CVEs from 2024
Total
6,583
critical
critical 174
high
high 1,069
medium
medium 2,083
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- mbed_tls 15
- operations_analytics_log_analysis 14
- surveillance_station 12
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-21011 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2024-28834 | medium | — | 5.5 | 2y ago | RHSA-2024:1784: gnutls security update (Moderate) | |||
| CVE-2024-26891 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hot… | |||
| CVE-2024-26877 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering t… | |||
| CVE-2024-26851 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: Add protection for bmp length out of range UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:… | |||
| CVE-2024-26820 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE… | |||
| CVE-2024-26816 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes s… | |||
| CVE-2024-26795 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: riscv: Sparse-Memory/vmemmap out-of-bounds fix Offset vmemmap so that the first page of vmemmap will be mapped to the first page … | |||
| CVE-2024-26787 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: … | |||
| CVE-2024-28219 | medium | — | 5.5 | 2y ago | RHSA-2024:4227: python-pillow security update (Moderate) | |||
| CVE-2024-26659 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ow… | |||
| CVE-2024-26651 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to tran… | |||
| CVE-2024-2612 | medium | — | 5.5 | 2y ago | If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Fi… | |||
| CVE-2024-2611 | medium | — | 5.5 | 2y ago | A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunder… | |||
| CVE-2024-0743 | medium | — | 5.5 | 2y ago | An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9. | |||
| CVE-2024-2608 | medium | — | 5.5 | 2y ago | `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an … | |||
| CVE-2024-2607 | medium | — | 5.5 | 2y ago | Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulner… | |||
| CVE-2024-1936 | medium | — | 5.5 | 2y ago | RHSA-2024:1494: thunderbird security update (Moderate) | |||
| CVE-2024-2614 | medium | — | 5.5 | 2y ago | Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could… | |||
| CVE-2024-2610 | medium | — | 5.5 | 2y ago | Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.… | |||
| CVE-2024-27280 | medium | — | 5.5 | 2y ago | RHSA-2024:4499: ruby security update (Moderate) | |||
| CVE-2024-27281 | medium | — | 5.5 | 2y ago | RHSA-2024:4499: ruby security update (Moderate) | |||
| CVE-2024-29141 | medium | 5.5 | 5.5 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PDF Embedder allows Stored XSS.This issue affects PDF Embedder: from n/a through 4.6.4. | |||
| CVE-2024-21392 | medium | — | 5.5 | 2y ago | RHSA-2024:1311: .NET 8.0 security update (Moderate) | |||
| CVE-2024-0914 | medium | — | 5.5 | 2y ago | Moderate: opencryptoki security update | |||
| CVE-2024-21057 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21061 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21053 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21052 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21051 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20993 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20982 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20977 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21200 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21050 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20983 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21055 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20976 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20969 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20965 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20966 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20962 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20960 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20970 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21056 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20981 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20973 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21049 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20961 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20964 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20963 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20967 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20984 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20978 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20971 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20985 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20972 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20968 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-21137 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-20974 | medium | — | 5.5 | 2y ago | RHSA-2024:0894: mysql:8.0 security update (Moderate) | |||
