Total
6052 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43459 | 1 Microsoft | 3 Sql Server 2016, Sql Server 2017, Sql Server 2019 | 2024-11-19 | N/A | 8.8 HIGH |
| SQL Server Native Client Remote Code Execution Vulnerability | |||||
| CVE-2023-4679 | 1 Gpac | 1 Gpac | 2024-11-19 | N/A | 5.5 MEDIUM |
| A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash. | |||||
| CVE-2024-43642 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2024-11-18 | N/A | 7.5 HIGH |
| Windows SMB Denial of Service Vulnerability | |||||
| CVE-2023-4134 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2024-11-18 | N/A | 5.5 MEDIUM |
| A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service. | |||||
| CVE-2024-49032 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-18 | N/A | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||
| CVE-2024-49526 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-18 | N/A | 7.8 HIGH |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-49027 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2024-11-16 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2024-43625 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2024-11-15 | N/A | 8.1 HIGH |
| Microsoft Windows VMSwitch Elevation of Privilege Vulnerability | |||||
| CVE-2024-8376 | 1 Eclipse | 1 Mosquitto | 2024-11-15 | N/A | 7.5 HIGH |
| In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. | |||||
| CVE-2024-49016 | 1 Microsoft | 3 Sql Server 2016, Sql Server 2017, Sql Server 2019 | 2024-11-15 | N/A | 8.8 HIGH |
| SQL Server Native Client Remote Code Execution Vulnerability | |||||
| CVE-2024-49021 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2024-11-15 | N/A | 7.8 HIGH |
| Microsoft SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2024-49003 | 1 Microsoft | 3 Sql Server 2016, Sql Server 2017, Sql Server 2019 | 2024-11-15 | N/A | 8.8 HIGH |
| SQL Server Native Client Remote Code Execution Vulnerability | |||||
| CVE-2024-40885 | 2024-11-15 | N/A | 6.4 MEDIUM | ||
| Use after free in the UEFI firmware of some Intel(R) Server M20NTP BIOS may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-50027 | 1 Linux | 1 Linux Kernel | 2024-11-08 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: thermal: core: Free tzp copy along with the thermal zone The object pointed to by tz->tzp may still be accessed after being freed in thermal_zone_device_unregister(), so move the freeing of it to the point after the removal completion has been completed at which it cannot be accessed any more. | |||||
| CVE-2023-52913 | 1 Linux | 1 Linux Kernel | 2024-11-08 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs gem_context_register() makes the context visible to userspace, and which point a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl. So we need to ensure that nothing uses the ctx ptr after this. And we need to ensure that adding the ctx to the xarray is the *last* thing that gem_context_register() does with the ctx pointer. [tursulin: Stable and fixes tags add/tidy.] (cherry picked from commit bed4b455cf5374e68879be56971c1da563bcd90c) | |||||
| CVE-2024-33068 | 1 Qualcomm | 244 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 241 more | 2024-11-07 | N/A | 7.5 HIGH |
| Transient DOS while parsing fragments of MBSSID IE from beacon frame. | |||||
| CVE-2024-33029 | 1 Qualcomm | 6 Qca6584au, Qca6584au Firmware, Qca6698aq and 3 more | 2024-11-07 | N/A | 6.7 MEDIUM |
| Memory corruption while handling the PDR in driver for getting the remote heap maps. | |||||
| CVE-2024-38424 | 1 Qualcomm | 238 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 235 more | 2024-11-07 | N/A | 7.8 HIGH |
| Memory corruption during GNSS HAL process initialization. | |||||
| CVE-2024-38421 | 1 Qualcomm | 154 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 7800 and 151 more | 2024-11-07 | N/A | 7.8 HIGH |
| Memory corruption while processing GPU commands. | |||||
| CVE-2024-38419 | 1 Qualcomm | 296 Ar8035, Ar8035 Firmware, Csra6620 and 293 more | 2024-11-07 | N/A | 7.8 HIGH |
| Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. | |||||