Common Vulnerabilities and Exposures (CVEs) are publicly disclosed security flaws that affect software or systems. Knowing about CVEs is crucial for maintaining the security integrity of systems.
Staying updated with the latest CVEs helps organizations and individuals prevent potential breaches by applying patches or mitigations before they can be exploited.
The CVE system is managed by the CVE Program, which is sponsored by the U.S. Department of Homeland Security (DHS). CVE Entries are created and assigned by CVE Numbering Authorities (CNAs), organizations from around the world that are responsible for the identification and cataloging of vulnerabilities affecting their products. Once a CVE Entry is created, it provides a reference point for every other security advisory to link to, ensuring consistency across different platforms.
For more detailed information, visit the official CVE website.
CVEs are typically classified into several severity levels based on their potential impact on the affected systems. The most common categorization uses the CVSS (Common Vulnerability Scoring System) to rate the severity of security vulnerabilities, ranging from Low to Critical. Understanding the severity level can help prioritize remediation efforts.
| Severity | CVSS Score | Description | Impact |
|---|---|---|---|
| None | 0 | No impact to the system's security. | No action needed. |
| Low | 0.1 - 3.9 | Poses minimal threat to system security. | Basic monitoring or updates may suffice. |
| Medium | 4.0 - 6.9 | Represents a moderate risk which may affect data integrity or availability. | Recommended to address soon with patches or workarounds. |
| High | 7.0 - 8.9 | Significant impact, could lead to data loss or downtime. | Urgent patching or immediate mitigation required. |
| Critical | 9.0 - 10.0 | Extremely dangerous, with potential for widespread damage or data loss. | Immediate action necessary, including system isolation or disabling. |
This list features the most recent CVEs reported and cataloged by various CVE Numbering Authorities (CNAs) around the world. Each entry includes details about the vulnerability, such as its severity, impacted systems, and available fixes or workarounds. The aim is to provide timely and actionable information to help protect systems against these vulnerabilities.
| CVE-ID | Severity | CVSS Score | Description |
|---|---|---|---|
| CVE-2024-29040 | MEDIUM | 4.3 | A detailed overview of CVE-2024-29040 affecting the TPM2 Software Stack, its implications for cybersecurity, and how businesses can secure their systems. |
| CVE-2024-5847 | HIGH | 8.8 | Learn about CVE-2024-5847, a high-severity vulnerability in Google Chrome's PDFium, which could allow remote attackers to exploit heap corruption using a crafted PDF file. |
| CVE-2024-5846 | HIGH | 8.8 | Exploring the details of CVE-2024-5846, its impact on PDFium in Google Chrome, and guidelines for mitigation. |
| CVE-2024-5844 | HIGH | 8.8 | A detailed guide on CVE-2024-5844, highlighting a high-severity vulnerability in Google Chrome's Tab Strip that could impact user security. |
| CVE-2024-5842 | HIGH | 8.8 | Detailed insights into CVE-2024-5842, highlighting the severity and implications of the use-after-free vulnerability detected in the user interface of Google Chrome browser versions prior to 126.0.6478.54. |
| CVE-2024-5841 | HIGH | 8.8 | A detailed exploration of CVE-2024-5841, which exposes a severe security flaw in Google Chrome's V8 that could allow heap corruption from a malicious HTML page. |
| CVE-2024-5840 | MEDIUM | 6.5 | Detailed analysis and explanation of CVE-2024-5840, a security vulnerability found in Google Chrome that could allow remote attackers to bypass discretionary access controls. |
| CVE-2024-5839 | MEDIUM | 6.5 | A detailed analysis of CVE-2024-5839 vulnerability impacting Google Chrome users, including potential risks and the steps to ensure protection. |
| CVE-2024-5838 | HIGH | 8.8 | A comprehensive guide to the HIGH severity CVE-2024-5838, impacting Google Chrome's V8 engine, posing potential risks of unauthorized memory access through crafted HTML pages. |
| CVE-2024-5837 | HIGH | 8.8 | Learn about the high-severity CVE-2024-5837, a type confusion issue in Google Chrome's V8 engine, its implications, and how to secure your systems. |
| CVE-2024-5836 | HIGH | 8.8 | Explore the details of CVE-2024-5836, a high-severity vulnerability in Google Chrome's DevTools, and learn how it impacts user security. |
| CVE-2024-5834 | HIGH | 8.8 | An essential analysis of CVE-2024-5834, detailing how it affects the Dawn component in Google Chrome, enabling remote attackers to execute arbitrary code through a specially crafted HTML page. |
| CVE-2024-5833 | HIGH | 8.8 | A vital discussion on CVE-2024-5833, detailing its impacts on Google Chrome, and steps for mitigation to secure systems against potential threats. |
| CVE-2024-5832 | HIGH | 8.8 | Detailed analysis and impact of CVE-2024-5832, a high-severity vulnerability affecting Google Chrome's Dawn engine, with guidance on mitigation and securing systems against potential exploitation. |
| CVE-2024-5831 | HIGH | 8.8 | A detailed overview of the high-severity security vulnerability CVE-2024-5831 affecting Google Chrome, its implications, and mitigation measures. |
| CVE-2024-5830 | HIGH | 8.8 | Explore the details of CVE-2024-5830, a high-severity vulnerability in Google Chrome's V8 engine, its impact, and available security measures. |
