Total
168 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-38373 | 1 Amazon | 1 Freertos-plus-tcp | 2024-11-21 | N/A | 9.6 CRITICAL |
| FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the actual domain name length, could cause the parser to read beyond the DNS response buffer. This issue affects applications using DNS functionality of the FreeRTOS-Plus-TCP stack. Applications that do not use DNS functionality are not affected, even when the DNS functionality is enabled. This vulnerability has been patched in version 4.1.1. | |||||
| CVE-2024-38071 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2024-11-21 | N/A | 7.5 HIGH |
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability | |||||
| CVE-2024-31081 | 2024-11-21 | N/A | 7.3 HIGH | ||
| A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. | |||||
| CVE-2024-31080 | 2024-11-21 | N/A | 7.3 HIGH | ||
| A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents() function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a different endianness. This vulnerability could be exploited by an attacker to cause the X server to read heap memory values and then transmit them back to the client until encountering an unmapped page, resulting in a crash. Despite the attacker's inability to control the specific memory copied into the replies, the small length values typically stored in a 32-bit integer can result in significant attempted out-of-bounds reads. | |||||
| CVE-2024-30079 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | |||||
| CVE-2024-30071 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 4.7 MEDIUM |
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | |||||
| CVE-2024-30069 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 4.7 MEDIUM |
| Windows Remote Access Connection Manager Information Disclosure Vulnerability | |||||
| CVE-2024-21465 | 1 Qualcomm | 518 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 515 more | 2024-11-21 | N/A | 7.8 HIGH |
| Memory corruption while processing key blob passed by the user. | |||||
| CVE-2024-21462 | 1 Qualcomm | 622 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 619 more | 2024-11-21 | N/A | 7.1 HIGH |
| Transient DOS while loading the TA ELF file. | |||||
| CVE-2024-21458 | 1 Qualcomm | 222 Ar8035, Ar8035 Firmware, Csr8811 and 219 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Information disclosure while handling SA query action frame. | |||||
| CVE-2024-21457 | 1 Qualcomm | 222 Ar8035, Ar8035 Firmware, Csr8811 and 219 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| INformation disclosure while handling Multi-link IE in beacon frame. | |||||
| CVE-2024-21456 | 1 Qualcomm | 84 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 81 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Information Disclosure while parsing beacon frame in STA. | |||||
| CVE-2024-21340 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 4.6 MEDIUM |
| Windows Kernel Information Disclosure Vulnerability | |||||
| CVE-2023-51773 | 2024-11-21 | N/A | 9.1 CRITICAL | ||
| BACnet Stack before 1.3.2 has a decode function APDU buffer over-read in bacapp_decode_application_data in bacapp.c. | |||||
| CVE-2023-45919 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
| Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | |||||
| CVE-2023-38152 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| DHCP Server Service Information Disclosure Vulnerability | |||||
| CVE-2023-36904 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | |||||
| CVE-2023-36801 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| DHCP Server Service Information Disclosure Vulnerability | |||||
| CVE-2023-36773 | 1 Microsoft | 1 3d Builder | 2024-11-21 | N/A | 7.8 HIGH |
| 3D Builder Remote Code Execution Vulnerability | |||||
| CVE-2023-36397 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | |||||