Total
6576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10497 | 1 Qualcomm | 86 Mdm9150, Mdm9150 Firmware, Mdm9206 and 83 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, ...
Show More |
|||||
| CVE-2019-10494 | 1 Qualcomm | 82 Apq8009, Apq8009 Firmware, Apq8017 and 79 more | 2024-11-21 | 4.4 MEDIUM | 8.1 HIGH |
|
Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN ...
Show More |
|||||
| CVE-2019-10490 | 1 Qualcomm | 76 Apq8009, Apq8009 Firmware, Apq8017 and 73 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Use after free issue in Xtra daemon shutdown due to static object instance getting freed from a multiple places in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MS ...
Show More |
|||||
| CVE-2019-10484 | 1 Qualcomm | 32 Apq8098, Apq8098 Firmware, Msm8909w and 29 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8098, MSM8909W, Nicobar, QCS405, QCS605, SDA845, SDM660, SDM670, SDM710, SDM845, SDX24, SM6150, SM7150, SM8150, SM8250, SXR2130
|
|||||
| CVE-2019-10125 | 2 Linux, Netapp | 7 Linux Kernel, Active Iq Unified Manager, Cn1610 and 4 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.
|
|||||
| CVE-2019-10082 | 2 Apache, Oracle | 6 Http Server, Communications Element Manager, Enterprise Manager Ops Center and 3 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
|
|||||
| CVE-2019-1010177 | 1 Jsish | 1 Jsish | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: denial of service and possibly arbitrary code execution. The component is: function Jsi_RegExpNew (jsi/jsiRegexp.c:39). The attack vector is: executing crafted javascript code. The fixed version is: after commit 48a66c798d.
|
|||||
| CVE-2019-1010170 | 1 Jsish | 1 Jsish | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function Jsi_ObjFree (jsiObj.c:230). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.
|
|||||
| CVE-2019-1010127 | 1 Vcftools Project | 1 Vcftools | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim must open a specially crafted VCF file.
|
|||||
| CVE-2019-0570 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka "Windows Runtime Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
|
|||||
| CVE-2019-0196 | 3 Apache, Canonical, Debian | 3 Http Server, Ubuntu Linux, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request incorrectly.
|
|||||
| CVE-2018-9977 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Modifier Chain objects in U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerabi ...
Show More |
|||||
| CVE-2018-9975 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shift events. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code un ...
Show More |
|||||
| CVE-2018-9970 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA execEvent method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to ...
Show More |
|||||
| CVE-2018-9969 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA boundItem method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to ...
Show More |
|||||
| CVE-2018-9968 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Keystroke actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerab ...
Show More |
|||||
| CVE-2018-9967 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Format actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerabili ...
Show More |
|||||
| CVE-2018-9966 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerab ...
Show More |
|||||
| CVE-2018-9965 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setAction method of Link objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerab ...
Show More |
|||||
| CVE-2018-9964 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the name attribute of OCG objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerabilit ...
Show More |
|||||
| CVE-2018-9962 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Annotation's author attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to ...
Show More |
|||||
| CVE-2018-9961 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the rect Field attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to exec ...
Show More |
|||||
| CVE-2018-9960 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the textColor Field attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to ...
Show More |
|||||
| CVE-2018-9959 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the pageNum document attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability t ...
Show More |
|||||
| CVE-2018-9958 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this v ...
Show More |
|||||
| CVE-2018-9957 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When parsing arguments passed to the resetData method, the process does not properly validate the existence of an object prior to performing operations on the object. An atta ...
Show More |
|||||
| CVE-2018-9956 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the title attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage thi ...
Show More |
|||||
| CVE-2018-9955 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNode method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability t ...
Show More |
|||||
| CVE-2018-9954 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the y attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vu ...
Show More |
|||||
| CVE-2018-9953 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA resolveNodes method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability ...
Show More |
|||||
| CVE-2018-9952 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA Button elements. When setting the formattedValue attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can lev ...
Show More |
|||||
| CVE-2018-9951 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CPDF_Object objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute ...
Show More |
|||||
| CVE-2018-9946 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the setTimeOut method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction ...
Show More |
|||||
| CVE-2018-9945 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the ...
Show More |
|||||
| CVE-2018-9944 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addLink method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the c ...
Show More |
|||||
| CVE-2018-9935 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the ...
Show More |
|||||
| CVE-2018-9517 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.
|
|||||
| CVE-2018-9514 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In sdcardfs_open of file.c, there is a possible Use After Free due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111642636 References: N/A
|
|||||
| CVE-2018-9476 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-109699112
|
|||||
| CVE-2018-9465 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel.
|
|||||