CVEs from 2024
Total
6,593
critical
critical 174
high
high 1,069
medium
medium 2,083
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- mbed_tls 15
- operations_analytics_log_analysis 14
- surveillance_station 12
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-35861 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Skip sessions that are being teared down (status == SES_EXITI… | |||
| CVE-2024-26838 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix KASAN issue with tasklet KASAN testing revealed the following issue assocated with freeing an IRQ. [50006.466686… | |||
| CVE-2024-26835 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: set dormant flag on hook register failure We need to set the dormant flag again if we fail to register the … | |||
| CVE-2024-36882 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mm: use memalloc_nofs_save() in page_cache_ra_order() See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"), e… | |||
| CVE-2024-35859 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: block: fix module reference leakage from bdev_open_by_dev error path At the time bdev_may_open() is called, module reference is g… | |||
| CVE-2024-26803 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: veth: clear GRO when clearing XDP even when down veth sets NETIF_F_GRO automatically when XDP is enabled, because both featu… | |||
| CVE-2024-26786 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix iopt_access_list_id overwrite bug Syzkaller reported the following WARN_ON: WARNING: CPU: 1 PID: 4738 at drivers/i… | |||
| CVE-2024-26785 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix protection fault in iommufd_test_syz_conv_iova Syzkaller reported the following bug: general protection fault, pr… | |||
| CVE-2024-26782 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. Howev… | |||
| CVE-2024-26774 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Determine if bb_fragments is 0 instead of de… | |||
| CVE-2024-26767 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed integer types and null check locations [why]: issues fixed: - comparison with wider integer type in loop c… | |||
| CVE-2024-26761 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window The Linux CXL subsystem is built on the assumption… | |||
| CVE-2024-26758 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: md: Don't ignore suspended array in md_check_recovery() mddev_suspend() never stop sync_thread, hence it doesn't make sense to ig… | |||
| CVE-2024-9676 | medium | — | 5.5 | 2y ago | RHSA-2024:10289: container-tools:rhel8 security update (Moderate) | |||
| CVE-2024-50210 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the cloc… | |||
| CVE-2024-50205 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() The step variable is initialized to zero. It is changed … | |||
| CVE-2024-50188 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83869: fix memory corruption when enabling fiber When configuring the fiber port, the DP83869 PHY driver incorrectly … | |||
| CVE-2024-50134 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Replace the fake VLA at end of the vbva_mouse_po… | |||
| CVE-2024-50095 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mad: Improve handling of timed out WRs of mad agent Current timeout handler of mad agent acquires/releases mad_agent_priv lo… | |||
| CVE-2024-43880 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_erp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM (A-TCAM… | |||
| CVE-2024-7006 | medium | — | 5.5 | 2y ago | RHSA-2024:8833: libtiff security update (Moderate) | |||
| CVE-2024-41066 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: … | |||
| CVE-2024-21510 | medium | — | 5.5 | 2y ago | RHSA-2024:10987: pcs security update (Moderate) | |||
| CVE-2024-10460 | medium | — | 5.5 | 2y ago | The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, an… | |||
| CVE-2024-10461 | medium | — | 5.5 | 2y ago | In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affe… | |||
| CVE-2024-10462 | medium | — | 5.5 | 2y ago | Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | |||
| CVE-2024-10463 | medium | — | 5.5 | 2y ago | Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. | |||
| CVE-2024-10464 | medium | — | 5.5 | 2y ago | Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerabi… | |||
| CVE-2024-10465 | medium | — | 5.5 | 2y ago | A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. | |||
| CVE-2024-10466 | medium | — | 5.5 | 2y ago | By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 12… | |||
| CVE-2024-10467 | medium | — | 5.5 | 2y ago | Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could… | |||
| CVE-2024-10458 | medium | — | 5.5 | 2y ago | A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, T… | |||
| CVE-2024-10459 | medium | — | 5.5 | 2y ago | An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR <… | |||
| CVE-2024-26826 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-2201 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-26640 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40998 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-26935 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-36244 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-39472 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40904 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40931 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40972 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40977 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-41013 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-41014 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-39504 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40995 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40960 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-49761 | medium | — | 5.5 | 2y ago | RHSA-2025:11047: pcs security update (Moderate) | |||
