CVEs from 2024
Total
6,622
critical
critical 169
high
high 1,066
medium
medium 2,079
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- surveillance_station 12
- checkmk 10
- profilegrid 8
- office 8
- office_long_term_servicing_channel 6
- propertyhive 5
- glibc 5
- element_pack 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-22025 | high | — | 8.0 | 2y ago | RHSA-2024:2780: nodejs:18 security update (Important) | |||
| CVE-2024-31270 | high | 8.0 | 8.0 | 2y ago | Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1. | |||
| CVE-2024-28757 | high | — | 8.0 | 2y ago | RHSA-2025:21776: expat security update (Important) | |||
| CVE-2024-26584 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-26583 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-25744 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-1085 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-23271 | high | — | 8.0 | 2y ago | A logic issue was addressed with improved checks. This issue is fixed in Safari 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3, watchOS 10.3. A malicious website may cause unexpected cr… | |||
| CVE-2024-0841 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-0565 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-1313 | high | — | 8.0 | 2y ago | RHSA-2024:3265: grafana security update (Important) | |||
| CVE-2024-24785 | high | — | 8.0 | 2y ago | RHSA-2026:3428: container-tools:rhel8 security update (Important) | |||
| CVE-2024-31081 | high | — | 8.0 | 2y ago | Important: tigervnc security update | |||
| CVE-2024-26586 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-3019 | high | — | 8.0 | 2y ago | RHSA-2024:3264: pcp security update (Important) | |||
| CVE-2024-31080 | high | — | 8.0 | 2y ago | Important: tigervnc security update | |||
| CVE-2024-26582 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-31083 | high | — | 8.0 | 2y ago | Important: tigervnc security update | |||
| CVE-2024-26593 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-26602 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-26609 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-26585 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-26633 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-26671 | high | — | 8.0 | 2y ago | Important: kernel security, bug fix, and enhancement update | |||
| CVE-2024-1753 | high | — | 8.0 | 2y ago | RHSA-2024:3254: container-tools:rhel8 security update (Important) | |||
| CVE-2024-27316 | high | — | 8.0 | 2y ago | HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory … | |||
| CVE-2024-1488 | high | — | 8.0 | 2y ago | RHSA-2025:0837: unbound security update (Important) | |||
| CVE-2024-21896 | high | — | 8.0 | 2y ago | RHSA-2024:1687: nodejs:20 security update (Important) | |||
| CVE-2024-30156 | high | — | 8.0 | 2y ago | Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Brok… | |||
| CVE-2024-21891 | high | — | 8.0 | 2y ago | RHSA-2024:1687: nodejs:20 security update (Important) | |||
| CVE-2024-22017 | high | — | 8.0 | 2y ago | RHSA-2024:1687: nodejs:20 security update (Important) | |||
| CVE-2024-21890 | high | — | 8.0 | 2y ago | RHSA-2024:1687: nodejs:20 security update (Important) | |||
| CVE-2024-21892 | high | — | 8.0 | 2y ago | RHSA-2024:1687: nodejs:20 security update (Important) | |||
| CVE-2024-1394 | high | — | 8.0 | 2y ago | Important: golang security update | |||
| CVE-2024-1597 | high | — | 8.0 | 2y ago | RHSA-2024:1435: postgresql-jdbc security update (Important) | |||
| CVE-2024-22019 | high | — | 8.0 | 2y ago | Important: nodejs security update | |||
| CVE-2024-25617 | high | — | 8.0 | 2y ago | RHSA-2024:1375: squid:4 security update (Important) | |||
| CVE-2024-25111 | high | — | 8.0 | 2y ago | RHSA-2024:1375: squid:4 security update (Important) | |||
| CVE-2024-0646 | high | — | 8.0 | 2y ago | An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows… | |||
| CVE-2024-1550 | high | — | 8.0 | 2y ago | A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusio… | |||
| CVE-2024-1553 | high | — | 8.0 | 2y ago | Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could… | |||
| CVE-2024-1546 | high | — | 8.0 | 2y ago | When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox … | |||
| CVE-2024-1549 | high | — | 8.0 | 2y ago | If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulne… | |||
| CVE-2024-1547 | high | — | 8.0 | 2y ago | Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox… | |||
| CVE-2024-1552 | high | — | 8.0 | 2y ago | Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 12… | |||
| CVE-2024-1548 | high | — | 8.0 | 2y ago | A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Fir… | |||
| CVE-2024-1551 | high | — | 8.0 | 2y ago | Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, th… | |||
| CVE-2024-0985 | high | — | 8.0 | 2y ago | Important: postgresql:15 security update | |||
| CVE-2024-26130 | high | — | 8.0 | 2y ago | Important: python3.12-cryptography security update | |||
| CVE-2024-21404 | high | — | 8.0 | 2y ago | RHSA-2024:3340: .NET 7.0 security update (Important) | |||
| CVE-2024-21386 | high | — | 8.0 | 2y ago | RHSA-2024:3340: .NET 7.0 security update (Important) | |||
| CVE-2024-0964 | high | — | 8.0 | 2y ago | A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request. | |||
| CVE-2024-0749 | high | — | 8.0 | 2y ago | A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7. | |||
