Total
5500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21307 | 1 Microsoft | 21 Remote Desktop, Windows 10 1507, Windows 10 1607 and 18 more | 2024-10-08 | 7.5 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2024-20683 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2024-10-08 | 7.8 High |
| Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2024-28888 | 2 Foxit, Foxitsoftware | 2 Pdf Reader, Foxit Reader | 2024-10-08 | 8.8 High |
| A use-after-free vulnerability exists in the way Foxit Reade 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | ||||
| CVE-2023-2461 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-10-07 | 8.8 High |
| Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium) | ||||
| CVE-2023-1818 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-10-07 | 8.8 High |
| Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2020-21686 | 1 Nasm | 1 Netwide Assembler | 2024-10-07 | 5.5 Medium |
| A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file. | ||||
| CVE-2020-21722 | 1 Ogg Video Tools Project | 1 Ogg Video Tools | 2024-10-07 | 7.8 High |
| Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file. | ||||
| CVE-2023-28307 | 1 Microsoft | 8 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 5 more | 2024-10-04 | 6.6 Medium |
| Windows DNS Server Remote Code Execution Vulnerability | ||||
| CVE-2020-18780 | 1 Nasm | 1 Netwide Assembler | 2024-10-04 | 5.5 Medium |
| A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command. | ||||
| CVE-2020-19725 | 1 Microsoft | 1 Z3 | 2024-10-04 | 7.8 High |
| There is a use-after-free vulnerability in file pdd_simplifier.cpp in Z3 before 4.8.8. It occurs when the solver attempt to simplify the constraints and causes unexpected memory access. It can cause segmentation faults or arbitrary code execution. | ||||
| CVE-2024-0124 | 2024-10-04 | 3.3 Low | ||
| NVIDIA CUDA Toolkit for Windows and Linux contains a vulnerability in the nvdisam command line tool, where a user can cause nvdisasm to read freed memory by running it on a malformed ELF file. A successful exploit of this vulnerability might lead to a limited denial of service. | ||||
| CVE-2023-51042 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Logging and 2 more | 2024-10-03 | 7.8 High |
| In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free. | ||||
| CVE-2018-2629 | 6 Canonical, Debian, Hp and 3 more | 19 Ubuntu Linux, Debian Linux, Xp7 Command View and 16 more | 2024-10-03 | 5.3 Medium |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). | ||||
| CVE-2018-2641 | 6 Canonical, Debian, Hp and 3 more | 19 Ubuntu Linux, Debian Linux, Xp7 Command View and 16 more | 2024-10-03 | 6.1 Medium |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N). | ||||
| CVE-2023-2458 | 1 Google | 2 Chrome, Chrome Os | 2024-10-03 | 8.8 High |
| Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High) | ||||
| CVE-2021-32421 | 1 Dpic Project | 1 Dpic | 2024-10-03 | 7.5 High |
| dpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox() function in dpic.y. | ||||
| CVE-2023-2135 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-10-03 | 7.5 High |
| Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2020-27418 | 1 Fedoraproject | 1 Fedora Linux Kernel | 2024-10-03 | 4.4 Medium |
| A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function. | ||||
| CVE-2021-33390 | 1 Dpic Project | 1 Dpic | 2024-10-03 | 9.8 Critical |
| dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421. | ||||
| CVE-2024-23923 | 2 Alpine, Alpsalpine | 3 Halo9, Ilx-f509, Ilx-f509 Firmware | 2024-10-03 | 8.8 High |
| Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prh_l2_sar_data_ind function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22945 | ||||