Security Vulnerabilities - CVEs Published In 2024
Microsoft/Muzic Remote Code Execution Vulnerability
CVSS Score
8.4
EPSS Score
0.005
Published
2024-12-12
Microsoft SharePoint Information Disclosure Vulnerability
CVSS Score
6.5
EPSS Score
0.01
Published
2024-12-12
Microsoft Office Remote Code Execution Vulnerability
CVSS Score
5.5
EPSS Score
0.006
Published
2024-12-12
Microsoft SharePoint Elevation of Privilege Vulnerability
CVSS Score
8.2
EPSS Score
0.04
Published
2024-12-12
Microsoft Excel Remote Code Execution Vulnerability
CVSS Score
7.8
EPSS Score
0.008
Published
2024-12-12
Microsoft Defender for Endpoint on Android Spoofing Vulnerability
CVSS Score
8.1
EPSS Score
0.075
Published
2024-12-12
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10.
CVSS Score
9.1
EPSS Score
0.005
Published
2024-12-12
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-12-12
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-12-12
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10.
CVSS Score
9.1
EPSS Score
0.005
Published
2024-12-12