Total
3445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5786 | 1 Google | 1 Chrome | 2019-07-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2017-15238 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-after-free issue when the height or width is zero, related to ReadJNGImage. | |||||
| CVE-2017-12936 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. | |||||
| CVE-2017-13737 | 2 Debian, Graphicsmagick | 2 Debian Linux, Graphicsmagick | 2019-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an invalid free in the MagickFree function in magick/memory.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack. | |||||
| CVE-2018-6118 | 1 Google | 1 Chrome | 2019-06-28 | 6.8 MEDIUM | 8.8 HIGH |
| A double-eviction in the Incognito mode cache that lead to a user-after-free in cache in Google Chrome prior to 66.0.3359.139 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2019-12871 | 1 Phoenixcontact | 1 Automationworx Software Suite | 2019-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to a Use-After-Free and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project file to be able to manipulate it. After manipulation, the attacker needs to exchange the original file with the manipulated one on the application programming workstation. | |||||
| CVE-2019-9796 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2019-06-26 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with the refresh driver twice when only a single registration is expected. When a registration is later freed with the removal of the animation controller element, the refresh driver incorrectly leaves a dangling pointer to the driver's observer array. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | |||||
| CVE-2016-9896 | 1 Mozilla | 1 Firefox | 2019-06-25 | 6.8 MEDIUM | 8.1 HIGH |
| Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1. | |||||
| CVE-2018-19878 | 1 Teltonika | 2 Rut950, Rut950 Firmware | 2019-06-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered on Teltonika RTU950 R_31.04.89 devices. The application allows a user to login without limitation. For every successful login request, the application saves a session. A user can re-login without logging out, causing the application to store the session in memory. Exploitation of this vulnerability will increase memory use and consume free space. | |||||
| CVE-2019-9020 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2019-06-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c. | |||||
| CVE-2018-19444 | 2 Foxitsoftware, Microsoft | 2 Foxit Pdf Sdk Activex, Windows | 2019-06-18 | 6.8 MEDIUM | 7.8 HIGH |
| A use after free in the TextBox field Validate action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19452, this has a different free location and requires different JavaScript code for exploitation. | |||||
| CVE-2019-12819 | 1 Linux | 1 Linux Kernel | 2019-06-18 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.0. The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service. | |||||
| CVE-2018-13919 | 1 Qualcomm | 48 Mdm9150, Mdm9150 Firmware, Mdm9206 and 45 more | 2019-06-17 | 7.2 HIGH | 7.8 HIGH |
| Use-after-free vulnerability will occur if reset of the routing table encounters an invalid rule id while processing command to reset in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS405, QCS605, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24 | |||||
| CVE-2018-11819 | 1 Qualcomm | 40 Mdm9206, Mdm9206 Firmware, Mdm9607 and 37 more | 2019-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 675, SD 730, SD 820A, SD 835, SD 855, SDA660, SDX20, SDX24 | |||||
| CVE-2018-11939 | 1 Qualcomm | 36 Mdm9150, Mdm9150 Firmware, Mdm9206 and 33 more | 2019-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Use after issue in WLAN function due to multiple ACS scan requests at a time in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCA6574AU, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SDX20 | |||||
| CVE-2019-2095 | 1 Google | 1 Android | 2019-06-11 | 7.6 HIGH | 7.0 HIGH |
| In callGenIDChangeListeners and related functions of SkPixelRef.cpp, there is a possible use after free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-124232283. | |||||
| CVE-2018-20355 | 1 Cesanta | 1 Mongoose | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| An invalid write of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | |||||
| CVE-2018-20356 | 1 Cesanta | 1 Mongoose | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| An invalid read of 8 bytes due to a use-after-free vulnerability in the mg_http_free_proto_data_cgi function call in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | |||||
| CVE-2018-20352 | 1 Cesanta | 1 Mongoose Embedded Web Server Library | 2019-06-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | |||||
| CVE-2018-20354 | 1 Cesanta | 1 Mongoose | 2019-06-11 | 7.5 HIGH | 9.8 CRITICAL |
| An invalid read of 8 bytes due to a use-after-free vulnerability during a "return" in the mg_http_get_proto_data function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | |||||