Search
Total
3203 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14300 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2018-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Polygon annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6216. | |||||
| CVE-2018-9966 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2018-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5570. | |||||
| CVE-2018-14744 | 1 Pbc Project | 1 Pbc | 2018-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A use-after-free can occur in _pbcM_sp_query in map.c. | |||||
| CVE-2017-18202 | 1 Linux | 1 Linux Kernel | 2018-09-26 | 6.9 MEDIUM | 7.0 HIGH |
| The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel before 4.14.4 mishandles gather operations, which allows attackers to cause a denial of service (TLB entry leak or use-after-free) or possibly have unspecified other impact by triggering a copy_to_user call within a certain time window. | |||||
| CVE-2018-1999013 | 1 Ffmpeg | 1 Ffmpeg | 2018-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later. | |||||
| CVE-2018-14442 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2018-09-17 | 7.5 HIGH | 9.8 CRITICAL |
| Foxit Reader before 9.2 and PhantomPDF before 9.2 have a Use-After-Free that leads to Remote Code Execution, aka V-88f4smlocs. | |||||
| CVE-2018-11258 | 1 Qualcomm | 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more | 2018-09-06 | 4.6 MEDIUM | 7.8 HIGH |
| In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20. | |||||
| CVE-2018-5832 | 1 Google | 1 Android | 2018-09-04 | 4.4 MEDIUM | 7.0 HIGH |
| Due to a race condition in a camera driver ioctl handler in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur. | |||||
| CVE-2018-5891 | 1 Qualcomm | 30 Msm8909w, Msm8909w Firmware, Msm8996au and 27 more | 2018-09-04 | 4.6 MEDIUM | 8.4 HIGH |
| While processing modem SSR after IMS is registered, the IMS data daemon is restarted but the ipc_dataHandle is no longer available. Consequently, the DPL thread frees the internal memory for dataDHandle but the local variable pointer is not updated which can lead to a Use After Free condition in Snapdragon Mobile and Snapdragon Wear. | |||||
| CVE-2018-5831 | 1 Google | 1 Android | 2018-08-29 | 7.2 HIGH | 7.8 HIGH |
| In the KGSL driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a reference counting error can lead to a Use After Free condition. | |||||
| CVE-2018-5853 | 1 Google | 1 Android | 2018-08-29 | 4.4 MEDIUM | 7.0 HIGH |
| A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition. | |||||
| CVE-2018-5873 | 2 Google, Linux | 2 Android, Linux Kernel | 2018-08-29 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05. | |||||
| CVE-2018-3587 | 1 Google | 1 Android | 2018-08-28 | 4.6 MEDIUM | 7.8 HIGH |
| In a firmware memory dump feature in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), a Use After Free condition can occur. | |||||
| CVE-2018-3564 | 1 Google | 1 Android | 2018-08-28 | 4.6 MEDIUM | 7.8 HIGH |
| In the FastRPC driver in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a Use After Free condition can occur when mapping on the remote processor fails. | |||||
| CVE-2018-5899 | 1 Google | 1 Android | 2018-08-27 | 4.6 MEDIUM | 7.8 HIGH |
| In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, whenever TDLS connection is setup, we are freeing the netbuf in ol_tx_completion_handler and after that, we are accessing it in NBUF_UPDATE_TX_PKT_COUNT causing a use after free. | |||||
| CVE-2018-5859 | 1 Google | 1 Android | 2018-08-27 | 4.4 MEDIUM | 7.0 HIGH |
| Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur. | |||||
| CVE-2018-13410 | 1 Info-zip Project | 1 Zip | 2018-08-27 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands. | |||||
| CVE-2017-16527 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-2584 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 3.6 LOW | 7.1 HIGH |
| arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. | |||||
| CVE-2018-12292 | 1 Palemoon | 1 Pale Moon | 2018-08-11 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability exists in DOMProxyHandler::EnsureExpandoObject in Pale Moon before 27.9.3. | |||||
| CVE-2018-5091 | 4 Canonical, Debian, Mozilla and 1 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2018-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58. | |||||
| CVE-2017-7819 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2018-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur in design mode when image objects are resized if objects referenced during the resizing have been freed from memory. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2017-7818 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox, Firefox Esr and 6 more | 2018-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications (ARIA) elements within containers through the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2017-7793 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. | |||||
| CVE-2016-9079 | 5 Debian, Microsoft, Mozilla and 2 more | 12 Debian Linux, Windows, Firefox and 9 more | 2018-08-09 | 5.0 MEDIUM | 7.5 HIGH |
| A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. | |||||
| CVE-2018-5148 | 4 Canonical, Debian, Mozilla and 1 more | 8 Ubuntu Linux, Debian Linux, Firefox and 5 more | 2018-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur in the compositor during certain graphics operations when a raw pointer is used instead of a reference counted one. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.7.3 and Firefox < 59.0.2. | |||||
| CVE-2017-7757 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2018-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
| CVE-2017-7756 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2018-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. | |||||
| CVE-2017-5460 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability in frame selection triggered by a combination of malicious script content and key presses by a user. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5447 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An out-of-bounds read during the processing of glyph widths during text layout. This results in a potentially exploitable crash and could allow an attacker to read otherwise inaccessible memory. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5442 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5441 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5440 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5439 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5438 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5435 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability occurs during transaction processing in the editor during design mode interactions. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5434 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5433 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5432 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. | |||||
| CVE-2017-5403 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| When adding a range to an object in the DOM, it is possible to use "addRange" to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 52 and Thunderbird < 52. | |||||
| CVE-2017-5379 | 1 Mozilla | 1 Firefox | 2018-08-07 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. | |||||
| CVE-2017-5404 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |||||
| CVE-2017-5402 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free can occur when events are fired for a "FontFace" object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. | |||||
| CVE-2018-5096 | 3 Debian, Mozilla, Redhat | 9 Debian Linux, Firefox Esr, Thunderbird and 6 more | 2018-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Thunderbird < 52.6. | |||||
| CVE-2018-5128 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2018-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur when manipulating elements, events, and selection ranges during editor operations. This results in a potentially exploitable crash. This vulnerability affects Firefox < 59. | |||||
| CVE-2018-5857 | 1 Google | 1 Android | 2018-08-06 | 4.6 MEDIUM | 7.8 HIGH |
| In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. | |||||
| CVE-2018-5847 | 1 Google | 1 Android | 2018-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-5844 | 1 Google | 1 Android | 2018-08-03 | 4.6 MEDIUM | 7.8 HIGH |
| In the video driver function set_output_buffers(), binfo can be accessed after being freed in a failure scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. | |||||
| CVE-2018-5849 | 1 Google | 1 Android | 2018-08-03 | 4.4 MEDIUM | 7.0 HIGH |
| Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur. | |||||
| CVE-2016-9899 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2018-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | |||||