CVEs from 2024
Total
6,613
critical
critical 170
high
high 1,066
medium
medium 2,078
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- operations_analytics_log_analysis 14
- surveillance_station 12
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- propertyhive 5
- virtual_traffic_manager 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-7525 | high | — | 8.0 | 2y ago | It was possible for a web extension with minimal permissions to create a `StreamFilter` which could be used to read and modify the response body of requests on any site. This vulnerability affects Fi… | |||
| CVE-2024-7522 | high | — | 8.0 | 2y ago | Editor code failed to check an attribute value. This could have led to an out-of-bounds read. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1,… | |||
| CVE-2024-21823 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-27434 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-7528 | high | — | 8.0 | 2y ago | Incorrect garbage collection interaction in IndexedDB could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | |||
| CVE-2024-7529 | high | — | 8.0 | 2y ago | The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115… | |||
| CVE-2024-4076 | high | — | 8.0 | 2y ago | RHSA-2024:5390: bind9.16 security update (Important) | |||
| CVE-2024-26853 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-38575 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-27417 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-35848 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-7518 | high | — | 8.0 | 2y ago | Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, an… | |||
| CVE-2024-37353 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-35800 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-36017 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-36941 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-26868 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-7519 | high | — | 8.0 | 2y ago | Insufficient checks when processing graphics shared memory could have led to memory corruption. This could be leveraged by an attacker to perform a sandbox escape. This vulnerability affects Firefox … | |||
| CVE-2024-35937 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-36903 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-26828 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-40954 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-35911 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-27049 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-6345 | high | — | 8.0 | 2y ago | Important: fence-agents security update | |||
| CVE-2024-38391 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-39487 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-7521 | high | — | 8.0 | 2y ago | Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird … | |||
| CVE-2024-35852 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-7520 | high | — | 8.0 | 2y ago | A type confusion bug in WebAssembly could be leveraged by an attacker to potentially achieve code execution. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | |||
| CVE-2024-36921 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-36954 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after… | |||
| CVE-2024-35790 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs no… | |||
| CVE-2024-36950 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset inte… | |||
| CVE-2024-38476 | high | — | 8.0 | 2y ago | Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious o… | |||
| CVE-2024-27388 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after thei… | |||
| CVE-2024-26802 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: stmmac: Clear variable when destroying workqueue Currently when suspending driver and stopping workqueue it is checked whether wo… | |||
| CVE-2024-40974 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plpar_hcall(), plpar_hcall9(), and related functions expect caller… | |||
| CVE-2024-26698 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove In commit ac5047671758 ("hv_netvsc: Disable NAPI before clos… | |||
| CVE-2024-35952 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/ast: Fix soft lockup There is a while-loop in ast_dp_set_on_off() that could lead to infinite-loop. This is because the regis… | |||
| CVE-2024-23638 | high | — | 8.0 | 2y ago | RHSA-2024:9644: squid:4 security update (Important) | |||
| CVE-2024-38477 | high | — | 8.0 | 2y ago | null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, whic… | |||
| CVE-2024-39573 | high | — | 8.0 | 2y ago | Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to… | |||
| CVE-2024-38474 | high | — | 8.0 | 2y ago | Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any … | |||
| CVE-2024-38473 | high | — | 8.0 | 2y ago | Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted req… | |||
| CVE-2024-5564 | high | — | 8.0 | 2y ago | RHSA-2024:4620: libndp security update (Important) | |||
| CVE-2024-39936 | high | — | 8.0 | 2y ago | An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an est… | |||