| CVE-2024-35242 | HIGH | 8.8 | In-depth analysis and explanation of the high-severity CVE-2024-35242 vulnerability affecting Composer, a dependency manager for PHP. |
| CVE-2024-35241 | HIGH | 8.8 | A high-severity CVE has been identified in Composer, affecting versions prior to 2.2.24 and 2.7.7. Learn how this impacts your PHP dependency management and the steps for mitigation. |
| CVE-2024-34055 | MEDIUM | 6.5 | A detailed analysis of CVE-2024-34055, its significance, affected Cyrus IMAP versions, and how to secure your systems against potential exploits. |
| CVE-2024-5274 | HIGH | 8.8 | Explore the details of CVE-2024-5274, a high-severity vulnerability found in Google Chrome's V8 engine, which could allow attackers to execute arbitrary code through a crafted HTML page. |
| CVE-2024-4453 | HIGH | 7.8 | Discover what you need to know about the high-severity CVE-2024-4453 affecting GStreamer, including its impact, risks, and how to secure your systems. |
| CVE-2023-47855 | MEDIUM | 6 | Explore the details of CVE-2023-47855, its impact on Intel TDX module software, and how users and administrators can mitigate the risk. |
| CVE-2023-46103 | MEDIUM | 4.7 | Explore the implications of the CVE-2023-46103 security vulnerability affecting Intel(R) Core(TM) Ultra Processors, including potential impacts and mitigation strategies. |
| CVE-2023-45745 | HIGH | 7.9 | An in-depth look at the high-severity CVE-2023-45745 affecting Intel(R) TDX module software, including implications and solutions. |
| CVE-2023-45733 | LOW | 2.8 | An informative guide detailing the low-severity CVE-2023-45733 affecting certain Intel processors, the potential risks, and how users can mitigate them. |
| CVE-2024-32465 | HIGH | 7.3 | An in-depth look at CVE-2024-32465, detailing the vulnerability found in Git, its potential impacts, and the recommended security patches. |
| CVE-2024-32021 | LOW | 3.9 | An in-depth analysis of CVE-2024-32021 detailing the security implications for Git software and the importance of updating to secure versions. |
| CVE-2024-32020 | LOW | 3.9 | CVE-2024-32020 is a security vulnerability identified in the Git version control system, impacting the integrity of local repository clones. This article provides details on the nature of the vulnerability, affected versions, and the available patches. |
| CVE-2024-32004 | HIGH | 8.1 | Exploring the high-severity security flaw in Git, CVE-2024-32004, how it affects users, and the importance of timely software updates to mitigate risks. |
| CVE-2024-32002 | CRITICAL | 9 | Understand the critical vulnerability CVE-2024-32002 found in Git and how it impacts your system security. |
| CVE-2024-30046 | MEDIUM | 5.9 | An informative guide to address and understand the CVE-2024-30046, a security vulnerability identified in Visual Studio, leading to potential denial of service. |
| CVE-2024-30045 | MEDIUM | 6.3 | CVE-2024-30045 outlines a medium-severity vulnerability in .NET and Visual Studio that could enable remote code execution. Learn more about the implications and solutions. |
| CVE-2024-4761 | HIGH | 8.8 | A detailed guide on CVE-2024-4761, its impact on Google Chrome, and how LinuxPatch users can secure their systems against it. |
| CVE-2024-4671 | CRITICAL | 9.6 | An explanation of the critical CVE-2024-4671 vulnerability in Google Chrome, detailing the risks and the importance of updating to a secure version. |
| CVE-2024-4317 | LOW | 3.1 | A detailed analysis of CVE-2024-4317, discussing its impact on PostgreSQL databases and steps to mitigate the issue. |
| CVE-2024-34069 | HIGH | 7.5 | Dive into the details of CVE-2024-34069 that affects the Werkzeug web application library and learn how LinuxPatch can secure your systems. |
| CVE-2023-27349 | HIGH | 7.1 | Learn about the high-severity CVE-2023-27349, impacting BlueZ's handling of the AVRCP protocol and how attackers can exploit this to execute arbitrary code via Bluetooth. |
| CVE-2023-49606 | CRITICAL | 9.8 | Learn about the critical CVE-2023-49606 affecting Tinyproxy and find out how you can secure your systems with necessary patches. |
| CVE-2024-4340 | HIGH | 7.5 | An in-depth look at CVE-2024-4340, its impact, and steps for mitigation to ensure system security. |
| CVE-2024-3096 | MEDIUM | 6.5 | Explore the specifics of CVE-2024-3096, its impact on PHP versions, and how users can safeguard their systems. |
| CVE-2024-2756 | MEDIUM | 6.5 | Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. |
| CVE-2022-48655 | HIGH | 7.8 | An in-depth exploration of the CVE-2022-48655, its impact on Linux Kernel, and how to mitigate it using patch updates from LinuxPatch. |
| CVE-2024-28240 | HIGH | 7.3 | A detailed look into the high-severity CVE-2024-28240 affecting the GLPI Agent on Windows, its implications for cybersecurity, and available patches. |
| CVE-2024-25583 | HIGH | 7.5 | A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected. |
| CVE-2024-32662 | HIGH | 7.5 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available. |
| CVE-2024-32661 | HIGH | 7.5 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available. |
| CVE-2024-32660 | HIGH | 7.5 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available. |
| CVE-2024-32659 | CRITICAL | 9.8 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. |
| CVE-2024-32658 | CRITICAL | 9.8 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. |
| CVE-2024-32040 | HIGH | 8.1 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`). |
If you want to access to older CVE entries, you can access our older CVEs