Total
6576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6822 | 1 Schneider-electric | 1 Zelio Soft 2 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.
|
|||||
| CVE-2019-6776 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing watermarks within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can lever ...
Show More |
|||||
| CVE-2019-6775 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportValues method within a AcroForm. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to exe ...
Show More |
|||||
| CVE-2019-6774 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deleteItemAt method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerabilit ...
Show More |
|||||
| CVE-2019-6773 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of a Field object within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attac ...
Show More |
|||||
| CVE-2019-6772 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this ...
Show More |
|||||
| CVE-2019-6771 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the value property of a Field object within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attack ...
Show More |
|||||
| CVE-2019-6770 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in co ...
Show More |
|||||
| CVE-2019-6769 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerabili ...
Show More |
|||||
| CVE-2019-6768 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerabili ...
Show More |
|||||
| CVE-2019-6767 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerabili ...
Show More |
|||||
| CVE-2019-6766 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in ...
Show More |
|||||
| CVE-2019-6763 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ToggleFormsDesign method of the Foxit.FoxitReader.Ctl ActiveX object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can l ...
Show More |
|||||
| CVE-2019-6762 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to exe ...
Show More |
|||||
| CVE-2019-6761 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA CXFA_FFDocView object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code ...
Show More |
|||||
| CVE-2019-6758 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnera ...
Show More |
|||||
| CVE-2019-6757 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the cont ...
Show More |
|||||
| CVE-2019-6756 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HTML files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with ot ...
Show More |
|||||
| CVE-2019-6734 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setInterval method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnera ...
Show More |
|||||
| CVE-2019-6730 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the popUpMenu method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the ...
Show More |
|||||
| CVE-2019-6727 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA remerge method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of t ...
Show More |
|||||
| CVE-2019-6719 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue has been found in libIEC61850 v1.3.1. There is a use-after-free in the getState function in mms/iso_server/iso_server.c, as demonstrated by examples/server_example_goose/server_example_goose.c and examples/server_example_61400_25/server_example_61400_25.c.
|
|||||
| CVE-2019-6706 | 2 Canonical, Lua | 2 Ubuntu Linux, Lua | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
|
|||||
| CVE-2019-6556 | 1 Omron | 2 Common Components, Cx-programmer | 2024-11-21 | 6.8 MEDIUM | 6.6 MEDIUM |
|
When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
|
|||||
| CVE-2019-5882 | 2 Canonical, Irssi | 2 Ubuntu Linux, Irssi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are expired from the scroll buffer.
|
|||||
| CVE-2019-5878 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Use after free in V8 in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2019-5876 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2019-5872 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Use after free in Mojo in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2019-5870 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
|
|||||
| CVE-2019-5869 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2019-5868 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
|
|||||
| CVE-2019-5860 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
|
|||||
| CVE-2019-5851 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Use after free in WebAudio in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2019-5850 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
|
|||||
| CVE-2019-5842 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2019-5828 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
|
|||||
| CVE-2019-5826 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2019-5813 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Use after free in V8 in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2019-5809 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Use after free in file chooser in Google Chrome prior to 74.0.3729.108 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page.
|
|||||
| CVE-2019-5808 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Use after free in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||