CVEs from 2024
Total
6,592
critical
critical 174
high
high 1,069
medium
medium 2,083
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- mbed_tls 15
- operations_analytics_log_analysis 14
- surveillance_station 12
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-38014 | unknown | — | 1.5 | 2y ago | Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges. | |||
| CVE-2024-38217 | unknown | — | 1.5 | 2y ago | Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity an… | |||
| CVE-2024-40766 | unknown | — | 1.5 | 2y ago | SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash. | |||
| CVE-2024-7262 | unknown | — | 1.5 | 2y ago | Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library. | |||
| CVE-2024-7965 | unknown | — | 1.5 | 2y ago | Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2024-7971 | unknown | — | 1.5 | 2y ago | Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2024-39717 | unknown | — | 1.5 | 2y ago | The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privil… | |||
| CVE-2024-28986 | unknown | — | 1.5 | 2y ago | SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution. | |||
| CVE-2024-38213 | unknown | — | 1.5 | 2y ago | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file. | |||
| CVE-2024-38107 | unknown | — | 1.5 | 2y ago | Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges. | |||
| CVE-2024-38106 | unknown | — | 1.5 | 2y ago | Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability… | |||
| CVE-2024-38189 | unknown | — | 1.5 | 2y ago | Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file. | |||
| CVE-2024-38178 | unknown | — | 1.5 | 2y ago | Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL. | |||
| CVE-2024-37085 | unknown | — | 1.5 | 2y ago | VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to… | |||
| CVE-2024-5217 | unknown | — | 1.5 | 2y ago | ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could explo… | |||
| CVE-2024-39891 | unknown | — | 1.5 | 2y ago | Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about wheth… | |||
| CVE-2024-38112 | unknown | — | 1.5 | 2y ago | Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability. | |||
| CVE-2024-38080 | unknown | — | 1.5 | 2y ago | Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges. | |||
| CVE-2024-20399 | unknown | — | 1.5 | 2y ago | Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating sy… | |||
| CVE-2024-26169 | unknown | — | 1.5 | 2y ago | Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges. | |||
| CVE-2024-32896 | unknown | — | 1.5 | 2y ago | Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation. | |||
| CVE-2024-4610 | unknown | — | 1.5 | 2y ago | Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already … | |||
| CVE-2024-4978 | unknown | — | 1.5 | 2y ago | Justice AV Solutions (JAVS) Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe (SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4). When run, this c… | |||
| CVE-2024-5274 | unknown | — | 1.5 | 2y ago | Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2024-4947 | unknown | — | 1.5 | 2y ago | Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2024-4761 | unknown | — | 1.5 | 2y ago | Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2024-30051 | unknown | — | 1.5 | 2y ago | Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges. | |||
| CVE-2024-30040 | unknown | — | 1.5 | 2y ago | Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass. | |||
| CVE-2024-4671 | unknown | — | 1.5 | 2y ago | Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. … | |||
| CVE-2024-29988 | unknown | — | 1.5 | 2y ago | Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-388… | |||
| CVE-2024-20353 | unknown | — | 1.5 | 2y ago | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition. | |||
| CVE-2024-20359 | unknown | — | 1.5 | 2y ago | Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root. | |||
| CVE-2024-3273 | unknown | — | 1.5 | 2y ago | D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution. | |||
| CVE-2024-3272 | unknown | — | 1.5 | 2y ago | D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. | |||
| CVE-2024-29745 | unknown | — | 1.5 | 2y ago | Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices. | |||
| CVE-2024-29748 | unknown | — | 1.5 | 2y ago | Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app. | |||
| CVE-2024-23225 | unknown | — | 1.5 | 2y ago | Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory … | |||
| CVE-2024-23296 | unknown | — | 1.5 | 2y ago | Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. | |||
| CVE-2024-21410 | unknown | — | 1.5 | 2y ago | Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. | |||
| CVE-2024-21351 | unknown | — | 1.5 | 2y ago | Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, wh… | |||
| CVE-2024-21412 | unknown | — | 1.5 | 2y ago | Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass. | |||
| CVE-2024-21762 | unknown | — | 1.5 | 2y ago | Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests. | |||
| CVE-2024-0519 | unknown | — | 1.5 | 2y ago | Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2024-6782 | unknown | — | 1.0 | — | Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. | |||
| CVE-2024-8517 | unknown | — | 1.0 | — | SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipar… | |||
| CVE-2024-51774 | unknown | — | 1.0 | — | qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors. | |||
| CVE-2024-7954 | unknown | — | 1.0 | — | The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP … | |||
| CVE-2024-41947 | unknown | — | 1.0 | 2y ago | XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution | |||
| CVE-2024-23334 | unknown | — | 1.0 | 2y ago | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static f… | |||
| CVE-2024-26936 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate request buffer size in smb2_allocate_rsp_buf() The response buffer should be allocated in smb2_allocate_rsp_buf b… | |||
| CVE-2024-56768 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP disab… | |||
| CVE-2024-56767 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will… | |||
| CVE-2024-26943 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: handle kcalloc() allocation failure The kcalloc() in nouveau_dmem_evict_chunk() will return null if the physical me… | |||
| CVE-2024-26954 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() If ->NameOffset of smb2_create_req is smaller than Buffer offset of smb… | |||
| CVE-2024-56766 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() t… | |||
| CVE-2024-26948 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add a dc_state NULL check in dc_state_release [How] Check wheather state is NULL before releasing it. | |||
| CVE-2024-26949 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Because powerplay_table initialization is skipped under sriov ca… | |||
