Search
Total
1952 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11286 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable "debug_client" in multi-thread manner, Use after free issue occurs | |||||
| CVE-2018-11300 | 1 Google | 1 Android | 2018-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a "Use after free" scenario. | |||||
| CVE-2018-11818 | 1 Google | 1 Android | 2018-11-09 | 4.4 MEDIUM | 7.0 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition. | |||||
| CVE-2018-11843 | 1 Google | 1 Android | 2018-11-09 | 7.2 HIGH | 7.8 HIGH |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free. | |||||
| CVE-2017-15399 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-11-07 | 9.3 HIGH | 8.8 HIGH |
| A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2017-10661 | 1 Linux | 1 Linux Kernel | 2018-10-31 | 7.6 HIGH | 7.0 HIGH |
| Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing. | |||||
| CVE-2017-15410 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2017-15411 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2016-5151 | 2 Google, Opensuse | 2 Chrome, Leap | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp. | |||||
| CVE-2016-7644 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. | |||||
| CVE-2016-7621 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via unspecified vectors. | |||||
| CVE-2016-5177 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2016-5150 | 2 Google, Opensuse | 2 Chrome, Leap | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects. | |||||
| CVE-2016-5156 | 2 Google, Opensuse | 2 Chrome, Leap | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2017-15412 | 4 Debian, Google, Redhat and 1 more | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2018-10-25 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-12294 | 1 Webkit | 1 Webkitgtk\+ | 2018-10-21 | 6.8 MEDIUM | 8.8 HIGH |
| WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object. | |||||
| CVE-2018-14424 | 1 Gnome | 1 Gnome Display Manager | 2018-10-18 | 4.6 MEDIUM | 7.8 HIGH |
| The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. | |||||
| CVE-2017-11403 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file. | |||||
| CVE-2017-18220 | 1 Graphicsmagick | 1 Graphicsmagick | 2018-10-18 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 allow remote attackers to cause a denial of service (magick/blob.c CloseBlob use-after-free) or possibly have unspecified other impact via a crafted file, a related issue to CVE-2017-11403. | |||||
| CVE-2017-7805 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2018-10-17 | 5.0 MEDIUM | 7.5 HIGH |
| During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2017-7185 | 1 Cesanta | 2 Mongoose Embedded Web Server Library, Mongoose Os | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string. | |||||
| CVE-2018-3924 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2018-10-05 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2018-3939 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2018-10-05 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2018-7993 | 1 Huawei | 2 Mate 10, Mate 10 Firmware | 2018-10-04 | 9.3 HIGH | 7.8 HIGH |
| HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code. | |||||
| CVE-2018-14300 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2018-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Polygon annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6216. | |||||
| CVE-2018-9966 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2018-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5570. | |||||
| CVE-2017-18202 | 1 Linux | 1 Linux Kernel | 2018-09-26 | 6.9 MEDIUM | 7.0 HIGH |
| The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window. | |||||
| CVE-2018-11258 | 1 Qualcomm | 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more | 2018-09-06 | 4.6 MEDIUM | 7.8 HIGH |
| In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20. | |||||
| CVE-2018-5832 | 1 Google | 1 Android | 2018-09-04 | 4.4 MEDIUM | 7.0 HIGH |
| Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur. | |||||
| CVE-2018-5891 | 1 Qualcomm | 30 Msm8909w, Msm8909w Firmware, Msm8996au and 27 more | 2018-09-04 | 4.6 MEDIUM | 8.4 HIGH |
| While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated which can lead to a Use After Free condition in Snapdragon Mobile and Snapdragon Wear. | |||||
| CVE-2018-5853 | 1 Google | 1 Android | 2018-08-29 | 4.4 MEDIUM | 7.0 HIGH |
| A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition. | |||||
| CVE-2018-5831 | 1 Google | 1 Android | 2018-08-29 | 7.2 HIGH | 7.8 HIGH |
| In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead to a Use After Free condition. | |||||
| CVE-2018-5873 | 2 Google, Linux | 2 Android, Linux Kernel | 2018-08-29 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05. | |||||
| CVE-2018-3587 | 1 Google | 1 Android | 2018-08-28 | 4.6 MEDIUM | 7.8 HIGH |
| In a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), a Use After Free condition can occur. | |||||
| CVE-2018-3564 | 1 Google | 1 Android | 2018-08-28 | 4.6 MEDIUM | 7.8 HIGH |
| In the FastRPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur when mapping on the remote processor fails. | |||||
| CVE-2018-5899 | 1 Google | 1 Android | 2018-08-27 | 4.6 MEDIUM | 7.8 HIGH |
| In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, whenever TDLS connection is setup, we are freeing the netbuf in ol_tx_completion_handler and after that, we are accessing it in NBUF_UPDATE_TX_PKT_COUNT causing a use after free. | |||||
| CVE-2018-5859 | 1 Google | 1 Android | 2018-08-27 | 4.4 MEDIUM | 7.0 HIGH |
| Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur. | |||||
| CVE-2017-2584 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 3.6 LOW | 7.1 HIGH |
| arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. | |||||
| CVE-2016-9079 | 5 Debian, Microsoft, Mozilla and 2 more | 12 Debian Linux, Windows, Firefox and 9 more | 2018-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. | |||||
| CVE-2017-5379 | 1 Mozilla | 1 Firefox | 2018-08-07 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. | |||||
| CVE-2018-5857 | 1 Google | 1 Android | 2018-08-06 | 4.6 MEDIUM | 7.8 HIGH |
| In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | |||||
| CVE-2018-5847 | 1 Google | 1 Android | 2018-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-5844 | 1 Google | 1 Android | 2018-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| In the video driver function set_output_buffers(), binfo can be accessed after being freed in a failure scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-5849 | 1 Google | 1 Android | 2018-08-03 | 4.4 MEDIUM | 7.0 HIGH |
| Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur. | |||||
| CVE-2018-5180 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-03 | 5.0 MEDIUM | 7.5 HIGH |
| A use-after-free vulnerability can occur during WebGL operations. While this results in a potentially exploitable crash, the vulnerability is limited because the memory is freed and reused in a brief window of time during the freeing of the same callstack. This vulnerability affects Firefox < 60. | |||||
| CVE-2017-7752 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-03 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
| CVE-2017-5411 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Thunderbird | 2018-08-02 | 5.0 MEDIUM | 7.5 HIGH |
| A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in "libGLES", which is only in use on Windows. Other operating systems are not affected. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||||
| CVE-2018-3571 | 1 Google | 1 Android | 2018-08-02 | 4.6 MEDIUM | 7.8 HIGH |
| In the KGSL driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a Use After Free condition can occur when printing information about sparse memory allocations | |||||
| CVE-2018-12320 | 1 Radare | 1 Radare2 | 2018-08-02 | 6.8 MEDIUM | 7.8 HIGH |
| There is a use after free in radare2 2.6.0 in r_anal_bb_free() in libr/anal/bb.c via a crafted Java binary file. | |||||
| CVE-2017-15842 | 1 Google | 1 Android | 2018-08-01 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer might get used after it gets freed due to unlocking the mutex before freeing the buffer in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||