CVEs from 2024
Total
6,606
critical
critical 174
high
high 1,069
medium
medium 2,083
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- mbed_tls 15
- operations_analytics_log_analysis 14
- surveillance_station 12
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- propertyhive 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-21198 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21218 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21196 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21193 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-11187 | high | — | 8.0 | 1y ago | Important: bind security update | |||
| CVE-2024-21247 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21238 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21236 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21212 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21219 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21199 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-21203 | high | — | 8.0 | 1y ago | RHSA-2025:1673: mysql:8.0 security update (Important) | |||
| CVE-2024-12705 | high | — | 8.0 | 1y ago | Important: bind9.18 security update | |||
| CVE-2024-12797 | high | — | 8.0 | 1y ago | Important: openssl security update | |||
| CVE-2024-11218 | high | — | 8.0 | 1y ago | RHSA-2025:1372: container-tools:rhel8 security update (Important) | |||
| CVE-2024-52531 | high | — | 8.0 | 1y ago | RHSA-2025:0838: libsoup security update (Important) | |||
| CVE-2024-46981 | high | — | 8.0 | 1y ago | Important: redis security update | |||
| CVE-2024-51741 | high | — | 8.0 | 1y ago | Important: redis:7 security update | |||
| CVE-2024-53263 | high | — | 8.0 | 1y ago | Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without ch… | |||
| CVE-2024-12085 | high | — | 8.0 | 1y ago | RHSA-2025:0325: rsync security update (Important) | |||
| CVE-2024-57823 | high | — | 8.0 | 1y ago | In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path(). | |||
| CVE-2024-56201 | high | — | 8.0 | 1y ago | Important: fence-agents security update | |||
| CVE-2024-56326 | high | — | 8.0 | 1y ago | RHSA-2025:0711: python-jinja2 security update (Important) | |||
| CVE-2024-53580 | high | — | 8.0 | 1y ago | RHSA-2025:0168: iperf3 security update (Important) | |||
| CVE-2024-11614 | high | — | 8.0 | 1y ago | RHSA-2025:0222: dpdk security update (Important) | |||
| CVE-2024-54505 | high | — | 8.0 | 1y ago | A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 1… | |||
| CVE-2024-54479 | high | — | 8.0 | 1y ago | The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing malici… | |||
| CVE-2024-54502 | high | — | 8.0 | 1y ago | The issue was addressed with improved checks. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing malici… | |||
| CVE-2024-50252 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2024-46713 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2024-53122 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2024-50208 | high | — | 8.0 | 1y ago | Important: kernel security update | |||
| CVE-2024-8508 | high | — | 8.0 | 2y ago | RHSA-2025:0837: unbound security update (Important) | |||
| CVE-2024-34156 | high | — | 8.0 | 2y ago | RHSA-2024:8038: container-tools:rhel8 security update (Important) | |||
| CVE-2024-10041 | high | — | 8.0 | 2y ago | RHSA-2024:10379: pam security update (Important) | |||
| CVE-2024-47538 | high | — | 8.0 | 2y ago | RHSA-2024:11345: gstreamer1-plugins-base security update (Important) | |||
| CVE-2024-47607 | high | — | 8.0 | 2y ago | RHSA-2024:11345: gstreamer1-plugins-base security update (Important) | |||
| CVE-2024-47615 | high | — | 8.0 | 2y ago | RHSA-2024:11345: gstreamer1-plugins-base security update (Important) | |||
| CVE-2024-47613 | high | — | 8.0 | 2y ago | GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in `gst_gdk_pixbuf_dec_flush` within `gstgdkpixbufdec.c`. Thi… | |||
| CVE-2024-47540 | high | — | 8.0 | 2y ago | GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function withi… | |||
| CVE-2024-47606 | high | — | 8.0 | 2y ago | GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability … | |||
| CVE-2024-47537 | high | — | 8.0 | 2y ago | GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_cou… | |||
| CVE-2024-47539 | high | — | 8.0 | 2y ago | GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerabil… | |||
| CVE-2024-9287 | high | — | 8.0 | 2y ago | A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands int… | |||
| CVE-2024-12254 | high | — | 8.0 | 2y ago | RHSA-2024:10980: python3.12 security update (Important) | |||
| CVE-2024-11168 | high | — | 8.0 | 2y ago | The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and poten… | |||
| CVE-2024-31449 | high | — | 8.0 | 2y ago | Important: redis security update | |||
| CVE-2024-31228 | high | — | 8.0 | 2y ago | Important: redis security update | |||
| CVE-2024-10979 | high | — | 8.0 | 2y ago | RHSA-2024:10832: postgresql:13 security update (Important) | |||
| CVE-2024-10976 | high | — | 8.0 | 2y ago | RHSA-2024:10832: postgresql:13 security update (Important) | |||
| CVE-2024-10978 | high | — | 8.0 | 2y ago | RHSA-2024:10832: postgresql:13 security update (Important) | |||
| CVE-2024-52804 | high | — | 8.0 | 2y ago | RHSA-2025:2872: pcs security update (Important) | |||
| CVE-2024-11695 | high | — | 8.0 | 2y ago | A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Fir… | |||
| CVE-2024-11699 | high | — | 8.0 | 2y ago | Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could… | |||
| CVE-2024-11692 | high | — | 8.0 | 2y ago | An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 12… | |||
