Search
Total
1952 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16337 | 1 Hancom | 1 Hancom Office Neo | 2020-03-27 | 6.8 MEDIUM | 7.8 HIGH |
| The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file. | |||||
| CVE-2019-16338 | 1 Hancom | 1 Hancom Office Neo | 2020-03-27 | 6.8 MEDIUM | 7.8 HIGH |
| The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file. | |||||
| CVE-2019-20600 | 2 Google, Samsung | 2 Android, Exynos 8890 | 2020-03-26 | 3.6 LOW | 7.1 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.0) and P(9.0) (Exynos8890 chipsets) software. A use-after-free occurs in the MALI GPU driver. The Samsung ID is SVE-2019-13921-1 (May 2019). | |||||
| CVE-2020-10838 | 1 Google | 1 Android | 2020-03-26 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. PROCA allows a use-after-free and arbitrary code execution. The Samsung ID is SVE-2019-16132 (February 2020). | |||||
| CVE-2020-8881 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2020-03-23 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9774. | |||||
| CVE-2020-3947 | 1 Vmware | 2 Fusion, Workstation | 2020-03-20 | 7.2 HIGH | 8.8 HIGH |
| VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine. | |||||
| CVE-2018-11358 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup. | |||||
| CVE-2019-11757 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-03-14 | 6.8 MEDIUM | 8.8 HIGH |
| When following the value's prototype chain, it was possible to retain a reference to a locale, delete it, and subsequently reference it. This resulted in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2. | |||||
| CVE-2013-2830 | 1 Sumatrapdfreader | 1 Sumatrapdf | 2020-03-11 | 9.3 HIGH | 7.8 HIGH |
| Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted PDF file. | |||||
| CVE-2019-14029 | 1 Qualcomm | 66 Apq8009, Apq8009 Firmware, Apq8053 and 63 more | 2020-03-09 | 7.2 HIGH | 7.8 HIGH |
| Use-after-free in graphics module due to destroying already queued syncobj in error case in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MDM9607, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-14032 | 1 Qualcomm | 68 Apq8009, Apq8009 Firmware, Apq8017 and 65 more | 2020-03-06 | 7.2 HIGH | 7.8 HIGH |
| Memory use after free issue in audio due to lack of resource control in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDA845, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-10603 | 1 Qualcomm | 36 Apq8053, Apq8053 Firmware, Apq8096au and 33 more | 2020-03-05 | 7.2 HIGH | 7.8 HIGH |
| Use after free issue occurs If the real device interface goes down and a route lookup is performed while sending a raw IPv6 message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8937, MSM8996AU, QCN7605, SDA845, SDM630, SDM636, SDM660, SDX20, SXR1130 | |||||
| CVE-2018-12863 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-02-24 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-8846 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of text field objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9400. | |||||
| CVE-2020-8845 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9358. | |||||
| CVE-2020-8856 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25608. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of watermarks. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9640. | |||||
| CVE-2020-8855 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.2947. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the fxhtml2pdf.exe module. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9560. | |||||
| CVE-2020-8857 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-02-18 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of form Annotation objects within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9862. | |||||
| CVE-2018-5065 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-02-13 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2019-14088 | 1 Qualcomm | 18 Apq8009, Apq8009 Firmware, Mdm9206 and 15 more | 2020-02-12 | 7.2 HIGH | 7.8 HIGH |
| Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, MDM9206, MDM9207C, MDM9607, QCS605, SDM429W, SDX24, SM8150, SXR1130 | |||||
| CVE-2019-14040 | 1 Qualcomm | 74 Apq8009, Apq8009 Firmware, Apq8017 and 71 more | 2020-02-10 | 4.6 MEDIUM | 7.8 HIGH |
| Using memory after being freed in qsee due to wrong implementation can lead to unexpected behavior such as execution of unknown code in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SM8150, SXR1130 | |||||
| CVE-2019-19807 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2020-01-30 | 7.2 HIGH | 7.8 HIGH |
| In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. | |||||
| CVE-2020-7053 | 1 Linux | 1 Linux Kernel | 2020-01-30 | 4.6 MEDIUM | 7.8 HIGH |
| In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c. | |||||
| CVE-2019-3994 | 1 Elog Project | 1 Elog | 2020-01-24 | 5.0 MEDIUM | 7.5 HIGH |
| ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a use after free. A remote unauthenticated attacker can crash the ELOG server by sending multiple HTTP POST requests which causes the ELOG function retrieve_url() to use a freed variable. | |||||
| CVE-2019-10602 | 1 Qualcomm | 38 Apq8053, Apq8053 Firmware, Apq8096au and 35 more | 2020-01-24 | 7.2 HIGH | 7.8 HIGH |
| Potential use-after-free heap error during Validate/Present calls on display HW composer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCS605, SDA660, SDM845, SDX20, SM8150 | |||||
| CVE-2019-10583 | 1 Qualcomm | 32 Apq8096au, Apq8096au Firmware, Mdm9607 and 29 more | 2020-01-24 | 7.2 HIGH | 7.8 HIGH |
| Use after free issue occurs when camera access sensors data through direct report mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MDM9607, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-10582 | 1 Qualcomm | 32 Apq8096au, Apq8096au Firmware, Mdm9607 and 29 more | 2020-01-24 | 7.2 HIGH | 7.8 HIGH |
| Use after free issue due to using of invalidated iterator to delete an object in sensors HAL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-14024 | 1 Qualcomm | 34 Msm8917, Msm8917 Firmware, Msm8953 and 31 more | 2020-01-24 | 7.2 HIGH | 7.8 HIGH |
| Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2019-10548 | 1 Qualcomm | 68 Apq8009, Apq8009 Firmware, Apq8053 and 65 more | 2020-01-23 | 7.2 HIGH | 7.8 HIGH |
| While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SXR1130 | |||||
| CVE-2019-14034 | 1 Qualcomm | 54 Apq8009, Apq8009 Firmware, Apq8053 and 51 more | 2020-01-22 | 7.2 HIGH | 7.8 HIGH |
| Use after free while processing eeprom query as there is a chance to not unlock mutex after error occurs in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-5395 | 1 Fontforge | 1 Fontforge | 2020-01-22 | 6.8 MEDIUM | 8.8 HIGH |
| FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c. | |||||
| CVE-2019-17008 | 2 Mozilla, Opensuse | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2020-01-16 | 6.8 MEDIUM | 8.8 HIGH |
| When using nested workers, a use-after-free could occur during worker destruction. This resulted in a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | |||||
| CVE-2019-11756 | 1 Mozilla | 1 Firefox | 2020-01-13 | 6.8 MEDIUM | 8.8 HIGH |
| Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). This vulnerability affects Firefox < 71. | |||||
| CVE-2019-13699 | 1 Google | 1 Chrome | 2020-01-13 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-20090 | 1 Axiosys | 1 Bento4 | 2020-01-07 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp. | |||||
| CVE-2019-20006 | 1 Ezxml Project | 1 Ezxml | 2020-01-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault. | |||||
| CVE-2019-7285 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2020-01-02 | 9.3 HIGH | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2016-5258 | 2 Mozilla, Oracle | 3 Firefox, Firefox Esr, Linux | 2019-12-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session. | |||||
| CVE-2016-5264 | 2 Mozilla, Oracle | 3 Firefox, Firefox Esr, Linux | 2019-12-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application. | |||||
| CVE-2016-4805 | 5 Canonical, Linux, Novell and 2 more | 12 Ubuntu Linux, Linux Kernel, Opensuse Leap and 9 more | 2019-12-27 | 7.2 HIGH | 7.8 HIGH |
| Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions. | |||||
| CVE-2016-5259 | 2 Mozilla, Oracle | 3 Firefox, Firefox Esr, Linux | 2019-12-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop. | |||||
| CVE-2019-10518 | 1 Qualcomm | 98 Apq8009, Apq8009 Firmware, Apq8017 and 95 more | 2019-12-23 | 4.6 MEDIUM | 7.8 HIGH |
| Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, SDA660, SDA845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-8526 | 1 Apple | 1 Mac Os X | 2019-12-20 | 7.2 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. An application may be able to gain elevated privileges. | |||||
| CVE-2019-8605 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-12-20 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2019-8556 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2019-12-19 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2019-13725 | 1 Google | 1 Chrome | 2019-12-16 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free in Bluetooth in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2019-2230 | 1 Google | 1 Android | 2019-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038 | |||||
| CVE-2018-0170 | 1 Cisco | 1 Ios Xe | 2019-12-03 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, related to the OpenDNS software. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvb86327. | |||||
| CVE-2019-13685 | 1 Google | 1 Chrome | 2019-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in sharing view in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13686 | 1 Google | 1 Chrome | 2019-11-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in offline mode in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||