CVEs from 2024
Total
6,620
critical
critical 168
high
high 1,065
medium
medium 2,078
low
low 49
% Critical
2.5%
% with KEV
2.5%
% with exploit
3.4%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- propertyhive 5
- glibc 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-2307 | medium | — | 5.5 | 2y ago | RHSA-2024:2961: Image builder components bug fix, enhancement and security update (Moderate) | |||
| CVE-2024-24786 | medium | — | 5.5 | 2y ago | RHSA-2024:4246: container-tools security update (Moderate) | |||
| CVE-2024-0727 | medium | 5.5 | 5.5 | 2y ago | Low: openssl and openssl-fips-provider security update | |||
| CVE-2024-24258 | medium | — | 5.5 | 2y ago | Moderate: freeglut security update | |||
| CVE-2024-24259 | medium | — | 5.5 | 2y ago | Moderate: freeglut security update | |||
| CVE-2024-1481 | medium | — | 5.5 | 2y ago | RHSA-2024:3044: idm:DL1 security update (Moderate) | |||
| CVE-2024-1048 | medium | — | 5.5 | 2y ago | Moderate: grub2 security update | |||
| CVE-2024-2494 | medium | — | 5.5 | 2y ago | RHSA-2024:3253: virt:rhel and virt-devel:rhel security update (Moderate) | |||
| CVE-2024-28180 | medium | — | 5.5 | 2y ago | RHSA-2024:3968: container-tools:rhel8 bug fix and enhancement update (Moderate) | |||
| CVE-2024-2496 | medium | — | 5.5 | 2y ago | Moderate: libvirt security update | |||
| CVE-2024-0409 | medium | — | 5.5 | 2y ago | A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiat… | |||
| CVE-2024-22195 | medium | — | 5.5 | 2y ago | Moderate: fence-agents security and bug fix update | |||
| CVE-2024-0408 | medium | — | 5.5 | 2y ago | A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (… | |||
| CVE-2024-28102 | medium | — | 5.5 | 2y ago | RHSA-2024:3267: idm:DL1 and idm:client security update (Moderate) | |||
| CVE-2024-0690 | medium | — | 5.5 | 2y ago | RHSA-2024:3043: ansible-core bug fix, enhancement, and security update (Moderate) | |||
| CVE-2024-25580 | medium | — | 5.5 | 2y ago | An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occu… | |||
| CVE-2024-26830 | medium | — | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: i40e: Do not allow untrusted VF to remove administratively set MAC Currently when PF administratively sets VF's MAC address and t… | |||
| CVE-2024-1441 | medium | — | 5.5 | 2y ago | Moderate: libvirt security and bug fix update | |||
| CVE-2024-24783 | medium | — | 5.5 | 2y ago | RHSA-2024:6969: container-tools:rhel8 security update (Moderate) | |||
| CVE-2024-2357 | medium | — | 5.5 | 2y ago | RHSA-2024:1998: libreswan security update (Moderate) | |||
| CVE-2024-21012 | medium | — | 5.5 | 2y ago | RHSA-2024:1828: java-21-openjdk security update (Moderate) | |||
| CVE-2024-31229 | medium | 5.5 | 5.5 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.This issue affects Really Simple SSL: from n/a through 7.2.3. | |||
| CVE-2024-21068 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2024-28835 | medium | — | 5.5 | 2y ago | Moderate: gnutls security update | |||
| CVE-2024-28834 | medium | — | 5.5 | 2y ago | RHSA-2024:1784: gnutls security update (Moderate) | |||
| CVE-2024-21011 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2024-21085 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2024-26891 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hot… | |||
| CVE-2024-26877 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering t… | |||
| CVE-2024-26851 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: Add protection for bmp length out of range UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:… | |||
| CVE-2024-26820 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE… | |||
| CVE-2024-26816 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes s… | |||
| CVE-2024-26795 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: riscv: Sparse-Memory/vmemmap out-of-bounds fix Offset vmemmap so that the first page of vmemmap will be mapped to the first page … | |||
| CVE-2024-26787 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: … | |||
| CVE-2024-28219 | medium | — | 5.5 | 2y ago | RHSA-2024:4227: python-pillow security update (Moderate) | |||
| CVE-2024-26659 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ow… | |||
| CVE-2024-26651 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to tran… | |||
| CVE-2024-0743 | medium | — | 5.5 | 2y ago | An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||
| CVE-2024-2607 | medium | — | 5.5 | 2y ago | Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulner… | |||
| CVE-2024-2608 | medium | — | 5.5 | 2y ago | `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an … | |||
| CVE-2024-2610 | medium | — | 5.5 | 2y ago | Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.… | |||