| CVE-2024-0751 | high | — | 8.0 | 2y ago | A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | |||
| CVE-2024-0755 | high | — | 8.0 | 2y ago | Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could… | |||
| CVE-2024-0750 | high | — | 8.0 | 2y ago | A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, an… | |||
| CVE-2024-0746 | high | — | 8.0 | 2y ago | A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | |||
| CVE-2024-0747 | high | — | 8.0 | 2y ago | When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 1… | |||
| CVE-2024-21886 | high | — | 8.0 | 2y ago | Important: tigervnc security update | |||
| CVE-2024-21885 | high | — | 8.0 | 2y ago | Important: tigervnc security update | |||
| CVE-2024-0741 | high | — | 8.0 | 2y ago | An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunder… | |||
| CVE-2024-0229 | high | — | 8.0 | 2y ago | Important: tigervnc security update | |||
| CVE-2024-0742 | high | — | 8.0 | 2y ago | It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerabilit… | |||
| CVE-2024-0753 | high | — | 8.0 | 2y ago | In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. | |||
| CVE-2024-20926 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security and bug fix update | |||
| CVE-2024-20921 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security and bug fix update | |||
| CVE-2024-20952 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security and bug fix update | |||
| CVE-2024-20945 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security and bug fix update | |||
| CVE-2024-20919 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security and bug fix update | |||
| CVE-2024-20932 | high | — | 8.0 | 2y ago | RHSA-2024:0267: java-17-openjdk security and bug fix update (Important) | |||
| CVE-2024-20918 | high | — | 8.0 | 2y ago | Important: java-1.8.0-openjdk security and bug fix update | |||
| CVE-2024-21319 | high | — | 8.0 | 2y ago | RHSA-2024:0158: .NET 6.0 security update (Important) | |||
| CVE-2024-0056 | high | — | 8.0 | 2y ago | RHSA-2024:0158: .NET 6.0 security update (Important) | |||
| CVE-2024-0057 | high | — | 8.0 | 2y ago | RHSA-2024:0158: .NET 6.0 security update (Important) | |||
| CVE-2024-26649 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer … | |||
| CVE-2024-0443 | high | — | 8.0 | 3y ago | A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is o… | |||
| CVE-2024-57876 | high | — | 8.0 | 3y ago | In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix resetting msg rx state after topology removal If the MST topology is removed during the reception of an MST down … | |||
| CVE-2024-27808 | high | — | 8.0 | 3y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing web content m… | |||
| CVE-2024-23252 | high | — | 8.0 | 3y ago | RHSA-2023:4202: webkit2gtk3 security update (Important) | |||
| CVE-2024-27834 | high | — | 8.0 | 3y ago | The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, watchOS 10.5. An attacker with … | |||
| CVE-2024-27833 | high | — | 8.0 | 3y ago | An integer overflow was addressed with improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, visionOS 1.2. Processing malic… | |||
| CVE-2024-54658 | high | — | 8.0 | 3y ago | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, watchOS 10.4. Processing web content m… | |||
| CVE-2024-36333 | high | 7.8 | 7.8 | 21d ago | A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | |||
| CVE-2024-47091 | high | 7.8 | 7.8 | 23d ago | Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk <2.4.0p29, <2.3.0p47, and 2.2.0 (EOL) allows a local unprivileged user able to create a Windows service whose name matches 'MyS… | |||
| CVE-2024-58072 | high | 7.8 | 7.8 | 7mo ago | Moderate: kernel security update | |||
| CVE-2024-46744 | high | 7.8 | 7.8 | 7mo ago | Moderate: kernel security update | |||
| CVE-2024-58240 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no … | |||
| CVE-2024-53166 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by b… | |||
| CVE-2024-46853 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the da… | |||
| CVE-2024-49930 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix array out-of-bound access in SoC stats Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with … | |||
| CVE-2024-56631 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() Fix a use-after-free bug in sg_release(), detected by syzbot with KASAN: … | |||
| CVE-2024-46871 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX [Why & How] It actually exposes '6' types in enum dmu… | |||
| CVE-2024-47718 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular an… | |||
| CVE-2024-53213 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation In lan78xx_probe(), the buffer `buf` was being freed tw… | |||
| CVE-2024-49883 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is … | |||
| CVE-2024-53057 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed t… | |||
| CVE-2024-53059 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() 1. The size of the response packet is not validated. 2. … | |||
| CVE-2024-50127 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch /… | |||
| CVE-2024-50151 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2_IOCTL request When using encryption, either enforced by the server or when using 'seal' … | |||
| CVE-2024-50150 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmode should keep reference to parent The altmode device release refers to its parent device, but without keeping a… |