Total
5713 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21298 | 2025-01-15 | 9.8 Critical | ||
| Windows OLE Remote Code Execution Vulnerability | ||||
| CVE-2025-21304 | 2025-01-15 | 7.8 High | ||
| Microsoft DWM Core Library Elevation of Privilege Vulnerability | ||||
| CVE-2025-21297 | 2025-01-15 | 8.1 High | ||
| Windows Remote Desktop Services Remote Code Execution Vulnerability | ||||
| CVE-2025-21345 | 2025-01-15 | 7.8 High | ||
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2023-52837 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-01-15 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_open Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and blk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won't set disk->private_data as NULL as before. UAF may be triggered in nbd_open() if someone tries to open nbd device right after nbd_put() since nbd has been free in nbd_dev_remove(). Fix this by implementing ->free_disk and free private data in it. | ||||
| CVE-2024-23354 | 1 Qualcomm | 160 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 157 more | 2025-01-15 | 8.4 High |
| Memory corruption when the IOCTL call is interrupted by a signal. | ||||
| CVE-2025-21362 | 2025-01-15 | 8.4 High | ||
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2024-21471 | 1 Qualcomm | 350 205 Mobile, 205 Mobile Firmware, 215 Mobile and 347 more | 2025-01-15 | 8.4 High |
| Memory corruption when IOMMU unmap of a GPU buffer fails in Linux. | ||||
| CVE-2023-43521 | 1 Qualcomm | 154 Ar8035, Ar8035 Firmware, C-v2x 9150 and 151 more | 2025-01-15 | 6.7 Medium |
| Memory corruption when multiple listeners are being registered with the same file descriptor. | ||||
| CVE-2023-28319 | 4 Apple, Haxx, Netapp and 1 more | 13 Macos, Curl, Clustered Data Ontap and 10 more | 2025-01-15 | 7.5 High |
| A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. | ||||
| CVE-2025-21315 | 2025-01-15 | 7.8 High | ||
| Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
| CVE-2025-21307 | 2025-01-15 | 9.8 Critical | ||
| Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | ||||
| CVE-2024-50061 | 1 Linux | 1 Linux Kernel | 2025-01-15 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition In the cdns_i3c_master_probe function, &master->hj_work is bound with cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call cnds_i3c_master_demux_ibis function to start the work. If we remove the module which will call cdns_i3c_master_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | cdns_i3c_master_hj cdns_i3c_master_remove | i3c_master_unregister(&master->base) | device_unregister(&master->dev) | device_release | //free master->base | | i3c_master_do_daa(&master->base) | //use master->base Fix it by ensuring that the work is canceled before proceeding with the cleanup in cdns_i3c_master_remove. | ||||
| CVE-2025-21334 | 2025-01-15 | 7.8 High | ||
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | ||||
| CVE-2025-21335 | 2025-01-15 | 7.8 High | ||
| Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | ||||
| CVE-2025-21372 | 2025-01-15 | 7.8 High | ||
| Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
| CVE-2025-21224 | 2025-01-15 | 8.1 High | ||
| Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | ||||
| CVE-2025-21366 | 2025-01-15 | 7.8 High | ||
| Microsoft Access Remote Code Execution Vulnerability | ||||
| CVE-2025-21296 | 2025-01-15 | 7.5 High | ||
| BranchCache Remote Code Execution Vulnerability | ||||
| CVE-2025-21295 | 2025-01-15 | 8.1 High | ||
| SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | ||||