CVEs from 2024
Total
6,593
critical
critical 174
high
high 1,069
medium
medium 2,083
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- mbed_tls 15
- operations_analytics_log_analysis 14
- surveillance_station 12
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-41077 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: null_blk: fix validation of block size Block size should be between 512 and PAGE_SIZE and be a power of 2. The current check does… | |||
| CVE-2024-41084 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: cxl/region: Avoid null pointer dereference in region lookup cxl_dpa_to_region() looks up a region based on a memdev and DPA. It w… | |||
| CVE-2024-41085 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix no cxl_nvd during pmem region auto-assembling When CXL subsystem is auto-assembling a pmem region during cxl endpoin… | |||
| CVE-2024-42245 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: Revert "sched/fair: Make sure to try to detach at least one movable task" This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12f… | |||
| CVE-2024-42258 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Yves-Alexis Perez reported commit 4ef9ad19e176… | |||
| CVE-2024-42271 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucv_sock_close() iucv_sever_path() is called from process context and from bh context. iucv->pat… | |||
| CVE-2024-42276 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nvme-pci: add missing condition check for existence of mapped data nvme_map_data() is called when request has physical segments, … | |||
| CVE-2024-44960 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a nul… | |||
| CVE-2024-26892 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to … | |||
| CVE-2024-26973 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores o… | |||
| CVE-2024-32460 | medium | — | 5.5 | 2y ago | Moderate: freerdp security update | |||
| CVE-2024-43911 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, link_data/link_conf are dynamical… | |||
| CVE-2024-35923 | medium | — | 5.5 | 2y ago | RHSA-2024:9315: kernel security update (Moderate) | |||
| CVE-2024-9676 | medium | — | 5.5 | 2y ago | RHSA-2024:10289: container-tools:rhel8 security update (Moderate) | |||
| CVE-2024-50210 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the cloc… | |||
| CVE-2024-50205 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() The step variable is initialized to zero. It is changed … | |||
| CVE-2024-50188 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83869: fix memory corruption when enabling fiber When configuring the fiber port, the DP83869 PHY driver incorrectly … | |||
| CVE-2024-50134 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Replace the fake VLA at end of the vbva_mouse_po… | |||
| CVE-2024-50095 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mad: Improve handling of timed out WRs of mad agent Current timeout handler of mad agent acquires/releases mad_agent_priv lo… | |||
| CVE-2024-41066 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: … | |||
| CVE-2024-43880 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_erp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM (A-TCAM… | |||
| CVE-2024-7006 | medium | — | 5.5 | 2y ago | RHSA-2024:8833: libtiff security update (Moderate) | |||
| CVE-2024-21510 | medium | — | 5.5 | 2y ago | RHSA-2024:10987: pcs security update (Moderate) | |||
| CVE-2024-10461 | medium | — | 5.5 | 2y ago | In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affe… | |||
| CVE-2024-10462 | medium | — | 5.5 | 2y ago | Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | |||
| CVE-2024-10458 | medium | — | 5.5 | 2y ago | A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, T… | |||
| CVE-2024-10464 | medium | — | 5.5 | 2y ago | Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerabi… | |||
| CVE-2024-10459 | medium | — | 5.5 | 2y ago | An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR <… | |||
| CVE-2024-10463 | medium | — | 5.5 | 2y ago | Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. | |||
| CVE-2024-10460 | medium | — | 5.5 | 2y ago | The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, an… | |||
| CVE-2024-10466 | medium | — | 5.5 | 2y ago | By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 12… | |||
| CVE-2024-10467 | medium | — | 5.5 | 2y ago | Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could… | |||
| CVE-2024-10465 | medium | — | 5.5 | 2y ago | A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | |||
| CVE-2024-40960 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40995 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-2201 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-26640 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40998 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-26826 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-26935 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-36244 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-39472 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40904 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40977 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-41014 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-41013 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40931 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40972 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-39504 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-49761 | medium | — | 5.5 | 2y ago | RHSA-2025:11047: pcs security update (Moderate) | |||
| CVE-2024-49767 | medium | — | 5.5 | 2y ago | Werkzeug possible resource exhaustion when parsing file data in forms | |||
| CVE-2024-6232 | medium | — | 5.5 | 2y ago | Moderate: python3.12 security update | |||
| CVE-2024-50045 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: fix panic with metadata_dst skb Fix a kernel panic in the br_netfilter module when sending untagged traf… | |||
| CVE-2024-50040 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal") changed … | |||
| CVE-2024-50012 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on CPU node In the parse_perf_domain function, if the call to of_parse_phandle_with_args ret… | |||
| CVE-2024-50001 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix error path in multi-packet WQE transmit Remove the erroneous unmap in case no DMA mapping was established The mult… | |||
| CVE-2024-49955 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new batter… | |||
| CVE-2024-49952 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption syzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write per-cpu v… | |||
| CVE-2024-49944 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start In sctp_listen_start() invoked by sctp_inet_listen(), it… | |||
| CVE-2024-49925 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use o… | |||
| CVE-2024-49902 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: jfs: check if leafidx greater than num leaves per dmap tree syzbot report a out of bounds in dbSplit, it because dmt_leafidx grea… | |||
| CVE-2024-49892 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize get_bytes_per_element's default to 1 Variables, used as denominators and maybe not assigned to other … | |||
| CVE-2024-49890 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: ensure the fw_info is not null before using it This resolves the dereference null return value warning reported by Co… | |||
| CVE-2024-47735 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled Fix missuse of spin_lock_irq()/spin_unlock_irq() when spin_lock_i… | |||
| CVE-2024-47709 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). syzbot reported a warning in bcm_release(). [0] The blamed change f… | |||
| CVE-2024-47707 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Blamed commit accidentally removed a check for rt->rt6i_idev bei… | |||
| CVE-2024-47704 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_res->hpo_dp_link_enc before using it [WHAT & HOW] Functions dp_enable_link_phy and dp_disable_link_ph… | |||
| CVE-2024-47699 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() Patch series "nilfs2: fix potential issues with empty b-tree nodes".… | |||
| CVE-2024-47684 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: check skb is non-NULL in tcp_rto_delta_us() We have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-gene… | |||
| CVE-2024-27403 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-38556 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-39483 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-42272 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-21208 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2024-40959 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-42079 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-21235 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2024-21217 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2024-36889 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-21210 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2024-35989 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-42284 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-42934 | medium | — | 5.5 | 2y ago | Moderate: OpenIPMI security update | |||
| CVE-2024-46544 | medium | — | 5.5 | 2y ago | Moderate: mod_jk bug fix update | |||
| CVE-2024-40984 | medium | 5.5 | 5.5 | 2y ago | Important: kernel security update | |||
| CVE-2024-35895 | medium | 5.5 | 5.5 | 2y ago | Important: kernel security update | |||
| CVE-2024-38615 | medium | 5.5 | 5.5 | 2y ago | Important: kernel security update | |||
| CVE-2024-24791 | medium | — | 5.5 | 2y ago | RHSA-2024:7349: grafana security update (Moderate) | |||
| CVE-2024-46770 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ice: Add netif_device_attach/detach into PF reset flow Ethtool callbacks can be executed while reset is in progress and try to ac… | |||
| CVE-2024-7383 | medium | — | 5.5 | 2y ago | RHSA-2024:6964: virt:rhel and virt-devel:rhel security update (Moderate) | |||
| CVE-2024-6602 | medium | — | 5.5 | 2y ago | A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||
| CVE-2024-35875 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-35797 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-26630 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-35791 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-38619 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-26629 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-26720 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-42096 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-26946 | medium | — | 5.5 | 2y ago | Moderate: kernel security update |