Total
5622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-23848 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
| In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. | |||||
| CVE-2024-23658 | 2024-11-21 | N/A | 4.4 MEDIUM | ||
| In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed | |||||
| CVE-2024-23380 | 1 Qualcomm | 212 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 209 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption while handling user packets during VBO bind operation. | |||||
| CVE-2024-23373 | 1 Qualcomm | 444 205 Mobile Platform, 205 Mobile Platform Firmware, 215 Mobile Platform and 441 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting released. | |||||
| CVE-2024-23322 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | N/A | 7.5 HIGH |
| Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-22956 | 1 Swftools | 1 Swftools | 2024-11-21 | N/A | 7.8 HIGH |
| swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838 | |||||
| CVE-2024-22920 | 1 Swftools | 1 Swftools | 2024-11-21 | N/A | 7.8 HIGH |
| swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c. | |||||
| CVE-2024-22915 | 1 Swftools | 1 Swftools | 2024-11-21 | N/A | 7.8 HIGH |
| A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution. | |||||
| CVE-2024-22914 | 1 Swftools | 1 Swftools | 2024-11-21 | N/A | 5.5 MEDIUM |
| A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service. | |||||
| CVE-2024-22253 | 2024-11-21 | N/A | 9.3 CRITICAL | ||
| VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. | |||||
| CVE-2024-22088 | 1 Chendotjs | 1 Lotos Webserver | 2024-11-21 | N/A | 9.8 CRITICAL |
| Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled. | |||||
| CVE-2024-21860 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 8.2 HIGH |
| in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. | |||||
| CVE-2024-21803 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 3.5 LOW |
| Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1. | |||||
| CVE-2024-21407 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 8.1 HIGH |
| Windows Hyper-V Remote Code Execution Vulnerability | |||||
| CVE-2024-21399 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2024-21385 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2024-21384 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.8 HIGH |
| Microsoft Office OneNote Remote Code Execution Vulnerability | |||||
| CVE-2024-21375 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-21339 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-11-21 | N/A | 6.4 MEDIUM |
| Windows USB Generic Parent Driver Remote Code Execution Vulnerability | |||||
| CVE-2024-21326 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 9.6 CRITICAL |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||