Total
5639 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-23380 | 1 Qualcomm | 212 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 209 more | 2024-11-21 | N/A | 8.4 HIGH |
Memory corruption while handling user packets during VBO bind operation. | |||||
CVE-2024-23373 | 1 Qualcomm | 444 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 441 more | 2024-11-21 | N/A | 8.4 HIGH |
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. | |||||
CVE-2024-23322 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | N/A | 7.5 HIGH |
Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
CVE-2024-22920 | 1 Swftools | 1 Swftools | 2024-11-21 | N/A | 7.8 HIGH |
swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c. | |||||
CVE-2024-22914 | 1 Swftools | 1 Swftools | 2024-11-21 | N/A | 5.5 MEDIUM |
A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service. | |||||
CVE-2024-22088 | 1 Chendotjs | 1 Lotos Webserver | 2024-11-21 | N/A | 9.8 CRITICAL |
Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled. | |||||
CVE-2024-21860 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 8.2 HIGH |
in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. | |||||
CVE-2024-21803 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 3.5 LOW |
Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1. | |||||
CVE-2024-21407 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.1 HIGH |
Windows Hyper-V Remote Code Execution Vulnerability | |||||
CVE-2024-21399 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 8.3 HIGH |
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
CVE-2024-21385 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 8.3 HIGH |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
CVE-2024-21384 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.8 HIGH |
Microsoft Office OneNote Remote Code Execution Vulnerability | |||||
CVE-2024-21375 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 8.8 HIGH |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||
CVE-2024-21339 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-11-21 | N/A | 6.4 MEDIUM |
Windows USB Generic Parent Driver Remote Code Execution Vulnerability | |||||
CVE-2024-21326 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 9.6 CRITICAL |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
CVE-2024-21307 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.5 HIGH |
Remote Desktop Client Remote Code Execution Vulnerability | |||||
CVE-2024-21303 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | |||||
CVE-2024-20734 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-20731 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2024-20729 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |