() aligns the RX buffer's DMA datasize to be multiple of 64. … | |||
| CVE-2024-36331 | unknown | — | — | — | Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. | |||
| CVE-2024-36476 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' … | |||
| CVE-2024-36890 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will l… | |||
| CVE-2024-36892 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid zeroing outside-object freepointer for single free Commit 284f17ac13fe ("mm/slub: handle bulk and single object fr… | |||
| CVE-2024-36900 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when devlink reload during initialization The devlink reload process will access the hardware resourc… | |||
| CVE-2024-36895 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. … | |||
| CVE-2024-36897 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Atom Integrated System Info v2_2 for DCN35 New request from KMD/VBIOS in order to support new UMA carveout model… | |||
| CVE-2024-36898 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the … | |||
| CVE-2024-36908 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: blk-iocost: do not WARN if iocg was already offlined In iocg_pay_debt(), warn is triggered if 'active_list' is empty, which is in… | |||
| CVE-2024-36913 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_mem… | |||
| CVE-2024-36915 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies syzbot reported unsafe calls to copy_from_sockptr() [1] Use copy_safe_from_so… | |||
| CVE-2024-36918 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Check bloom filter map value size This patch adds a missing check to bloom filter creating, rejecting values above KMALLOC_M… | |||
| CVE-2024-36931 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace … | |||
| CVE-2024-36935 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytes from userspa… | |||
| CVE-2024-36948 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/xe/xe_migrate: Cast to output precision before multiplying operands Addressing potential overflow in result of multiplicatio… | |||
| CVE-2024-36966 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: erofs: reliably distinguish block based and fscache mode When erofs_kill_sb() is called in block dev based mode, s_bdev may not h… | |||
| CVE-2024-36937 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xdp: use flags field to disambiguate broadcast redirect When redirecting a packet using XDP, the bpf_redirect_map() helper will s… | |||
| CVE-2024-36943 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan make_uffd_wp_pte() was previously doing: pte = ptep_get(pte… | |||
| CVE-2024-38616 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: re-fix fortified-memset warning The carl9170_tx_release() function sometimes triggers a fortified-memset warning … | |||
| CVE-2024-38617 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: kunit/fortify: Fix mismatched kvalloc()/vfree() usage The kv*() family of tests were accidentally freeing with vfree() instead of… | |||
| CVE-2024-38620 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along w… | |||
| CVE-2024-38621 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The ->length is the leng… | |||
| CVE-2024-38622 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add callback function pointer check before its call In dpu_core_irq_callback_handler() callback function pointer is … | |||
| CVE-2024-38630 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses d… | |||
| CVE-2024-38623 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfs_set_label() error: __builtin_memcpy() … | |||
| CVE-2024-38625 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check 'folio' pointer for NULL It can be NULL if bmap is called. | |||
| CVE-2024-38626 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fuse: clear FR_SENT when re-adding requests into pending list The following warning was reported by lee bruce: ------------[ c… | |||
| CVE-2024-38628 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind. Hang on to the control IDs instead of p… | |||
| CVE-2024-38633 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal of t… | |||
| CVE-2024-39282 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous th… | |||
| CVE-2024-39292 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: um: Add winch to winch_handlers before registering winch IRQ Registering a winch IRQ is racy, an interrupt may occur before the w… | |||
| CVE-2024-39293 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.… | |||
| CVE-2024-39461 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_… | |||
| CVE-2024-39462 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: clk: bcm: dvp: Assign ->num before accessing ->hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_… | |||
| CVE-2024-39463 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a thread looks up a… | |||
| CVE-2024-39464 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but only waiting_list a… | |||
| CVE-2024-39465 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix double debugfs remove Fixes an error where debugfs_remove_recursive() is called first on a parent directory and … | |||
| CVE-2024-39467 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mount… | |||
| CVE-2024-39475 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Handle err return when savagefb_check_var failed The commit 04e5eac8f3ab("fbdev: savage: Error out if pixclock equ… | |||
| CVE-2024-39470 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfs_find_events() In function eventfs_find_events,there is a potential nu… | |||
| CVE-2024-39481 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: mc: Fix graph walk in media_pipeline_start The graph walk tries to follow all links, even if they are not between pads. Th… | |||
| CVE-2024-39477 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: do not call vma_add_reservation upon ENOMEM sysbot reported a splat [1] on __unmap_hugepage_range(). This is because… | |||
| CVE-2024-39478 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Do not free stack buffer RSA text data uses variable length buffer allocated in software stack. Calling kfree … | |||
| CVE-2024-39480 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use s… | |||
| CVE-2024-39484 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Don't strip remove function when driver is builtin Using __exit for the remove function results in the remove callb… | |||
| CVE-2024-39485 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Properly re-initialise notifier entry in unregister The notifier_entry of a notifier is not re-initialised aft… | |||
| CVE-2024-41086 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bcachefs: Fix sb_field_downgrade validation - bch2_sb_downgrade_validate() wasn't checking for a downgrade entry extending past… | |||
| CVE-2024-41087 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump to the err_o… | |||
| CVE-2024-41088 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: fix infinite loop when xmit fails When the mcp251xfd_start_xmit() function fails, the driver stops processing mes… | |||
| CVE-2024-41149 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: block: avoid to reuse `hctx` not removed from cpuhp callback list If the 'hctx' isn't removed from cpuhp callback list, we can't … | |||
| CVE-2024-41098 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer dereference on error If the ata_port_alloc() call in ata_host_alloc() fails, ata_host_release(… |