CVEs from 2024
Total
6,613
critical
critical 170
high
high 1,066
medium
medium 2,078
low
low 49
% Critical
2.6%
% with KEV
2.5%
% with exploit
3.4%
Top products
- operations_analytics_log_analysis 14
- surveillance_station 12
- checkmk 10
- office 8
- profilegrid 8
- office_long_term_servicing_channel 6
- propertyhive 5
- virtual_traffic_manager 5
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29039 | low | — | 2.5 | 2y ago | Low: tpm2-tools security update | |||
| CVE-2024-6501 | low | — | 2.5 | 2y ago | Low: NetworkManager security update | |||
| CVE-2024-26458 | low | — | 2.5 | 2y ago | RHSA-2024:3268: krb5 security update (Low) | |||
| CVE-2024-36387 | low | — | 2.5 | 2y ago | Serving WebSocket protocol upgrades over a HTTP/2 connection could result in a Null Pointer dereference, leading to a crash of the server process, degrading performance. | |||
| CVE-2024-4418 | low | — | 2.5 | 2y ago | RHSA-2024:4351: virt:rhel and virt-devel:rhel security and bug fix update (Low) | |||
| CVE-2024-4032 | low | — | 2.5 | 2y ago | Low: python3 security update | |||
| CVE-2024-5629 | low | — | 2.5 | 2y ago | RHSA-2025:8419: python36:3.6 security update (Low) | |||
| CVE-2024-35176 | low | — | 2.5 | 2y ago | RHSA-2024:5338: pcs security update (Low) | |||
| CVE-2024-25629 | low | — | 2.5 | 2y ago | RHSA-2024:4249: c-ares security update (Low) | |||
| CVE-2024-2609 | low | — | 2.5 | 2y ago | The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR … | |||
| CVE-2024-3854 | low | — | 2.5 | 2y ago | In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 11… | |||
| CVE-2024-3857 | low | — | 2.5 | 2y ago | The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, … | |||
| CVE-2024-3859 | low | — | 2.5 | 2y ago | On 32-bit versions there were integer-overflows that led to an out-of-bounds-read that potentially could be triggered by a malformed OpenType font. This vulnerability affects Firefox < 125, Firefox E… | |||
| CVE-2024-3861 | low | — | 2.5 | 2y ago | If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 11… | |||
| CVE-2024-3864 | low | — | 2.5 | 2y ago | Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited… | |||
| CVE-2024-3852 | low | — | 2.5 | 2y ago | GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | |||
| CVE-2024-3302 | low | — | 2.5 | 2y ago | There was no limit to the number of HTTP/2 CONTINUATION frames that would be processed. A server could abuse this to create an Out of Memory condition in the browser. This vulnerability affects Firef… | |||
| CVE-2024-2408 | low | — | 2.5 | 3y ago | RHSA-2023:7877: openssl security update (Low) | |||
| CVE-2024-6344 | low | 2.4 | 2.4 | 2y ago | A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. This affects an unknown part of the component Push Configuration Section. The manipulation of t… |