Total
4506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-4855 | 2024-06-10 | N/A | 3.6 LOW | ||
| Use after free issue in editcap could cause denial of service via crafted capture file | |||||
| CVE-2024-34161 | 2024-06-10 | N/A | 5.3 MEDIUM | ||
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module and the network infrastructure supports a Maximum Transmission Unit (MTU) of 4096 or greater without fragmentation, undisclosed QUIC packets can cause NGINX worker processes to leak previously freed memory. | |||||
| CVE-2024-24990 | 2024-06-10 | N/A | 7.5 HIGH | ||
| When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2024-30375 | 2024-06-07 | N/A | 7.8 HIGH | ||
| Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of KSP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22515. | |||||
| CVE-2024-5269 | 2024-06-07 | N/A | 8.8 HIGH | ||
| Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SMB2 messages. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22459. | |||||
| CVE-2019-18683 | 6 Broadcom, Canonical, Debian and 3 more | 23 Fabric Operating System, Ubuntu Linux, Debian Linux and 20 more | 2024-06-07 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free. | |||||
| CVE-2023-43544 | 2024-06-03 | N/A | 6.7 MEDIUM | ||
| Memory corruption when IPC callback handle is used after it has been released during register callback by another thread. | |||||
| CVE-2023-43543 | 2024-06-03 | N/A | 6.7 MEDIUM | ||
| Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph object. | |||||
| CVE-2024-26592 | 1 Linux | 1 Linux Kernel | 2024-05-29 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is between the handling of a new TCP connection and its disconnection. It leads to UAF on `struct tcp_transport` in ksmbd_tcp_new_connection() function. | |||||
| CVE-2023-23421 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2024-05-29 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-23420 | 1 Microsoft | 13 Windows 10, Windows 10 1607, Windows 10 1809 and 10 more | 2024-05-29 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-23404 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 8.1 HIGH |
| Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | |||||
| CVE-2023-23392 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows Server 2022 | 2024-05-29 | N/A | 9.8 CRITICAL |
| HTTP Protocol Stack Remote Code Execution Vulnerability | |||||
| CVE-2023-38161 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 7.8 HIGH |
| Windows GDI Elevation of Privilege Vulnerability | |||||
| CVE-2023-38160 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 5.5 MEDIUM |
| Windows TCP/IP Information Disclosure Vulnerability | |||||
| CVE-2023-38139 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-36804 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-05-29 | N/A | 7.8 HIGH |
| Windows GDI Elevation of Privilege Vulnerability | |||||
| CVE-2023-36802 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2024-05-29 | N/A | 7.8 HIGH |
| Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability | |||||
| CVE-2023-36760 | 1 Microsoft | 1 3d Viewer | 2024-05-29 | N/A | 7.8 HIGH |
| 3D Viewer Remote Code Execution Vulnerability | |||||
| CVE-2023-36735 | 1 Microsoft | 1 Edge Chromium | 2024-05-29 | N/A | 9.6 CRITICAL |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||