Total
5557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23807 | 1 Apache | 1 Xerces-c\+\+ | 2025-01-16 | N/A | 9.8 CRITICAL |
| The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. This issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4. | |||||
| CVE-2021-47088 | 1 Linux | 1 Linux Kernel | 2025-01-16 | N/A | 7.0 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: protect targets destructions with kdamond_lock DAMON debugfs interface iterates current monitoring targets in 'dbgfs_target_ids_read()' while holding the corresponding 'kdamond_lock'. However, it also destructs the monitoring targets in 'dbgfs_before_terminate()' without holding the lock. This can result in a use_after_free bug. This commit avoids the race by protecting the destruction with the corresponding 'kdamond_lock'. | |||||
| CVE-2024-29043 | 1 Microsoft | 3 Odbc Driver For Sql Server, Sql Server 2019, Sql Server 2022 | 2025-01-16 | N/A | 8.8 HIGH |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-21308 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2025-01-15 | N/A | 8.8 HIGH |
| SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | |||||
| CVE-2024-21332 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2025-01-15 | N/A | 8.8 HIGH |
| SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | |||||
| CVE-2025-21335 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 4 more | 2025-01-15 | N/A | 7.8 HIGH |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | |||||
| CVE-2025-21334 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 4 more | 2025-01-15 | N/A | 7.8 HIGH |
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | |||||
| CVE-2023-52837 | 1 Linux | 1 Linux Kernel | 2025-01-15 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_open Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and blk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won't set disk->private_data as NULL as before. UAF may be triggered in nbd_open() if someone tries to open nbd device right after nbd_put() since nbd has been free in nbd_dev_remove(). Fix this by implementing ->free_disk and free private data in it. | |||||
| CVE-2024-23354 | 1 Qualcomm | 152 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 149 more | 2025-01-15 | N/A | 8.4 HIGH |
| Memory corruption when the IOCTL call is interrupted by a signal. | |||||
| CVE-2024-21471 | 1 Qualcomm | 350 205 Mobile, 205 Mobile Firmware, 215 Mobile and 347 more | 2025-01-15 | N/A | 8.4 HIGH |
| Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. | |||||
| CVE-2023-43521 | 1 Qualcomm | 154 Ar8035, Ar8035 Firmware, C-v2x 9150 and 151 more | 2025-01-15 | N/A | 6.7 MEDIUM |
| Memory corruption when multiple listeners are being registered with the same file descriptor. | |||||
| CVE-2023-28319 | 3 Apple, Haxx, Netapp | 12 Macos, Curl, Clustered Data Ontap and 9 more | 2025-01-15 | N/A | 7.5 HIGH |
| A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. | |||||
| CVE-2021-27646 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests. | |||||
| CVE-2019-19344 | 4 Canonical, Opensuse, Samba and 1 more | 7 Ubuntu Linux, Leap, Samba and 4 more | 2025-01-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. | |||||
| CVE-2021-27649 | 1 Synology | 2 Diskstation Manager, Diskstation Manager Unified Controller | 2025-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2024-49115 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-01-14 | N/A | 8.1 HIGH |
| Windows Remote Desktop Services Remote Code Execution Vulnerability | |||||
| CVE-2024-49116 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2025-01-14 | N/A | 8.1 HIGH |
| Windows Remote Desktop Services Remote Code Execution Vulnerability | |||||
| CVE-2024-49118 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-14 | N/A | 8.1 HIGH |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
| CVE-2024-49122 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-14 | N/A | 8.1 HIGH |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | |||||
| CVE-2024-49126 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-14 | N/A | 8.1 HIGH |
| Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | |||||