| CVE-2024-49767 | medium | — | 5.5 | 2y ago | Werkzeug possible resource exhaustion when parsing file data in forms | |||
| CVE-2024-6232 | medium | — | 5.5 | 2y ago | Moderate: python3.12 security update | |||
| CVE-2024-50045 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: fix panic with metadata_dst skb Fix a kernel panic in the br_netfilter module when sending untagged traf… | |||
| CVE-2024-50040 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal") changed … | |||
| CVE-2024-50012 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on CPU node In the parse_perf_domain function, if the call to of_parse_phandle_with_args ret… | |||
| CVE-2024-50001 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix error path in multi-packet WQE transmit Remove the erroneous unmap in case no DMA mapping was established The mult… | |||
| CVE-2024-49955 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new batter… | |||
| CVE-2024-49952 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption syzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write per-cpu v… | |||
| CVE-2024-49944 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start In sctp_listen_start() invoked by sctp_inet_listen(), it… | |||
| CVE-2024-49925 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use o… | |||
| CVE-2024-49902 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: jfs: check if leafidx greater than num leaves per dmap tree syzbot report a out of bounds in dbSplit, it because dmt_leafidx grea… | |||
| CVE-2024-49892 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize get_bytes_per_element's default to 1 Variables, used as denominators and maybe not assigned to other … | |||
| CVE-2024-49890 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: ensure the fw_info is not null before using it This resolves the dereference null return value warning reported by Co… | |||
| CVE-2024-47735 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled Fix missuse of spin_lock_irq()/spin_unlock_irq() when spin_lock_i… | |||
| CVE-2024-47709 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). syzbot reported a warning in bcm_release(). [0] The blamed change f… | |||
| CVE-2024-47707 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Blamed commit accidentally removed a check for rt->rt6i_idev bei… | |||
| CVE-2024-47704 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_res->hpo_dp_link_enc before using it [WHAT & HOW] Functions dp_enable_link_phy and dp_disable_link_ph… | |||
| CVE-2024-47699 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() Patch series "nilfs2: fix potential issues with empty b-tree nodes".… | |||
| CVE-2024-47684 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: check skb is non-NULL in tcp_rto_delta_us() We have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-gene… | |||
| CVE-2024-27403 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-21235 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2024-42079 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-42284 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-35989 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-21208 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2024-21210 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2024-21217 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2024-36889 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-38556 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-42272 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-39483 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40959 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-42934 | medium | — | 5.5 | 2y ago | Moderate: OpenIPMI security update | |||
| CVE-2024-46544 | medium | — | 5.5 | 2y ago | Moderate: mod_jk bug fix update | |||
| CVE-2024-40984 | medium | 5.5 | 5.5 | 2y ago | Important: kernel security update | |||
| CVE-2024-35895 | medium | 5.5 | 5.5 | 2y ago | Important: kernel security update | |||
| CVE-2024-38615 | medium | 5.5 | 5.5 | 2y ago | Important: kernel security update | |||
| CVE-2024-24791 | medium | — | 5.5 | 2y ago | RHSA-2024:7349: grafana security update (Moderate) | |||
| CVE-2024-46770 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ice: Add netif_device_attach/detach into PF reset flow Ethtool callbacks can be executed while reset is in progress and try to ac… | |||
| CVE-2024-7383 | medium | — | 5.5 | 2y ago | RHSA-2024:6964: virt:rhel and virt-devel:rhel security update (Moderate) | |||
| CVE-2024-6602 | medium | — | 5.5 | 2y ago | A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||
| CVE-2024-41044 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-26630 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-26629 | medium | 5.5 | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-26720 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-26946 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-35791 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-36019 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-36883 | medium | — | 5.5 | 2y ago | Moderate: kernel security update | |||
| CVE-2024-40936 | medium | — | 5.5 | 2y ago | Moderate: kernel security update |