Total
5657 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9680 | 2 Debian, Mozilla | 3 Debian Linux, Firefox, Thunderbird | 2024-11-26 | N/A | 9.8 CRITICAL |
| An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0. | |||||
| CVE-2024-33010 | 1 Qualcomm | 496 Ar8035, Ar8035 Firmware, Ar9380 and 493 more | 2024-11-26 | N/A | 7.5 HIGH |
| Transient DOS while parsing fragments of MBSSID IE from beacon frame. | |||||
| CVE-2024-23384 | 1 Qualcomm | 208 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 205 more | 2024-11-26 | N/A | 8.4 HIGH |
| Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker. | |||||
| CVE-2024-23383 | 1 Qualcomm | 142 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 139 more | 2024-11-26 | N/A | 8.4 HIGH |
| Memory corruption when kernel driver attempts to trigger hardware fences. | |||||
| CVE-2024-23382 | 1 Qualcomm | 208 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 205 more | 2024-11-26 | N/A | 8.4 HIGH |
| Memory corruption while processing graphics kernel driver request to create DMA fence. | |||||
| CVE-2024-23381 | 1 Qualcomm | 144 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 141 more | 2024-11-26 | N/A | 8.4 HIGH |
| Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU. | |||||
| CVE-2024-11570 | 1 Irfanview | 1 Irfanview | 2024-11-26 | N/A | 7.8 HIGH |
| IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24885. | |||||
| CVE-2024-11521 | 1 Irfanview | 1 Irfanview | 2024-11-25 | N/A | 7.8 HIGH |
| IrfanView DJVU File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DJVU files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24578. | |||||
| CVE-2024-11525 | 1 Irfanview | 1 Irfanview | 2024-11-25 | N/A | 7.8 HIGH |
| IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24599. | |||||
| CVE-2024-11545 | 1 Irfanview | 1 Irfanview | 2024-11-25 | N/A | 7.8 HIGH |
| IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24709. | |||||
| CVE-2024-9748 | 1 Tungstenautomation | 1 Power Pdf | 2024-11-25 | N/A | 7.8 HIGH |
| Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24464. | |||||
| CVE-2024-9732 | 1 Tungstenautomation | 1 Power Pdf | 2024-11-25 | N/A | 7.8 HIGH |
| Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24385. | |||||
| CVE-2018-9417 | 1 Google | 1 Android | 2024-11-22 | N/A | 7.8 HIGH |
| In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2018-9428 | 1 Google | 1 Android | 2024-11-22 | N/A | 7.8 HIGH |
| In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/2018-07-01 | |||||
| CVE-2018-9344 | 1 Google | 1 Android | 2024-11-22 | N/A | 7.8 HIGH |
| In several functions of DescramblerImpl.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-25110 | 1 Microsoft | 1 Azure Uamqp | 2024-11-22 | N/A | 9.8 CRITICAL |
| The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-48686 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the io_work loop when we set rd_enabled to true, so we don't attempt to read data from the socket when the TCP stream is already out-of-sync or corrupted. | |||||
| CVE-2024-6103 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-6064 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in GPAC 2.5-DEV-rev228-g11067ea92-master. It has been declared as problematic. This vulnerability affects the function xmt_node_end of the file src/scene_manager/loader_xmt.c of the component MP4Box. The manipulation leads to use after free. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is f4b3e4d2f91bc1749e7a924a8ab171af03a355a8/c1b9c794bad8f262c56f3cf690567980d96662f5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-268792. | |||||
| CVE-2024-5847 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | |||||