CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-10-17
Waiting for details
CVE-2024-3187

Updating...
 

 
This issue tracks two CWE-416 Use After Free (UAF) and one CWE-415 Double Free vulnerabilities in Goahead versions <= 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the ME_GOAHEAD_JAVASCRIPT flag is enabled, a remote attacker with the privileges to modify JavaScript template (JST) files could exploit this by providing malicious templates. This may lead to memory corruption, potentially causing a Denial of Service (DoS) or, in rare cases, code execution, though the latter is highly context-dependent.

 
2024-10-11
Waiting for details
CVE-2024-45402

Updating...
 

 
Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picotls that call the crypto libraries) may attempt to free the same memory twice. This double free occurs during the disposal of multiple objects without any intervening calls to malloc Typically, this triggers the malloc implementation to detect the error and abort the process. However, depending on the internals of malloc and the crypto backend being used, the flaw could potentially lead to a use-after-free scenario, which might allow for arbitrary code execution. The vulnerability is addressed with commit 9b88159ce763d680e4a13b6e8f3171ae923a535d.

 
2024-10-08
Waiting for details
CVE-2024-43514

Updating...
 

 
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

 
2024-09-10
Waiting for details
CVE-2024-38247

Updating...
 

 
Windows Graphics Component Elevation of Privilege Vulnerability

 
2024-08-13
Waiting for details
CVE-2024-38157

Updating...
 

 
Azure IoT SDK Remote Code Execution Vulnerability

 
2024-05-14
Waiting for details
CVE-2023-44247

Updating...
 

 
A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests.

 
2024-04-09
Waiting for details
CVE-2024-3446

Updating...
 

 
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.

 
2024-03-18
Waiting for details
CVE-2024-2002

Updating...
 

 
A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.

 
2024-02-20
Waiting for details
CVE-2023-38562

Updating...
 

 
A double-free vulnerability exists in the IP header loopback parsing functionality of Weston Embedded uC-TCP-IP v3.06.01. A specially crafted set of network packets can lead to memory corruption, potentially resulting in code execution. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.

 
Waiting for details
CVE-2024-23809

Updating...
 

 
A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top