CVEs from 2024
Total
6,622
critical
critical 169
high
high 1,066
medium
medium 2,079
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- propertyhive 5
- glibc 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-1737 | high | — | 8.0 | 2y ago | RHSA-2024:5524: bind security update (Important) | |||
| CVE-2024-4076 | high | — | 8.0 | 2y ago | RHSA-2024:5390: bind9.16 security update (Important) | |||
| CVE-2024-26868 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-6345 | high | — | 8.0 | 2y ago | Important: fence-agents security update | |||
| CVE-2024-7521 | high | — | 8.0 | 2y ago | Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird … | |||
| CVE-2024-27049 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-27417 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-7529 | high | — | 8.0 | 2y ago | The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115… | |||
| CVE-2024-7528 | high | — | 8.0 | 2y ago | Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | |||
| CVE-2024-40928 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-36941 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-36017 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-35937 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-7527 | high | — | 8.0 | 2y ago | Unexpected marking work at the start of sweeping could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thun… | |||
| CVE-2024-40954 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-7526 | high | — | 8.0 | 2y ago | ANGLE failed to initialize parameters which lead to reading from uninitialized memory. This could be leveraged to leak sensitive data from memory. This vulnerability affects Firefox < 129, Firefox ES… | |||
| CVE-2024-7525 | high | — | 8.0 | 2y ago | It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Fi… | |||
| CVE-2024-7524 | high | — | 8.0 | 2y ago | Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker a… | |||
| CVE-2024-26853 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-36903 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-35800 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-35848 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-35852 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-21823 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-27434 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-7522 | high | — | 8.0 | 2y ago | Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1,… | |||
| CVE-2024-38575 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-7518 | high | — | 8.0 | 2y ago | Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, an… | |||
| CVE-2024-35911 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-36921 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-26698 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove In commit ac5047671758 ("hv_netvsc: Disable NAPI before clos… | |||
| CVE-2024-38476 | high | — | 8.0 | 2y ago | Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious o… | |||
| CVE-2024-36954 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after… | |||
| CVE-2024-35790 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs no… | |||
| CVE-2024-27388 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after thei… | |||
| CVE-2024-40974 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plpar_hcall(), plpar_hcall9(), and related functions expect caller… | |||
| CVE-2024-36950 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset inte… | |||
| CVE-2024-26802 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: stmmac: Clear variable when destroying workqueue Currently when suspending driver and stopping workqueue it is checked whether wo… | |||
| CVE-2024-35952 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/ast: Fix soft lockup There is a while-loop in ast_dp_set_on_off() that could lead to infinite-loop. This is because the regis… | |||
| CVE-2024-23638 | high | — | 8.0 | 2y ago | RHSA-2024:9644: squid:4 security update (Important) | |||
| CVE-2024-39573 | high | — | 8.0 | 2y ago | Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to… | |||
| CVE-2024-38473 | high | — | 8.0 | 2y ago | Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted req… | |||
| CVE-2024-38477 | high | — | 8.0 | 2y ago | null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, whic… | |||
| CVE-2024-38474 | high | — | 8.0 | 2y ago | Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any … | |||
| CVE-2024-5564 | high | — | 8.0 | 2y ago | RHSA-2024:4620: libndp security update (Important) | |||
| CVE-2024-39936 | high | — | 8.0 | 2y ago | An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an est… | |||
