Skip to main content
CVE-2024-49119 HIGH This Week

Windows Remote Desktop Services Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Microsoft Memory Corruption Windows Server 2016 Windows Server 2019 +3
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-49118 HIGH This Week

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows 10 1507 +13
NVD
CVSS 3.1
8.1
EPSS
1.4%
CVE-2024-49116 HIGH This Week

Windows Remote Desktop Services Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +4
NVD
CVSS 3.1
8.1
EPSS
9.9%
CVE-2024-49115 HIGH This Week

Windows Remote Desktop Services Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +4
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2024-49108 HIGH This Week

Windows Remote Desktop Services Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +4
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-49106 HIGH This Week

Windows Remote Desktop Services Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption Windows Server 2016 +4
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2024-49057 HIGH This Week

Microsoft Defender for Endpoint on Android Spoofing Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft Defender For Endpoint
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2024-45404 HIGH PATCH This Week

OpenCTI is an open-source cyber threat intelligence platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Opencti
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2024-54529 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Code Injection macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-44291 HIGH This Week

A logic issue was addressed with improved file handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44225 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-44224 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-54489 HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal RCE Apple macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-54515 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-49142 HIGH This Week

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-49114 HIGH This Week

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-49090 HIGH This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-49088 HIGH This Week

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-49079 HIGH This Week

Input Method Editor (IME) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-49076 HIGH This Week

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +7
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2024-49074 HIGH This Week

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Microsoft Memory Corruption Windows 10 1809 +3
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-49072 HIGH This Week

Windows Task Scheduler Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft Windows 10 1507 Windows 10 1607 +13
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-49069 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-43600 HIGH This Week

Microsoft Office Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Office
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2024-11872 HIGH This Week

Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Launcher
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2024-54508 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Buffer Overflow
NVD VulDB
CVSS 3.1
7.5
EPSS
1.4%
CVE-2024-54479 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Safari Ipados Iphone Os +4
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-47545 HIGH PATCH This Week

An integer underflow vulnerability in GStreamer's QuickTime demuxer (qtdemux) allows remote attackers to trigger an out-of-bounds memory read, potentially causing application crashes or denial of service. The vulnerability affects GStreamer versions prior to 1.24.10 and occurs when parsing malformed QuickTime/MP4 files where a size calculation can result in negative values, leading to large memory copy operations. With an EPSS score of 0.13% and no known active exploitation or public POC, this represents a moderate risk primarily to applications processing untrusted media files.

Buffer Overflow Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47603 HIGH PATCH This Week

A null pointer dereference vulnerability exists in GStreamer's Matroska demuxer that allows remote attackers to cause a denial of service crash. The flaw occurs when processing malformed Matroska media files with invalid capability values, leading to a null pointer dereference in the gst_matroska_demux_update_tracks function. With an EPSS score of 0.11% and no known active exploitation, this represents a moderate real-world risk primarily affecting media processing applications.

Denial Of Service Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47546 HIGH PATCH This Week

An integer underflow vulnerability in GStreamer's qtdemux component allows remote attackers to trigger out-of-bounds memory reads, potentially causing application crashes or denial of service. The flaw occurs when processing malformed media files with specific atom structures, affecting all GStreamer versions prior to 1.24.10. With an EPSS score of 0.11% and no known active exploitation, this represents a moderate risk primarily for applications processing untrusted media content.

Buffer Overflow Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47601 HIGH PATCH This Week

A null pointer dereference vulnerability exists in GStreamer's Matroska demuxer component, specifically in the gst_matroska_demux_parse_blockgroup_or_simpleblock function. GStreamer versions prior to 1.24.10 are affected, allowing remote attackers to cause denial of service by sending specially crafted Matroska (MKV) media files without authentication. With an EPSS score of 0.10% (28th percentile), exploitation probability is currently low, though proof-of-concept details are publicly available through GitHub Security Lab.

Denial Of Service Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47544 HIGH PATCH This Week

A null pointer dereference vulnerability exists in the GStreamer multimedia framework's qtdemux_parse_sbgp function, allowing remote attackers to cause denial of service through crafted media files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication when processing malicious QuickTime/MP4 files. With an EPSS score of 0.10% and no known KEV listing, this represents a moderate stability risk primarily relevant for applications processing untrusted media content.

Denial Of Service Null Pointer Dereference Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47778 HIGH PATCH This Week

An out-of-bounds read vulnerability exists in GStreamer's WAV parser that allows remote attackers to read up to 4GB of process memory or cause a denial of service through crashes. The vulnerability affects GStreamer versions prior to 1.24.10 and requires no authentication to exploit over the network. With an EPSS score of only 0.08%, real-world exploitation appears limited, and no known proof-of-concept or active exploitation has been reported.

Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47543 HIGH PATCH This Week

An out-of-bounds read vulnerability exists in GStreamer's QuickTime demuxer (qtdemux.c) that allows attackers to read up to 4GB of process memory or trigger a denial of service via crafted media files. GStreamer versions prior to 1.24.10 are affected. With an EPSS score of only 0.08% (24th percentile), active exploitation appears unlikely despite the network-accessible attack vector and lack of required privileges.

Buffer Overflow Information Disclosure Denial Of Service Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47835 HIGH PATCH This Week

A null pointer dereference vulnerability in GStreamer's subtitle parsing functionality allows remote attackers to crash applications processing malformed LRC (lyric) files. The vulnerability affects GStreamer versions prior to 1.24.10 and can be triggered when parsing subtitle files missing expected ']' characters, resulting in denial of service. With a relatively low EPSS score of 0.08% and no known active exploitation, this represents a moderate risk primarily to media applications using GStreamer for subtitle processing.

Denial Of Service Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47602 HIGH PATCH This Week

A null pointer dereference vulnerability in GStreamer's Matroska demuxer can cause application crashes when processing specially crafted media files. The vulnerability affects GStreamer versions prior to 1.24.10 and allows remote attackers to trigger denial of service without authentication. With an EPSS score of only 0.08% and no known active exploitation or public proof-of-concept, this represents a moderate-priority denial of service issue rather than a critical security emergency.

Denial Of Service Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47596 HIGH PATCH This Week

An out-of-bounds read vulnerability in GStreamer's QuickTime demuxer allows remote attackers to read up to 4GB of process memory or crash the application when processing malformed media files. The vulnerability affects all GStreamer versions prior to 1.24.10 and can be triggered without authentication by supplying specially crafted QuickTime files. While not currently in CISA's Known Exploited Vulnerabilities catalog, the low EPSS score of 0.08% suggests limited exploitation in the wild despite the availability of detailed technical advisories.

Information Disclosure Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-47599 HIGH PATCH This Week

A null pointer dereference vulnerability in GStreamer's JPEG decoder component allows remote attackers to cause a denial of service by triggering a segmentation fault when processing specially crafted media content. The vulnerability affects GStreamer versions prior to 1.24.10 and has a low exploitation probability (EPSS 0.07%) with no known active exploitation in the wild. While the CVSS score is high (7.5), the impact is limited to availability only, making this a medium-priority issue for most organizations.

Denial Of Service Gstreamer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-54119 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54117 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54116 HIGH This Week

Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54115 HIGH This Week

Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54114 HIGH This Week

Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54113 HIGH This Week

Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect power consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54112 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54111 HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-54110 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54109 HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-54108 HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54107 HIGH This Week

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy