CVEs from 2024
Total
6,632
critical
critical 166
high
high 1,073
medium
medium 2,066
low
low 49
% Critical
2.5%
% with KEV
2.5%
% with exploit
3.4%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- propertyhive 5
- glibc 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31076 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiv… | |||
| CVE-2024-42240 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warning in #DB handler due to BHI mitigation When BHI mitigation is enabled, if SYSENTER is invoked with the TF fl… | |||
| CVE-2024-36901 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_out… | |||
| CVE-2024-40901 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory There is a potential out-of-bounds access when using test_b… | |||
| CVE-2024-41065 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc… | |||
| CVE-2024-36928 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 devi… | |||
| CVE-2024-41060 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bo_va->bo is non-NULL before using it The call to radeon_vm_clear_freed might clear bo_va->bo, so we have to ch… | |||
| CVE-2024-41012 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created l… | |||
| CVE-2024-42226 | high | — | 8.0 | 2y ago | RHSA-2024:7001: kernel-rt security update (Important) | |||
| CVE-2024-42238 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Return error if block header overflows file Return an error from cs_dsp_power_up() if a block header is longer … | |||
| CVE-2024-39471 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should be stop to … | |||
| CVE-2024-38581 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix the ramdom use-after-free issue. v2: move to amdgpu_… | |||
| CVE-2024-35853 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This… | |||
| CVE-2024-41008 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm->task_info handling This patch changes the handling and lifecycle of vm->task_info object. The major change… | |||
| CVE-2024-26704 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves a… | |||
| CVE-2024-42154 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long,… | |||
| CVE-2024-42159 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't b… | |||
| CVE-2024-42228 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_rel… | |||
| CVE-2024-35801 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Commit 672365477ae8 ("x86/fpu: Update XFD state where required") and commit 8bf… | |||
| CVE-2024-36920 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Avoid memcpy field-spanning write WARNING When the "storcli2 show" command is executed for eHBA-9600, mpi3mr driver… | |||
| CVE-2024-27410 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't ye… | |||
| CVE-2024-41039 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw he… | |||
| CVE-2024-35924 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Limit read size on v1.2 Between UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was increased from 16 … | |||
| CVE-2024-26660 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'stream_enc_regs' array is an array of dcn10_stream… | |||
| CVE-2024-26843 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: efi: runtime: Fix potential overflow of soft-reserved region size md_size will have been narrowed if we have >= 4GB worth of page… | |||
| CVE-2024-26675 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Wi… | |||
| CVE-2024-40989 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't… | |||
| CVE-2024-26759 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix race when skipping swapcache When skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads swapin the same … | |||
| CVE-2024-39276 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Syzbot reports a warning as follows: =================… | |||
| CVE-2024-38627 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which free… | |||
| CVE-2024-26772 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block b… | |||
| CVE-2024-26645 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tracing: Ensure visibility when inserting an element into tracing_map Running the following two commands in parallel on a multi-p… | |||
| CVE-2024-35946 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix null pointer access when abort scan During cancel scan we might use vif that weren't scanning. Fix this by using… | |||
| CVE-2024-38555 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Discard command completions in internal error Fix use after free when FW completion arrives while device is in internal… | |||
| CVE-2024-42124 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Make qedf_execute_tmf() non-preemptible Stop calling smp_processor_id() from preemptible code in qedf_execute_tmf90. … | |||
| CVE-2024-40997 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on CPU EPP exit The cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is not freed … | |||
| CVE-2024-44970 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from t… | |||
| CVE-2024-26940 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed The driver creates /sys/kernel/debug/dri/0/mob_ttm even when… | |||
| CVE-2024-36960 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure tha… | |||
| CVE-2024-40988 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix UBSAN warning in kv_dpm.c Adds bounds check for sumo_vid_mapping_entry. | |||
| CVE-2024-26939 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free … | |||
| CVE-2024-36945 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix neighbour and rtable leak in smc_ib_find_route() In smc_ib_find_route(), the neighbour found by neigh_lookup() and r… | |||
| CVE-2024-36933 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and … | |||
| CVE-2024-26614 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following is… | |||
| CVE-2024-9407 | high | — | 8.0 | 2y ago | RHSA-2024:8846: container-tools:rhel8 security update (Important) | |||
| CVE-2024-47875 | high | — | 8.0 | 2y ago | DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3. | |||
| CVE-2024-40977 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery During chip recovery (e.g. chip reset), there is a possible si… | |||
| CVE-2024-40972 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: do not create EA inode under buffer lock ext4_xattr_set_entry() creates new EA inodes while holding buffer lock on the exte… | |||
| CVE-2024-26640 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owne… | |||
| CVE-2024-26826 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data re-injection from stale subflow When the MPTCP PM detects that a subflow is stale, all the packet scheduler must … | |||