| CVE-2024-26783 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-21138 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2024-21147 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2024-36957 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-21131 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2024-21145 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2024-26858 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-21144 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2024-21140 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security update | |||
| CVE-2024-38593 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-36886 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-38543 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-38586 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-27435 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-38663 | high | — | 8.0 | 2y ago | Important: kernel security update | |||
| CVE-2024-37560 | high | 8.0 | 8.0 | 2y ago | Improper Privilege Management vulnerability in IqbalRony WP User Switch allows Privilege Escalation.This issue affects WP User Switch: from n/a through 1.1.0. | |||
| CVE-2024-6601 | high | — | 8.0 | 2y ago | A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunde… | |||
| CVE-2024-6603 | high | — | 8.0 | 2y ago | In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 1… | |||
| CVE-2024-6604 | high | — | 8.0 | 2y ago | Memory safety bugs present in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these cou… | |||
| CVE-2024-35264 | high | — | 8.0 | 2y ago | RHSA-2024:4451: dotnet8.0 security update (Important) | |||
| CVE-2024-30105 | high | — | 8.0 | 2y ago | RHSA-2024:4451: dotnet8.0 security update (Important) | |||
| CVE-2024-38095 | high | — | 8.0 | 2y ago | RHSA-2024:4451: dotnet8.0 security update (Important) | |||
| CVE-2024-4467 | high | — | 8.0 | 2y ago | A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process… | |||
| CVE-2024-32002 | high | — | 8.0 | 2y ago | RHSA-2024:4084: git security update (Important) | |||
| CVE-2024-32020 | high | — | 8.0 | 2y ago | RHSA-2024:4084: git security update (Important) | |||
| CVE-2024-32021 | high | — | 8.0 | 2y ago | RHSA-2024:4084: git security update (Important) | |||
| CVE-2024-32004 | high | — | 8.0 | 2y ago | RHSA-2024:4084: git security update (Important) | |||
| CVE-2024-32465 | high | — | 8.0 | 2y ago | RHSA-2024:4084: git security update (Important) | |||
| CVE-2024-33871 | high | — | 8.0 | 2y ago | RHSA-2024:4000: ghostscript security update (Important) | |||
| CVE-2024-37890 | high | — | 8.0 | 2y ago | ws affected by a DoS when handling a request with many HTTP headers | |||
| CVE-2024-5700 | high | — | 8.0 | 2y ago | Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these cou… | |||
| CVE-2024-5690 | high | — | 8.0 | 2y ago | By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox E… | |||
| CVE-2024-5696 | high | — | 8.0 | 2y ago | By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 11… | |||
| CVE-2024-32462 | high | — | 8.0 | 2y ago | RHSA-2024:3961: flatpak security update (Important) | |||
| CVE-2024-5688 | high | — | 8.0 | 2y ago | If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird… | |||
| CVE-2024-5693 | high | — | 8.0 | 2y ago | Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127,… | |||
| CVE-2024-5691 | high | — | 8.0 | 2y ago | By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerabilit… | |||
| CVE-2024-5702 | high | — | 8.0 | 2y ago | RHSA-2024:4036: thunderbird security update (Important) | |||
| CVE-2024-3657 | high | — | 8.0 | 2y ago | RHSA-2024:4235: 389-ds security update (Important) | |||
| CVE-2024-2199 | high | — | 8.0 | 2y ago | RHSA-2024:4235: 389-ds security update (Important) | |||
| CVE-2024-2698 | high | — | 8.0 | 2y ago | RHSA-2024:3755: idm:DL1 security update (Important) | |||
| CVE-2024-3183 | high | — | 8.0 | 2y ago | RHSA-2024:3755: idm:DL1 security update (Important) | |||
| CVE-2024-3049 | high | — | 8.0 | 2y ago | RHSA-2024:3659: booth security update (Important) | |||
| CVE-2024-32487 | high | — | 8.0 | 2y ago | RHSA-2024:4256: less security update (Important) | |||
| CVE-2024-23672 | high | — | 8.0 | 2y ago | Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue … | |||
| CVE-2024-24549 | high | — | 8.0 | 2y ago | Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for head… | |||
| CVE-2024-23206 | high | — | 8.0 | 2y ago | An access issue was addressed with improved access restrictions. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3… | |||
| CVE-2024-23213 | high | — | 8.0 | 2y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. Processi… | |||
| CVE-2024-28109 | high | — | 8.0 | 2y ago | veraPDF has potential XSLT injection vulnerability when using policy files | |||
| CVE-2024-29800 | high | 8.0 | 8.0 | 2y ago | timber/timber vulnerable to Deserialization of Untrusted Data | |||
| CVE-2024-30045 | high | — | 8.0 | 2y ago | RHSA-2024:3345: .NET 8.0 security update (Important) | |||
| CVE-2024-30046 | high | — | 8.0 | 2y ago | RHSA-2024:3345: .NET 8.0 security update (Important) | |||
| CVE-2024-22025 | high | — | 8.0 | 2y ago | RHSA-2024:2780: nodejs:18 security update (Important) |