| CVE-2024-2611 | medium | — | 5.5 | 2y ago | A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunder… | |||
| CVE-2024-2612 | medium | — | 5.5 | 2y ago | If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Fi… | |||
| CVE-2024-2614 | medium | — | 5.5 | 2y ago | Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could… | |||
| CVE-2024-1936 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-27280 | medium | — | 5.5 | 2y ago | RHSA-2024:4499: ruby security update (Moderate) | |||
| CVE-2024-27281 | medium | — | 5.5 | 2y ago | RHSA-2024:4499: ruby security update (Moderate) | |||
| CVE-2024-29141 | medium | 5.5 | 5.5 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PDF Embedder allows Stored XSS.This issue affects PDF Embedder: from n/a through 4.6.4. | |||
| CVE-2024-21392 | medium | — | 5.5 | 2y ago | RHSA-2024:1311: .NET 8.0 security update (Moderate) | |||
| CVE-2024-0914 | medium | — | 5.5 | 2y ago | Moderate: opencryptoki security update | |||
| CVE-2024-20973 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21137 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21057 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20977 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21056 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20970 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21200 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20974 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21050 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20971 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21051 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21052 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-23301 | medium | — | 5.5 | 2y ago | RHSA-2024:1719: rear security update (Moderate) | |||
| CVE-2024-20968 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20972 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20969 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20967 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20965 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20964 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20966 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20963 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20961 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20962 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20960 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21053 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21055 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21061 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21049 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20982 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20993 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20985 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20981 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20983 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20978 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20984 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20976 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-26596 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events After the blamed commit, we started doing this d… | |||
| CVE-2024-26141 | medium | — | 5.5 | 2y ago | RHSA-2024:2953: pcs security update (Moderate) | |||
| CVE-2024-25126 | medium | — | 5.5 | 2y ago | RHSA-2024:2953: pcs security update (Moderate) | |||
| CVE-2024-26146 | medium | — | 5.5 | 2y ago | RHSA-2024:2953: pcs security update (Moderate) | |||
| CVE-2024-23650 | medium | — | 5.5 | 2y ago | RHSA-2024:2988: container-tools:rhel8 security update (Moderate) | |||
| CVE-2024-0567 | medium | — | 5.5 | 2y ago | Moderate: gnutls security update | |||
| CVE-2024-0553 | medium | — | 5.5 | 2y ago | RHSA-2024:0627: gnutls security update (Moderate) | |||
| CVE-2024-21094 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2024-33724 | medium | 5.4 | 5.4 | 28d ago | SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php. | |||
| CVE-2024-11831 | medium | 5.4 | 5.4 | 1y ago | A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object type… | |||
| CVE-2024-37925 | medium | 5.4 | 5.4 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in BUDDYBOSS LLC BuddyBoss Theme allows Cross Site Request Forgery.This issue affects BuddyBoss Theme: from n/a through 2.4.61. | |||
| CVE-2024-37438 | medium | 5.4 | 5.4 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a befor… | |||
| CVE-2024-11321 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS. This issue affects L… | |||
| CVE-2024-49665 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Web Bricks Web Bricks Addons for Elementor allows Stored XSS.This issue affects Web Bricks… |