Total
5557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40669 | 2025-01-28 | N/A | 8.4 HIGH | ||
| In TBD of TBD, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40651 | 2025-01-28 | N/A | 8.4 HIGH | ||
| In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-40649 | 2025-01-28 | N/A | 8.4 HIGH | ||
| In TBD of TBD, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-34748 | 2025-01-28 | N/A | 8.4 HIGH | ||
| In _DevmemXReservationPageAddress of devicemem_server.c, there is a possible use-after-free due to improper casting. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-31974 | 1 Tortall | 1 Yasm | 2025-01-28 | N/A | 5.5 MEDIUM |
| yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. | |||||
| CVE-2022-48386 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | N/A | 4.4 MEDIUM |
| the apipe driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed. | |||||
| CVE-2024-0147 | 2025-01-28 | N/A | 5.5 MEDIUM | ||
| NVIDIA GPU display driver for Windows and Linux contains a vulnerability where referencing memory after it has been freed can lead to denial of service or data tampering. | |||||
| CVE-2024-36971 | 1 Linux | 1 Linux Kernel | 2025-01-27 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets. | |||||
| CVE-2023-43543 | 1 Qualcomm | 32 Qam8255p, Qam8255p Firmware, Qam8775p and 29 more | 2025-01-27 | N/A | 6.7 MEDIUM |
| Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph object. | |||||
| CVE-2023-43544 | 1 Qualcomm | 54 Ar8035, Ar8035 Firmware, Fastconnect 7800 and 51 more | 2025-01-27 | N/A | 6.7 MEDIUM |
| Memory corruption when IPC callback handle is used after it has been released during register callback by another thread. | |||||
| CVE-2025-21224 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-01-27 | N/A | 8.1 HIGH |
| Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | |||||
| CVE-2025-21281 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-27 | N/A | 7.8 HIGH |
| Microsoft COM for Windows Elevation of Privilege Vulnerability | |||||
| CVE-2023-31566 | 1 Podofo Project | 1 Podofo | 2025-01-27 | N/A | 8.8 HIGH |
| Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). | |||||
| CVE-2024-26866 | 1 Linux | 1 Linux Kernel | 2025-01-27 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: spi: lpspi: Avoid potential use-after-free in probe() fsl_lpspi_probe() is allocating/disposing memory manually with spi_alloc_host()/spi_alloc_target(), but uses devm_spi_register_controller(). In case of error after the latter call the memory will be explicitly freed in the probe function by spi_controller_put() call, but used afterwards by "devm" management outside probe() (spi_unregister_controller() <- devm_spi_unregister() below). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000070 ... Call trace: kernfs_find_ns kernfs_find_and_get_ns sysfs_remove_group sysfs_remove_groups device_remove_attrs device_del spi_unregister_controller devm_spi_unregister release_nodes devres_release_all really_probe driver_probe_device __device_attach_driver bus_for_each_drv __device_attach device_initial_probe bus_probe_device deferred_probe_work_func process_one_work worker_thread kthread ret_from_fork | |||||
| CVE-2022-49043 | 2025-01-26 | N/A | 8.1 HIGH | ||
| xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. | |||||
| CVE-2025-21307 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 9.8 CRITICAL |
| Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | |||||
| CVE-2025-21304 | 1 Microsoft | 6 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 3 more | 2025-01-24 | N/A | 7.8 HIGH |
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2025-21298 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 9.8 CRITICAL |
| Windows OLE Remote Code Execution Vulnerability | |||||
| CVE-2025-21297 | 1 Microsoft | 7 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 4 more | 2025-01-24 | N/A | 8.1 HIGH |
| Windows Remote Desktop Services Remote Code Execution Vulnerability | |||||
| CVE-2025-21296 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 7.5 HIGH |
| BranchCache Remote Code Execution Vulnerability | |||||