Total
4059 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11279 | 1 Adobe | 1 Digital Editions | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2017-16583 | 1 Foxitsoftware | 1 Foxit Reader | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the datasets element of XFA forms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5289. | |||||
CVE-2017-11033 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the coresight-tmc driver, a simultaneous read and enable of the ETR device after changing the buffer size may result in a Use After Free condition of the previous buffer. | |||||
CVE-2017-15849 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free condition. | |||||
CVE-2014-9946 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | |||||
CVE-2017-6420 | 1 Clamav | 1 Clamav | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. | |||||
CVE-2017-9790 | 1 Apache | 1 Mesos | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. | |||||
CVE-2017-10945 | 1 Foxitsoftware | 1 Foxit Reader | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.alert function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4855. | |||||
CVE-2017-9762 | 1 Radare | 1 Radare2 | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file. | |||||
CVE-2017-2808 | 1 Ledger-cli | 1 Ledger | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability. | |||||
CVE-2017-16360 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the MakeAccessible plugin, when creating an internal data structure. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2017-0869 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869. | |||||
CVE-2017-5111 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file. | |||||
CVE-2017-9527 | 2 Debian, Mruby | 2 Debian Linux, Mruby | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file. | |||||
CVE-2017-13741 | 1 Liblouis | 1 Liblouis | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
There is a use-after-free in the function compileBrailleIndicator() in compileTranslationTable.c in Liblouis 3.2.0 that will lead to a remote denial of service attack. | |||||
CVE-2017-13154 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63666573. | |||||
CVE-2017-13184 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324. | |||||
CVE-2017-16398 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2023-12-10 | 9.3 HIGH | 9.8 CRITICAL |
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript engine. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2017-11218 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2016-10385 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. |