Vulnerabilities (CVE)

Filtered by CWE-416
Total 5639 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-23380 1 Qualcomm 212 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 209 more 2024-11-21 N/A 8.4 HIGH
Memory corruption while handling user packets during VBO bind operation.
CVE-2024-23373 1 Qualcomm 444 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 441 more 2024-11-21 N/A 8.4 HIGH
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released.
CVE-2024-23322 1 Envoyproxy 1 Envoy 2024-11-21 N/A 7.5 HIGH
Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-22920 1 Swftools 1 Swftools 2024-11-21 N/A 7.8 HIGH
swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c.
CVE-2024-22914 1 Swftools 1 Swftools 2024-11-21 N/A 5.5 MEDIUM
A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service.
CVE-2024-22088 1 Chendotjs 1 Lotos Webserver 2024-11-21 N/A 9.8 CRITICAL
Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.
CVE-2024-21860 1 Openatom 1 Openharmony 2024-11-21 N/A 8.2 HIGH
in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free.
CVE-2024-21803 1 Linux 1 Linux Kernel 2024-11-21 N/A 3.5 LOW
Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.
CVE-2024-21407 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-11-21 N/A 8.1 HIGH
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2024-21399 1 Microsoft 1 Edge Chromium 2024-11-21 N/A 8.3 HIGH
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-21385 1 Microsoft 1 Edge Chromium 2024-11-21 N/A 8.3 HIGH
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2024-21384 1 Microsoft 2 365 Apps, Office Long Term Servicing Channel 2024-11-21 N/A 7.8 HIGH
Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2024-21375 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2024-11-21 N/A 8.8 HIGH
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2024-21339 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2024-11-21 N/A 6.4 MEDIUM
Windows USB Generic Parent Driver Remote Code Execution Vulnerability
CVE-2024-21326 1 Microsoft 1 Edge Chromium 2024-11-21 N/A 9.6 CRITICAL
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2024-21307 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-11-21 N/A 7.5 HIGH
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2024-21303 1 Microsoft 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more 2024-11-21 N/A 8.8 HIGH
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-20734 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 N/A 5.5 MEDIUM
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20731 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 N/A 7.8 HIGH
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-20729 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 N/A 7.8 HIGH
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.