| CVE-2024-56764 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ublk: detach gendisk from ublk device if add_disk() fails Inside ublk_abort_requests(), gendisk is grabbed for aborting all infli… | |||
| CVE-2024-56765 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close() callback in vas_vm_ops struct The mapping VMA address is saved in VAS window struct when the pas… | |||
| CVE-2024-56763 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user… | |||
| CVE-2024-26959 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix btnxpuart_close Fix scheduling while atomic BUG in btnxpuart_close(), properly purge the transmit queue… | |||
| CVE-2024-56761 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into WAIT… | |||
| CVE-2024-56759 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we h… | |||
| CVE-2024-49852 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() The kref_put() function will call nport->release if the … | |||
| CVE-2024-49855 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nbd: fix race between timeout and normal completion If request timetout is handled by nbd_requeue_cmd(), normal completion has to… | |||
| CVE-2024-49858 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption The TPM event log table is a Linux specific construct, whe… | |||
| CVE-2024-49869 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Starting with commit c0247d289e73 ("btrfs: send: anno… | |||
| CVE-2024-49866 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled … | |||
| CVE-2024-49877 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate When doing cleanup, if flags without OCFS2_BH_READAHEAD, it may t… | |||
| CVE-2024-49976 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Drop interface_lock in stop_kthread() stop_kthread() is the offline callback for "trace/osnoise:online", since … | |||
| CVE-2024-49979 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: gso: fix tcp fraglist segmentation after pull from frag_list Detect tcp gso fraglist skbs with corrupted geometry (see below… | |||
| CVE-2024-49986 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors x86_android_tablet_remove() frees the … | |||
| CVE-2024-49989 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix double free issue during amdgpu module unload Flexible endpoints use DIGs from available inflexible endpoint… | |||
| CVE-2024-49992 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/stm: Avoid use-after-free issues with crtc and plane ltdc_load() calls functions drm_crtc_init_with_planes(), drm_universal_p… | |||
| CVE-2024-49996 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So … | |||
| CVE-2024-50005 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mac802154: Fix potential RCU dereference issue in mac802154_scan_worker In the `mac802154_scan_worker` function, the `scan_req->t… | |||
| CVE-2024-50007 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores some values in the static array upon a response from the driver… | |||
| CVE-2024-50069 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned val… | |||
| CVE-2024-50072 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was execu… | |||
| CVE-2024-50086 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup. It will … | |||
| CVE-2024-50084 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() Commit a3c1e45156ad ("net: microchip: vcap: Fix use-aft… | |||
| CVE-2024-50087 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free on read_alloc_one_name() error The function read_alloc_one_name() does not initialize the n… | |||
| CVE-2024-50091 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dm vdo: don't refer to dedupe_context after releasing it Clear the dedupe_context pointer in a data_vio whenever ownership of the… | |||
| CVE-2024-50092 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: netconsole: fix wrong warning A warning is triggered when there is insufficient space in the buffer for userdata. However, t… | |||
| CVE-2024-50094 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sfc: Don't invoke xdp_do_flush() from netpoll. Yury reported a crash in the sfc driver originated from netpoll_send_udp(). The ne… | |||
| CVE-2024-50105 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc Commit 15c7fab0e047 ("ASoC: qcom: Move Soundwire runtime stream al… | |||
| CVE-2024-50108 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API vide… | |||
| CVE-2024-50116 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of buffer delay flag Syzbot reported that after nilfs2 reads a corrupted file syst… | |||
| CVE-2024-50112 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: x86/lam: Disable ADDRESS_MASKING in most cases Linear Address Masking (LAM) has a weakness related to transient execution as desc… | |||
| CVE-2024-50113 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix invalid port index for parent device In a commit 24b7f8e5cd65 ("firewire: core: use helper functions for self… | |||
| CVE-2024-50158 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix out of bound check Driver exports pacing stats only on GenP5 and P7 adapters. But while parsing the pacing stat… | |||
| CVE-2024-50176 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: remoteproc: k3-r5: Fix error handling when power-up failed By simply bailing out, the driver was violating its rule and internal … | |||
| CVE-2024-50165 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve param->string when parsing mount options In bpf_parse_param(), keep the value of param->string intact so it can be … | |||
| CVE-2024-50167 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: be2net: fix potential memory leak in be_xmit() The be_xmit() returns NETDEV_TX_OK without freeing skb in case of be_xmit_enqueue(… | |||
| CVE-2024-50174 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race when converting group handle to group object XArray provides it's own internal lock which protects the inte… | |||
| CVE-2024-50170 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix potential memory leak in bcmasp_xmit() The bcmasp_xmit() returns NETDEV_TX_OK without freeing skb in case of map… | |||
| CVE-2024-50172 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a possible memory leak In bnxt_re_setup_chip_ctx() when bnxt_qplib_map_db_bar() fails driver is not freeing the… | |||
| CVE-2024-13745 | unknown | — | — | — | ||||
| CVE-2024-50173 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup() The group variable can't be used to retrieve ptdev in our… | |||
| CVE-2024-50175 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: Remove use_count guard in stop_streaming The use_count check was introduced so that multiple concurrent Raw D… |