Total
5556 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-43535 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-10-16 | N/A | 7.0 HIGH |
| Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | |||||
| CVE-2024-43533 | 1 Microsoft | 6 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 3 more | 2024-10-16 | N/A | 8.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2024-43582 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2024-10-16 | N/A | 8.1 HIGH |
| Remote Desktop Protocol Server Remote Code Execution Vulnerability | |||||
| CVE-2024-23370 | 1 Qualcomm | 22 Qca6584au, Qca6584au Firmware, Qca6698aq and 19 more | 2024-10-16 | N/A | 6.7 MEDIUM |
| Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. | |||||
| CVE-2024-23376 | 1 Qualcomm | 42 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 39 more | 2024-10-16 | N/A | 6.7 MEDIUM |
| Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. | |||||
| CVE-2024-33069 | 1 Qualcomm | 88 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 85 more | 2024-10-16 | N/A | 7.5 HIGH |
| Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. | |||||
| CVE-2024-38399 | 1 Qualcomm | 80 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 77 more | 2024-10-16 | N/A | 7.8 HIGH |
| Memory corruption while processing user packets to generate page faults. | |||||
| CVE-2024-8422 | 1 Schneider-electric | 1 Zelio Soft 2 | 2024-10-16 | N/A | 7.8 HIGH |
| CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. | |||||
| CVE-2024-39831 | 1 Openatom | 1 Openharmony | 2024-10-16 | N/A | 6.7 MEDIUM |
| in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free. | |||||
| CVE-2024-9979 | 2024-10-16 | N/A | 5.3 MEDIUM | ||
| A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references. | |||||
| CVE-2024-43701 | 2024-10-15 | N/A | 7.8 HIGH | ||
| Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. | |||||
| CVE-2024-47418 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | N/A | 7.8 HIGH |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-47415 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | N/A | 7.8 HIGH |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-47414 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | N/A | 7.8 HIGH |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-47413 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | N/A | 7.8 HIGH |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-47412 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | N/A | 7.8 HIGH |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2024-38259 | 1 Microsoft | 6 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 3 more | 2024-10-10 | N/A | 8.8 HIGH |
| Microsoft Management Console Remote Code Execution Vulnerability | |||||
| CVE-2024-43047 | 1 Qualcomm | 128 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6800 and 125 more | 2024-10-09 | N/A | 7.8 HIGH |
| Memory corruption while maintaining memory maps of HLOS memory. | |||||
| CVE-2024-46842 | 1 Linux | 1 Linux Kernel | 2024-10-08 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the routine unconditionally frees submitted mailbox commands regardless of return status. The issue is that for MBX_TIMEOUT cases, when firmware returns SFP information at a later time, that same mailbox memory region references previously freed memory in its cmpl routine. Fix by adding checks for the MBX_TIMEOUT return code. During mailbox resource cleanup, check the mbox flag to make sure that the wait did not timeout. If the MBOX_WAKE flag is not set, then do not free the resources because it will be freed when firmware completes the mailbox at a later time in its cmpl routine. Also, increase the timeout from 30 to 60 seconds to accommodate boot scripts requiring longer timeouts. | |||||
| CVE-2024-0124 | 2024-10-04 | N/A | 3.3 LOW | ||
| NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service. | |||||