| CVE-2024-21131 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2024-38593 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-38663 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-36957 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-38586 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-36886 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-38543 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-27435 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-26858 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-26783 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-21147 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2024-21145 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2024-21140 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2024-21138 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2024-21144 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2024-37560 | high | 8.0 | 8.0 | 2y ago | Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0. | |||
| CVE-2024-6603 | high | — | 8.0 | 2y ago | In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 1… | |||
| CVE-2024-6604 | high | — | 8.0 | 2y ago | Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these cou… | |||
| CVE-2024-6601 | high | — | 8.0 | 2y ago | A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunde… | |||
| CVE-2024-35264 | high | — | 8.0 | 2y ago | RHSA-2024:4451: dotnet8.0 security update (Important) | |||
| CVE-2024-30105 | high | — | 8.0 | 2y ago | RHSA-2024:4451: dotnet8.0 security update (Important) | |||
| CVE-2024-38095 | high | — | 8.0 | 2y ago | RHSA-2024:4451: dotnet8.0 security update (Important) | |||
| CVE-2024-4467 | high | — | 8.0 | 2y ago | A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process… | |||
| CVE-2024-32465 | high | — | 8.0 | 2y ago | RHSA-2024:4084: git security update (Important) | |||
| CVE-2024-32020 | high | — | 8.0 | 2y ago | RHSA-2024:4084: git security update (Important) | |||
| CVE-2024-32004 | high | — | 8.0 | 2y ago | RHSA-2024:4084: git security update (Important) | |||
| CVE-2024-32021 | high | — | 8.0 | 2y ago | RHSA-2024:4084: git security update (Important) | |||
| CVE-2024-32002 | high | — | 8.0 | 2y ago | RHSA-2024:4084: git security update (Important) | |||
| CVE-2024-33871 | high | — | 8.0 | 2y ago | RHSA-2024:4000: ghostscript security update (Important) | |||
| CVE-2024-37890 | high | — | 8.0 | 2y ago | ws affected by a DoS when handling a request with many HTTP headers | |||
| CVE-2024-5696 | high | — | 8.0 | 2y ago | By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 11… | |||
| CVE-2024-5693 | high | — | 8.0 | 2y ago | Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127,… | |||
| CVE-2024-5691 | high | — | 8.0 | 2y ago | By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerabilit… | |||
| CVE-2024-32462 | high | — | 8.0 | 2y ago | RHSA-2024:3961: flatpak security update (Important) | |||
| CVE-2024-5688 | high | — | 8.0 | 2y ago | If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird… | |||
| CVE-2024-5702 | high | — | 8.0 | 2y ago | RHSA-2024:4036: thunderbird security update (Important) | |||
| CVE-2024-5690 | high | — | 8.0 | 2y ago | By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox E… | |||
| CVE-2024-5700 | high | — | 8.0 | 2y ago | Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these cou… | |||
| CVE-2024-2199 | high | — | 8.0 | 2y ago | RHSA-2024:4235: 389-ds security update (Important) | |||
| CVE-2024-3657 | high | — | 8.0 | 2y ago | RHSA-2024:4235: 389-ds security update (Important) | |||
| CVE-2024-3183 | high | — | 8.0 | 2y ago | RHSA-2024:3755: idm:DL1 security update (Important) | |||
| CVE-2024-2698 | high | — | 8.0 | 2y ago | RHSA-2024:3755: idm:DL1 security update (Important) | |||
| CVE-2024-3049 | high | — | 8.0 | 2y ago | RHSA-2024:3659: booth security update (Important) | |||
| CVE-2024-32487 | high | — | 8.0 | 2y ago | RHSA-2024:4256: less security update (Important) | |||
| CVE-2024-23672 | high | — | 8.0 | 2y ago | Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue … | |||
| CVE-2024-24549 | high | — | 8.0 | 2y ago | Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for head… | |||
| CVE-2024-23213 | high | — | 8.0 | 2y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. Processi… | |||
| CVE-2024-23206 | high | — | 8.0 | 2y ago | An access issue was addressed with improved access restrictions. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3… | |||
| CVE-2024-28109 | high | — | 8.0 | 2y ago | veraPDF has potential XSLT injection vulnerability when using policy files | |||
| CVE-2024-29800 | high | 8.0 | 8.0 | 2y ago | timber/timber vulnerable to Deserialization of Untrusted Data | |||
| CVE-2024-30046 | high | — | 8.0 | 2y ago | RHSA-2024:3345: .NET 8.0 security update (Important) | |||
| CVE-2024-30045 | high | — | 8.0 | 2y ago | RHSA-2024:3345: .NET 8.0 security update (Important) | |||
| CVE-2024-27982 | high | — | 8.0 | 2y ago | RHSA-2024:2780: nodejs:18 security update (Important) | |||
| CVE-2024-22025 | high | — | 8.0 | 2y ago | RHSA-2024:2780: nodejs:18 security update (Important) |