VIR Vulnerability Intelligence Relay

CVEs from 2024

6,614 normalized CVEs published or assigned in this year.

Total
6,614
critical
critical 174
high
high 1,069
medium
medium 2,083
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%

Top vendors

Top products

  • mbed_tls 15
  • operations_analytics_log_analysis 14
  • surveillance_station 12
  • checkmk 10
  • office 8
  • profilegrid 8
  • office_long_term_servicing_channel 6
  • propertyhive 5

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2024-2314 low 2.5 2y ago RHSA-2024:8831: bcc security update (Low)
CVE-2024-2313 low 2.5 2y ago RHSA-2024:8830: bpftrace security update (Low)
CVE-2024-5742 low 2.5 2y ago RHSA-2024:6986: nano security update (Low)
CVE-2024-4603 low 2.5 2y ago Low: openssl security update
CVE-2024-6126 low 2.5 2y ago A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
CVE-2024-6501 low 2.5 2y ago Low: NetworkManager security update
CVE-2024-26458 low 2.5 2y ago RHSA-2024:3268: krb5 security update (Low)
CVE-2024-36387 low 2.5 2y ago Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance.
CVE-2024-4418 low 2.5 2y ago RHSA-2024:4351: virt:rhel and virt-devel:rhel security and bug fix update (Low)
CVE-2024-4032 low 2.5 2y ago Low: python3 security update
CVE-2024-5629 low 2.5 2y ago RHSA-2025:8419: python36:3.6 security update (Low)
CVE-2024-35176 low 2.5 2y ago RHSA-2024:5338: pcs security update (Low)
CVE-2024-25629 low 2.5 2y ago RHSA-2024:4249: c-ares security update (Low)
CVE-2024-3857 low 2.5 2y ago The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, …
CVE-2024-3302 low 2.5 2y ago There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firef…
CVE-2024-2609 low 2.5 2y ago The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR …
CVE-2024-3864 low 2.5 2y ago Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited…
CVE-2024-3852 low 2.5 2y ago GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.
CVE-2024-3861 low 2.5 2y ago If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 11…
CVE-2024-3854 low 2.5 2y ago In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 11…
CVE-2024-3859 low 2.5 2y ago On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox E…
CVE-2024-2408 low 2.5 3y ago RHSA-2023:7877: openssl security update (Low)
CVE-2024-6344 low 2.4 2.4 2y ago A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of t…