| CVE-2024-11697 | high | — | 8.0 | 2y ago | When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vul… | |||
| CVE-2024-11696 | high | — | 8.0 | 2y ago | The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest… | |||
| CVE-2024-11694 | high | — | 8.0 | 2y ago | Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue c… | |||
| CVE-2024-11159 | high | — | 8.0 | 2y ago | RHSA-2024:10591: thunderbird security update (Important) | |||
| CVE-2024-52336 | high | — | 8.0 | 2y ago | Important: tuned security update | |||
| CVE-2024-10963 | high | — | 8.0 | 2y ago | RHSA-2024:10379: pam security update (Important) | |||
| CVE-2024-53899 | high | — | 8.0 | 2y ago | virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same… | |||
| CVE-2024-9632 | high | — | 8.0 | 2y ago | A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payloa… | |||
| CVE-2024-45802 | high | — | 8.0 | 2y ago | RHSA-2024:9644: squid:4 security update (Important) | |||
| CVE-2024-52530 | high | — | 8.0 | 2y ago | RHSA-2024:9573: libsoup security update (Important) | |||
| CVE-2024-9050 | high | — | 8.0 | 2y ago | RHSA-2024:8353: NetworkManager-libreswan security update (Important) | |||
| CVE-2024-43498 | high | — | 8.0 | 2y ago | Important: .NET 9.0 security update | |||
| CVE-2024-52532 | high | — | 8.0 | 2y ago | RHSA-2024:9573: libsoup security update (Important) | |||
| CVE-2024-44244 | high | — | 8.0 | 2y ago | A memory corruption issue was addressed with improved input validation. This issue is fixed in Safari 18.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Proces… | |||
| CVE-2024-44296 | high | — | 8.0 | 2y ago | The issue was addressed with improved checks. This issue is fixed in Safari 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1, macOS Sequoia 15.1, tvOS 18.1, visionOS 2.1, watchOS 11.1. Pr… | |||
| CVE-2024-43499 | high | — | 8.0 | 2y ago | Important: .NET 9.0 security update | |||
| CVE-2024-42237 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff… | |||
| CVE-2024-27010 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet is mirr… | |||
| CVE-2024-27011 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak in map from abort path The delete set command does not rely on the transaction object for eleme… | |||
| CVE-2024-26939 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free … | |||
| CVE-2024-26704 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves a… | |||
| CVE-2024-26656 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver… | |||
| CVE-2024-26846 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'le… | |||
| CVE-2024-39471 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should be stop to … | |||
| CVE-2024-39276 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Syzbot reports a warning as follows: =================… | |||
| CVE-2024-26837 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, generation of the list of MDB events t… | |||
| CVE-2024-36945 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix neighbour and rtable leak in smc_ib_find_route() In smc_ib_find_route(), the neighbour found by neigh_lookup() and r… | |||
| CVE-2024-27042 | high | — | 8.0 | 2y ago | RHSA-2024:7001: kernel-rt security update (Important) | |||
| CVE-2024-39501 | high | — | 8.0 | 2y ago | RHSA-2024:7001: kernel-rt security update (Important) | |||
| CVE-2024-38581 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix the ramdom use-after-free issue. v2: move to amdgpu_… | |||
| CVE-2024-41056 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Use strnlen() instead of strlen() on the algorithm and coefficien… | |||
| CVE-2024-36920 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Avoid memcpy field-spanning write WARNING When the "storcli2 show" command is executed for eHBA-9600, mpi3mr driver… | |||
| CVE-2024-38627 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which free… | |||
| CVE-2024-42238 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Return error if block header overflows file Return an error from cs_dsp_power_up() if a block header is longer … | |||
| CVE-2024-39499 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in event_deliver() Coverity spotted that event_msg is controlled by user-spac… | |||
| CVE-2024-26840 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix memory leak in cachefiles_add_cache() The following memory leak was reported after unbinding /dev/cachefiles: ==… | |||
| CVE-2024-41039 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw he… | |||
| CVE-2024-41038 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into t… | |||
| CVE-2024-31076 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiv… | |||
| CVE-2024-42226 | high | — | 8.0 | 2y ago | RHSA-2024:7001: kernel-rt security update (Important) | |||
| CVE-2024-26638 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg->msg_get_inq value can be uninitialized [1] struct msg… | |||
| CVE-2024-36927 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in __ip_make_skb() KMSAN reported uninit-value access in __ip_make_skb() [1]. __ip_make_skb() test… | |||
| CVE-2024-36010 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: igb: Fix string truncation warnings in igb_set_fw_version Commit 1978d3ead82c ("intel: fix string truncation warnings") fixes '-W… | |||
| CVE-2024-26740 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: use the backlog for mirred ingress The test Davide added in commit ca22da2fbd69 ("act_mirred: use the back… | |||
| CVE-2024-26717 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid-of: fix NULL-deref on failed power up A while back the I2C HID implementation was split in an ACPI and OF part, but … |