| CVE-2024-23301 | medium | — | 5.5 | 2y ago | RHSA-2024:1719: rear security update (Moderate) | |||
| CVE-2024-26596 | medium | 5.5 | 5.5 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events After the blamed commit, we started doing this d… | |||
| CVE-2024-26141 | medium | — | 5.5 | 2y ago | RHSA-2024:2953: pcs security update (Moderate) | |||
| CVE-2024-25126 | medium | — | 5.5 | 2y ago | RHSA-2024:2953: pcs security update (Moderate) | |||
| CVE-2024-26146 | medium | — | 5.5 | 2y ago | RHSA-2024:2953: pcs security update (Moderate) | |||
| CVE-2024-23650 | medium | — | 5.5 | 2y ago | Moderate: container-tools:rhel8 security update | |||
| CVE-2024-23170 | medium | 5.5 | 5.5 | 2y ago | An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to re… | |||
| CVE-2024-0567 | medium | — | 5.5 | 2y ago | Moderate: gnutls security update | |||
| CVE-2024-0553 | medium | — | 5.5 | 2y ago | RHSA-2024:0627: gnutls security update (Moderate) | |||
| CVE-2024-21094 | medium | — | 5.5 | 2y ago | Moderate: java-1.8.0-openjdk security update | |||
| CVE-2024-33724 | medium | 5.4 | 5.4 | 1mo ago | SOPlanning 1.52.00 is vulnerable to Cross Site Scripting (XSS) via the groupe_id parameter to process/groupe_save.php. | |||
| CVE-2024-11831 | medium | 5.4 | 5.4 | 1y ago | A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object type… | |||
| CVE-2024-37925 | medium | 5.4 | 5.4 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in BUDDYBOSS LLC BuddyBoss Theme allows Cross Site Request Forgery.This issue affects BuddyBoss Theme: from n/a through 2.4.61. | |||
| CVE-2024-37438 | medium | 5.4 | 5.4 | 1y ago | Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a befor… | |||
| CVE-2024-11321 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS. This issue affects L… | |||
| CVE-2024-49665 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Web Bricks Web Bricks Addons for Elementor allows Stored XSS.This issue affects Web Bricks… | |||
| CVE-2024-8608 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Oceanic Software ValeApp allows Stored XSS. This issue affects ValeApp: before v2.0.0. | |||
| CVE-2024-5959 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Eliz Software Panel allows Stored XSS. This issue affects Panel: before v2.3.24. | |||
| CVE-2024-37229 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AuburnForest Blogmentor – Blog Layouts for Elementor allows Stored XSS.This issue affects … | |||
| CVE-2024-37959 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Atlas Public Policy Power BI Embedded for WordPress allows Stored XSS.This issue affects P… | |||
| CVE-2024-4754 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Stored XSS. This issue aff… | |||
| CVE-2024-34443 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: f… | |||
| CVE-2024-35167 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo's Elementor Templates & Widgets for WooCommerce allows Stored XSS.This issue affe… | |||
| CVE-2024-34816 | medium | 5.4 | 5.4 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8. | |||
| CVE-2024-34445 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor… | |||
| CVE-2024-34436 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes SKT Addons for Elementor allows Stored XSS.This issue affects SKT Addons for Elementor… | |||
| CVE-2024-34432 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BetterAddons Better Elementor Addons better-elementor-addons allows Stored XSS.This issue affects… | |||
| CVE-2024-34547 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For El… | |||
| CVE-2024-34566 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Conte… | |||
| CVE-2024-34562 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Element… | |||
| CVE-2024-34381 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PropertyHive allows Stored XSS.This issue affects PropertyHive: from n/a through 2.0.10. | |||
| CVE-2024-34374 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady… | |||
| CVE-2024-33588 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.… | |||
| CVE-2024-33636 | medium | 5.4 | 5.4 | 2y ago | Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through 1.0.1. | |||
| CVE-2024-33641 | medium | 5.4 | 5.4 | 2y ago | Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through 0.3. | |||
| CVE-2024-33634 | medium | 5.4 | 5.4 | 2y ago | Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. | |||
| CVE-2024-33632 | medium | 5.4 | 5.4 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. | |||
| CVE-2024-33539 | medium | 5.4 | 5.4 | 2y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor (Templates, Widgets) allows Stored XSS.This issue affects WPZO… | |||
| CVE-2024-33682 | medium | 5.4 | 5.4 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23. | |||
| CVE-2024-33680 | medium | 5.4 | 5.4 | 2y ago | Cross-Site Request Forgery (CSRF) vulnerability in MainWP MainWP Child Reports.This issue affects MainWP Child Reports: from n/a through 2.1.1. |