Total
599 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21201 | 2025-03-12 | 8.8 High | ||
| Windows Telephony Server Remote Code Execution Vulnerability | ||||
| CVE-2025-21183 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2025-03-12 | 7.4 High |
| Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | ||||
| CVE-2025-21182 | 1 Microsoft | 2 Windows 11 24h2, Windows Server 2025 | 2025-03-12 | 7.4 High |
| Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-49095 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-03-11 | 7 High |
| Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | ||||
| CVE-2024-30013 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2025-03-11 | 8.8 High |
| Windows MultiPoint Services Remote Code Execution Vulnerability | ||||
| CVE-2024-38087 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2025-03-11 | 8.8 High |
| SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
| CVE-2022-43454 | 2025-03-11 | 7.8 High | ||
| A double free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-49541 | 1 Linux | 1 Linux Kernel | 2025-03-10 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799 | ||||
| CVE-2022-49530 | 1 Linux | 1 Linux Kernel | 2025-03-10 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix double free in si_parse_power_table() In function si_parse_power_table(), array adev->pm.dpm.ps and its member is allocated. If the allocation of each member fails, the array itself is freed and returned with an error code. However, the array is later freed again in si_dpm_fini() function which is called when the function returns an error. This leads to potential double free of the array adev->pm.dpm.ps, as well as leak of its array members, since the members are not freed in the allocation function and the array is not nulled when freed. In addition adev->pm.dpm.num_ps, which keeps track of the allocated array member, is not updated until the member allocation is successfully finished, this could also lead to either use after free, or uninitialized variable access in si_dpm_fini(). Fix this by postponing the free of the array until si_dpm_fini() and increment adev->pm.dpm.num_ps everytime the array member is allocated. | ||||
| CVE-2024-57980 | 1 Linux | 1 Linux Kernel | 2025-03-07 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it. Reviewed by: Ricardo Ribalda <ribalda@chromium.org> | ||||
| CVE-2024-53698 | 2025-03-07 | N/A | ||
| A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | ||||
| CVE-2022-3707 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-03-07 | 5.5 Medium |
| A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. | ||||
| CVE-2023-52888 | 2025-03-06 | 4.1 Medium | ||
| In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Only free buffer VA that is not NULL In the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly called only when the buffer to free exists, there are some instances that didn't do the check and triggered warnings in practice. We believe those checks were forgotten unintentionally. Add the checks back to fix the warnings. | ||||
| CVE-2021-40574 | 1 Gpac | 1 Gpac | 2025-03-05 | 7.8 High |
| The binary MP4Box in Gpac from 0.9.0-preview to 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||||
| CVE-2023-3609 | 3 Debian, Linux, Redhat | 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more | 2025-03-05 | 7.8 High |
| A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. | ||||
| CVE-2023-33137 | 1 Microsoft | 2 Office, Office Online Server | 2025-02-28 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2023-33161 | 1 Microsoft | 2 365 Apps, Office | 2025-02-28 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2020-9859 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2025-02-28 | 7.8 High |
| A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2023-35371 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-02-27 | 7.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2023-36420 | 1 Microsoft | 2 Odbc Driver For Sql Server, Sql Server | 2025-02-27 | 7.8 High |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||