Total
6004 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-35693 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
| In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35687 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35666 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35660 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.7 MEDIUM |
| In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35658 | 1 Google | 1 Android | 2024-11-21 | N/A | 8.8 HIGH |
| In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-35628 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 8.1 HIGH |
| Windows MSHTML Platform Remote Code Execution Vulnerability | |||||
| CVE-2023-35380 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-35351 | 1 Microsoft | 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 6.6 MEDIUM |
| Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability | |||||
| CVE-2023-35323 | 1 Microsoft | 2 Windows 11 21h2, Windows Server 2022 | 2024-11-21 | N/A | 7.8 HIGH |
| Windows OLE Remote Code Execution Vulnerability | |||||
| CVE-2023-35313 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 7 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability | |||||
| CVE-2023-35300 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
| Remote Procedure Call Runtime Remote Code Execution Vulnerability | |||||
| CVE-2023-34795 | 1 Xlsxio Project | 1 Xlsxio | 2024-11-21 | N/A | 7.8 HIGH |
| xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XLSX file. | |||||
| CVE-2023-34494 | 1 Emqx | 1 Nanomq | 2024-11-21 | N/A | 7.5 HIGH |
| NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c. | |||||
| CVE-2023-34475 | 2 Fedoraproject, Imagemagick | 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick | 2024-11-21 | N/A | 5.5 MEDIUM |
| A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service. | |||||
| CVE-2023-34241 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue. | |||||
| CVE-2023-33595 | 1 Python | 1 Python | 2024-11-21 | N/A | 5.5 MEDIUM |
| CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. | |||||
| CVE-2023-33153 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | N/A | 6.8 MEDIUM |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2023-33149 | 1 Microsoft | 2 365 Apps, Office | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||
| CVE-2023-33128 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2024-11-21 | N/A | 7.3 HIGH |
| .NET and Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-33039 | 1 Qualcomm | 42 Qam8295p, Qam8295p Firmware, Qam8650p and 39 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption in Automotive Display while destroying the image handle created using connected display driver. | |||||