Q2 2024 was eventful in terms of new interesting vulnerabilities and exploitation techniques for applications and operating systems. Attacks through vulnerable drivers have become prevalent as a general means of privilege escalation in the operating system. Such attacks are notable in that the vulnerability does not have to be fresh, since attackers themselves deliver unpatched drivers to the system. This report considers the statistics of research publications that can be used by cybercriminals to attack target systems, and provides statistical snapshots of vulnerabilities.
Statistics on registered vulnerabilities
In this section, we look at statistics on registered vulnerabilities based on data from the cve.org portal.
In Q2 2024, the number of registered vulnerabilities exceeded last year’s figure for the same period, and is likely to grow further, as some vulnerabilities are not added to the CVE list immediately after registration. This trend is in line with the general uptick in the number of registered vulnerabilities that we noted in our Q1 report.
Total number of registered vulnerabilities and number of critical ones, Q2 2023 and Q2 2024 (download)
Comparing the data for the period 2019–2024 we see that in H1 2024 the total number of registered vulnerabilities was slightly less than half of the figure for the whole of 2023. Worth noting is the quarter-on-quarter rise in the number of registered vulnerabilities, for which reason we cannot say for sure that it won’t exceed the 2023 figure by year’s end.
Number of vulnerabilities and the share of critical ones and of those fo ..
Support the originator by clicking the read the rest link below.