| CVE-2024-39472 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: xfs: fix log recovery buffer allocation for the legacy h_size fixup Commit a70f9fe52daa ("xfs: detect and handle invalid iclog si… | |||
| CVE-2024-40998 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() In the following concurrency we will access the unini… | |||
| CVE-2024-41013 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry to… | |||
| CVE-2024-40904 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages The syzbot fuzzer found that the interrupt-URB completion ca… | |||
| CVE-2024-40931 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_una is properly initialized on connect This is strictly related to commit fb7a0d334894 ("mptcp: ensure snd_nxt … | |||
| CVE-2024-2201 | high | — | 8.0 | 2y ago | A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. | |||
| CVE-2024-41014 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed members of x… | |||
| CVE-2024-9675 | high | — | 8.0 | 2y ago | RHSA-2024:8846: container-tools:rhel8 security update (Important) | |||
| CVE-2024-27856 | high | — | 8.0 | 2y ago | The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Pro… | |||
| CVE-2024-44185 | high | — | 8.0 | 2y ago | The issue was addressed with improved checks. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1.3, watchOS 10.6. Processing maliciously crafted we… | |||
| CVE-2024-40780 | high | — | 8.0 | 2y ago | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1… | |||
| CVE-2024-27838 | high | — | 8.0 | 2y ago | The issue was addressed by adding additional logic. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.… | |||
| CVE-2024-40776 | high | — | 8.0 | 2y ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionO… | |||
| CVE-2024-27820 | high | — | 8.0 | 2y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS … | |||
| CVE-2024-40866 | high | — | 8.0 | 2y ago | The issue was addressed with improved UI. This issue is fixed in Safari 18, macOS Sequoia 15. Visiting a malicious website may lead to address bar spoofing. | |||
| CVE-2024-35989 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback… | |||
| CVE-2024-4558 | high | — | 8.0 | 2y ago | Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2024-44187 | high | — | 8.0 | 2y ago | A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, … | |||
| CVE-2024-23280 | high | — | 8.0 | 2y ago | An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. A maliciously crafted webpage may … | |||
| CVE-2024-36889 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_nxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snd_una: WARNING: C… | |||
| CVE-2024-54534 | high | — | 8.0 | 2y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processi… | |||
| CVE-2024-23254 | high | — | 8.0 | 2y ago | The issue was addressed with improved UI handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. A malicious website may exfi… | |||
| CVE-2024-27851 | high | — | 8.0 | 2y ago | The issue was addressed with improved bounds checks. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing maliciously cra… | |||
| CVE-2024-23284 | high | — | 8.0 | 2y ago | A logic issue was addressed with improved state management. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, wat… | |||
| CVE-2024-23263 | high | — | 8.0 | 2y ago | A logic issue was addressed with improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 1… | |||
| CVE-2024-40779 | high | — | 8.0 | 2y ago | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionOS 1… | |||
| CVE-2024-40789 | high | — | 8.0 | 2y ago | An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, vi… | |||
| CVE-2024-40782 | high | — | 8.0 | 2y ago | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 17.6, iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, visionO… | |||
| CVE-2024-9341 | high | — | 8.0 | 2y ago | RHSA-2024:8846: container-tools:rhel8 security update (Important) | |||
| CVE-2024-43485 | high | — | 8.0 | 2y ago | RHSA-2024:7868: .NET 8.0 security update (Important) | |||
| CVE-2024-43483 | high | — | 8.0 | 2y ago | RHSA-2024:7868: .NET 8.0 security update (Important) | |||
| CVE-2024-43484 | high | — | 8.0 | 2y ago | RHSA-2024:7868: .NET 8.0 security update (Important) | |||
| CVE-2024-38229 | high | — | 8.0 | 2y ago | RHSA-2024:7868: .NET 8.0 security update (Important) | |||
| CVE-2024-8900 | high | — | 8.0 | 2y ago | An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and T… | |||
| CVE-2024-9403 | high | — | 8.0 | 2y ago | Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code… | |||
| CVE-2024-9402 | high | — | 8.0 | 2y ago | Memory safety bugs present in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could… | |||
| CVE-2024-9401 | high | — | 8.0 | 2y ago | Memory safety bugs present in Firefox 130, Firefox ESR 115.15, Firefox ESR 128.2, and Thunderbird 128.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort… | |||
| CVE-2024-9400 | high | — | 8.0 | 2y ago | A potential memory corruption vulnerability could be triggered if an attacker had the ability to trigger an OOM at a specific moment during JIT compilation. This vulnerability affects Firefox < 131, … | |||
| CVE-2024-9398 | high | — | 8.0 | 2y ago | By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vuln… | |||
| CVE-2024-9396 | high | — | 8.0 | 2y ago | It is currently unknown if this issue is exploitable but a condition may arise where the structured clone of certain objects could lead to memory corruption. This vulnerability affects Firefox < 131,… | |||
| CVE-2024-9392 | high | — | 8.0 | 2y ago | A compromised content process could have allowed for the arbitrary loading of cross-origin pages. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 12… | |||
| CVE-2024-9399 | high | — | 8.0 | 2y ago | A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox E… | |||
| CVE-2024-9394 | high | — | 8.0 | 2y ago | An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This ac… | |||
| CVE-2024-9393 | high | — | 8.0 | 2y ago | An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This acces… | |||
| CVE-2024-9397 | high | — | 8.0 | 2y ago | A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 1… | |||
| CVE-2024-47850 | high | — | 8.0 | 2y ago | RHSA-2024:7463: cups-filters security update (Important) | |||
| CVE-2024-42225 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data | |||
| CVE-2024-45026 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient (ESE) or thin provisioned volumes … | |||
| CVE-2024-41097 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacru_bind() Syzbot is still reporting quite an old issue [1] that occurs due to inco… | |||
| CVE-2024-42246 | high | — | 8.0 | 2y ago | In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket When using a BPF program on kernel_connect(), the c… |