Export limit exceeded: 362865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9031 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49526 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-18 | 7.8 High |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-39388 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-11-16 | 7.8 High |
| Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47426 | 1 Adobe | 1 Substance 3d Painter | 2024-11-16 | 7.8 High |
| Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-38424 | 1 Qualcomm | 240 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 237 more | 2024-11-16 | 7.8 High |
| Memory corruption during GNSS HAL process initialization. | ||||
| CVE-2024-8376 | 2 Eclipse, Redhat | 3 Mosquitto, Satellite, Satellite Capsule | 2024-11-15 | 7.5 High |
| In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. | ||||
| CVE-2024-45402 | 2 Dena, H2o Project | 2 Picotls, Picotls | 2024-11-12 | 8.6 High |
| Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within picotls that call the crypto libraries) may attempt to free the same memory twice. This double free occurs during the disposal of multiple objects without any intervening calls to malloc Typically, this triggers the malloc implementation to detect the error and abort the process. However, depending on the internals of malloc and the crypto backend being used, the flaw could potentially lead to a use-after-free scenario, which might allow for arbitrary code execution. The vulnerability is addressed with commit 9b88159ce763d680e4a13b6e8f3171ae923a535d. | ||||
| CVE-2024-33033 | 1 Qualcomm | 56 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 53 more | 2024-11-08 | 6.7 Medium |
| Memory corruption while processing IOCTL calls to unmap the buffers. | ||||
| CVE-2024-33029 | 1 Qualcomm | 6 Qca6584au, Qca6584au Firmware, Qca6698aq and 3 more | 2024-11-08 | 6.7 Medium |
| Memory corruption while handling the PDR in driver for getting the remote heap maps. | ||||
| CVE-2024-33068 | 1 Qualcomm | 246 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 243 more | 2024-11-07 | 7.5 High |
| Transient DOS while parsing fragments of MBSSID IE from beacon frame. | ||||
| CVE-2024-38421 | 1 Qualcomm | 157 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 7800 and 154 more | 2024-11-07 | 7.8 High |
| Memory corruption while processing GPU commands. | ||||
| CVE-2024-38419 | 1 Qualcomm | 299 Ar8035, Ar8035 Firmware, Csra6620 and 296 more | 2024-11-07 | 7.8 High |
| Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. | ||||
| CVE-2024-38415 | 1 Qualcomm | 360 215 Mobile Platform, 215 Mobile Platform Firmware, Ar8035 and 357 more | 2024-11-07 | 7.8 High |
| Memory corruption while handling session errors from firmware. | ||||
| CVE-2024-47404 | 1 Openatom | 1 Openharmony | 2024-11-06 | 8.4 High |
| in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through double free. | ||||
| CVE-2024-47033 | 1 Google | 2 Android, Pixel | 2024-10-28 | 7.4 High |
| In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-47017 | 1 Google | 1 Android | 2024-10-28 | 7.8 High |
| In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-9954 | 1 Google | 1 Chrome | 2024-10-22 | 8.8 High |
| Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-7722 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-10-18 | 4.3 Medium |
| Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-23702. | ||||
| CVE-2024-7723 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-10-18 | 8.8 High |
| Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23736. | ||||
| CVE-2024-7724 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-10-18 | 8.8 High |
| Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23900. | ||||
| CVE-2024-7725 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-10-18 | 8.8 High |
| Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23928. | ||||