Total
5827 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11258 | 1 Qualcomm | 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20. | |||||
| CVE-2018-11230 | 1 Jbig2enc Project | 1 Jbig2enc | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2018-11130 | 1 Vcftools Project | 1 Vcftools | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file. | |||||
| CVE-2018-11129 | 1 Vcftools Project | 1 Vcftools | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file. | |||||
| CVE-2018-10902 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. | |||||
| CVE-2018-10879 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2024-11-21 | 6.1 MEDIUM | 4.2 MEDIUM |
| A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. | |||||
| CVE-2018-10876 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.0 MEDIUM |
| A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. | |||||
| CVE-2018-10756 | 3 Debian, Fedoraproject, Transmissionbt | 3 Debian Linux, Fedora, Transmission | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file. | |||||
| CVE-2018-10685 | 1 Long Range Zip Project | 1 Long Range Zip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the lzma_decompress_buf function of stream.c, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. | |||||
| CVE-2018-10675 | 3 Canonical, Linux, Redhat | 9 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 6 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls. | |||||
| CVE-2018-10496 | 1 Samsung | 1 Samsung Internet Browser | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TypedArray objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5326. | |||||
| CVE-2018-10303 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3. | |||||
| CVE-2018-10302 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9. | |||||
| CVE-2018-10199 | 1 Mruby | 1 Mruby | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code. | |||||
| CVE-2018-10119 | 4 Canonical, Debian, Libreoffice and 1 more | 6 Ubuntu Linux, Debian Linux, Libreoffice and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format. | |||||
| CVE-2018-1000878 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| libarchive version commit 416694915449219d505531b1096384f3237dd6cc onwards (release v3.1.0 onwards) contains a CWE-416: Use After Free vulnerability in RAR decoder - libarchive/archive_read_support_format_rar.c that can result in Crash/DoS - it is unknown if RCE is possible. This attack appear to be exploitable via the victim must open a specially crafted RAR archive. | |||||
| CVE-2018-1000807 | 3 Canonical, Pyopenssl, Redhat | 6 Ubuntu Linux, Pyopenssl, Enterprise Linux Desktop and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0. | |||||
| CVE-2018-1000051 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF. | |||||
| CVE-2018-1000039 | 1 Artifex | 1 Mupdf | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. | |||||
| CVE-2018-1000030 | 2 Canonical, Python | 2 Ubuntu Linux, Python | 2024-11-21 | 3.3 LOW | 3.6 LOW |
| Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE. | |||||