Total
5899 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46999 | 1 Linux | 1 Linux Kernel | 2025-01-08 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: sctp: do asoc update earlier in sctp_sf_do_dupcook_a There's a panic that occurs in a few of envs, the call trace is as below: [] general protection fault, ... 0x29acd70f1000a: 0000 [#1] SMP PTI [] RIP: 0010:sctp_ulpevent_notify_peer_addr_change+0x4b/0x1fa [sctp] [] sctp_assoc_control_transport+0x1b9/0x210 [sctp] [] sctp_do_8_2_transport_strike.isra.16+0x15c/0x220 [sctp] [] sctp_cmd_interpreter.isra.21+0x1231/0x1a10 [sctp] [] sctp_do_sm+0xc3/0x2a0 [sctp] [] sctp_generate_timeout_event+0x81/0xf0 [sctp] This is caused by a transport use-after-free issue. When processing a duplicate COOKIE-ECHO chunk in sctp_sf_do_dupcook_a(), both COOKIE-ACK and SHUTDOWN chunks are allocated with the transort from the new asoc. However, later in the sideeffect machine, the old asoc is used to send them out and old asoc's shutdown_last_sent_to is set to the transport that SHUTDOWN chunk attached to in sctp_cmd_setup_t2(), which actually belongs to the new asoc. After the new_asoc is freed and the old asoc T2 timeout, the old asoc's shutdown_last_sent_to that is already freed would be accessed in sctp_sf_t2_timer_expire(). Thanks Alexander and Jere for helping dig into this issue. To fix it, this patch is to do the asoc update first, then allocate the COOKIE-ACK and SHUTDOWN chunks with the 'updated' old asoc. This would make more sense, as a chunk from an asoc shouldn't be sent out with another asoc. We had fixed quite a few issues caused by this. | |||||
| CVE-2021-46969 | 1 Linux | 1 Linux Kernel | 2025-01-08 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Fix invalid error returning in mhi_queue mhi_queue returns an error when the doorbell is not accessible in the current state. This can happen when the device is in non M0 state, like M3, and needs to be waken-up prior ringing the DB. This case is managed earlier by triggering an asynchronous M3 exit via controller resume/suspend callbacks, that in turn will cause M0 transition and DB update. So, since it's not an error but just delaying of doorbell update, there is no reason to return an error. This also fixes a use after free error for skb case, indeed a caller queuing skb will try to free the skb if the queueing fails, but in that case queueing has been done. | |||||
| CVE-2024-26233 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2025-01-08 | N/A | 7.2 HIGH |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2024-26231 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2025-01-08 | N/A | 7.2 HIGH |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2024-26230 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-08 | N/A | 7.8 HIGH |
| Windows Telephony Server Elevation of Privilege Vulnerability | |||||
| CVE-2024-26227 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2025-01-08 | N/A | 7.2 HIGH |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2024-26224 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2025-01-08 | N/A | 7.2 HIGH |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2024-26223 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2025-01-08 | N/A | 7.2 HIGH |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2024-26222 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2025-01-08 | N/A | 7.2 HIGH |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2024-0155 | 1 Dell | 1 Digital Delivery | 2025-01-08 | N/A | 7.0 HIGH |
| Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to application crash or execution of arbitrary code. | |||||
| CVE-2024-26241 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-01-08 | N/A | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2024-26237 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-08 | N/A | 7.8 HIGH |
| Windows Defender Credential Guard Elevation of Privilege Vulnerability | |||||
| CVE-2024-30035 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-01-08 | N/A | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2024-30032 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-01-08 | N/A | 7.8 HIGH |
| Windows DWM Core Library Elevation of Privilege Vulnerability | |||||
| CVE-2024-30031 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-08 | N/A | 7.8 HIGH |
| Windows CNG Key Isolation Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-30028 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-08 | N/A | 7.8 HIGH |
| Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2024-26221 | 1 Microsoft | 4 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 1 more | 2025-01-08 | N/A | 7.2 HIGH |
| Windows DNS Server Remote Code Execution Vulnerability | |||||
| CVE-2024-49079 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-08 | N/A | 7.8 HIGH |
| Input Method Editor (IME) Remote Code Execution Vulnerability | |||||
| CVE-2024-49074 | 1 Microsoft | 4 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 1 more | 2025-01-08 | N/A | 7.8 HIGH |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-49069 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-01-08 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||