Vulnerabilities (CVE)

CWE filter



506 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-6703 1 Mcafee 1 Agent 2019-10-09 7.5
Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted...
CVE-2018-16840 2 Canonical, Haxx 2 Ubuntu Linux, Curl 2019-10-09 7.5
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct...
CVE-2018-14809 1 Fujielectric 1 V-server Firmware 2019-10-09 7.5
Fuji Electric V-Server and prior, A use after free vulnerability has been identified, which may allow remote code execution.
CVE-2018-0170 1 Cisco 1 Ios Xe 2019-10-09 7.8
A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, related to the OpenDNS software. The vulnerability is due to a logic...
CVE-2015-5123 4 Adobe, Opensuse, Redhat and 1 more 9 Flash Player, Evergreen, Enterprise Linux Desktop and 6 more 2019-10-09 10.0
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through on Windows and OS X, 14.x through on Windows and OS X, 11.x through on Linux,...
CVE-2019-11752 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2019-10-04 9.3
It is possible to delete an IndexedDB key value and subsequently try to extract it during conversion. This results in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird <...
CVE-2017-3073 1 Adobe 1 Flash Player 2019-10-03 10.0
Adobe Flash Player versions and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.
CVE-2018-19333 2019-10-03 7.5
pkg/sentry/kernel/shm/shm.go in Google gVisor before 2018-11-01 allows attackers to overwrite memory locations in processes running as root (but not escape the sandbox) via vectors involving IPC_RMID shmctl calls, because reference counting is mishandled.
CVE-2017-0428 2 Google, Linux 2 Linux Kernel, Android 2019-10-03 9.3
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent...
CVE-2017-0070 1 Microsoft 1 Edge 2019-10-03 7.6
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute...
CVE-2017-2518 2 Apple, Debian 6 Apple Tv, Watchos, Mac Os X and 3 more 2019-10-03 7.5
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote...
CVE-2017-0261 1 Microsoft 1 Office 2019-10-03 9.3
Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from...
CVE-2019-10509 1 Qualcomm 32 Msm8909w Firmware, Msm8996au Firmware, Qca6574au Firmware and 29 more 2019-10-02 10.0
Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...
CVE-2019-16881 1 Portaudio-rs Project 1 Portaudio-rs 2019-09-26 7.5
An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback.
CVE-2019-5066 1 Aspose 1 Aspose.pdf For C%2b%2b 2019-09-19 7.5
An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this...
CVE-2019-5067 1 Aspose 1 Aspose.pdf For C%2b%2b 2019-09-19 7.5
An uninitialized memory access vulnerability exists in the way Aspose.PDF 19.2 for C++ handles invalid parent object pointers. A specially crafted PDF can cause a read and write from uninitialized memory, resulting in memory corruption and...
CVE-2019-15717 2 Irssi, Canonical 2 Irssi, Ubuntu Linux 2019-09-14 7.5
Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.
CVE-2019-8070 1 Adobe 2 Flash Player, Flash Player Desktop Runtime 2019-09-13 10.0
Adobe Flash Player and earlier versions, and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-16138 1 Image-rs 1 Image 2019-09-10 7.5
An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.
CVE-2019-16140 1 Isahc Project 1 Isahc 2019-09-09 7.5
An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion.