ReportizFlow
Filtered by vendor
Subscriptions
Total
571 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33952 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Linux For Real Time and 2 more | 2024-11-21 | 6.7 Medium |
| A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. This issue occurs due to the lack of validating the existence of an object prior to performing further free operations on the object, which may allow a local privileged user to escalate privileges and execute code in the context of the kernel. | ||||
| CVE-2023-33161 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2023-33137 | 1 Microsoft | 3 Excel, Office, Office Online Server | 2024-11-21 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2023-32824 | 2 Google, Mediatek | 31 Android, Mt6580, Mt6739 and 28 more | 2024-11-21 | 6.7 Medium |
| In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912961. | ||||
| CVE-2023-29469 | 3 Debian, Redhat, Xmlsoft | 5 Debian Linux, Enterprise Linux, Jboss Core Services and 2 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). | ||||
| CVE-2023-29368 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-11-21 | 7 High |
| Windows Filtering Platform Elevation of Privilege Vulnerability | ||||
| CVE-2023-29366 | 1 Microsoft | 9 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-11-21 | 7.8 High |
| Windows Geolocation Service Remote Code Execution Vulnerability | ||||
| CVE-2023-28583 | 1 Qualcomm | 60 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 57 more | 2024-11-21 | 6.7 Medium |
| Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. | ||||
| CVE-2023-28464 | 3 Linux, Netapp, Redhat | 7 Linux Kernel, H300s Firmware, H410c Firmware and 4 more | 2024-11-21 | 7.8 High |
| hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. | ||||
| CVE-2023-28411 | 1 Intel | 20 Server System D50tnp1mhcpac, Server System D50tnp1mhcpac Firmware, Server System D50tnp1mhcrac and 17 more | 2024-11-21 | 6.3 Medium |
| Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. | ||||
| CVE-2023-28296 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2024-11-21 | 7.8 High |
| Visual Studio Remote Code Execution Vulnerability | ||||
| CVE-2023-27537 | 4 Broadcom, Haxx, Netapp and 1 more | 13 Brocade Fabric Operating System Firmware, Libcurl, Active Iq Unified Manager and 10 more | 2024-11-21 | 5.9 Medium |
| A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free. | ||||
| CVE-2023-27320 | 2 Fedoraproject, Sudo Project | 2 Fedora, Sudo | 2024-11-21 | 7.2 High |
| Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | ||||
| CVE-2023-26545 | 3 Linux, Netapp, Redhat | 14 Linux Kernel, H300s, H300s Firmware and 11 more | 2024-11-21 | 4.7 Medium |
| In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | ||||
| CVE-2023-25801 | 1 Google | 1 Tensorflow | 2024-11-21 | 8 High |
| TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1. | ||||
| CVE-2023-25136 | 4 Fedoraproject, Netapp, Openbsd and 1 more | 10 Fedora, 500f, 500f Firmware and 7 more | 2024-11-21 | 6.5 Medium |
| OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." | ||||
| CVE-2023-24903 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-11-21 | 8.1 High |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | ||||
| CVE-2023-23402 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-11-21 | 7.8 High |
| Windows Media Remote Code Execution Vulnerability | ||||
| CVE-2023-21629 | 1 Qualcomm | 424 205, 205 Firmware, 215 and 421 more | 2024-11-21 | 6.8 Medium |
| Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. | ||||
| CVE-2023-21500 | 1 Samsung | 1 Android | 2024-11-21 | 6 Medium |
| Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory. | ||||