Total
5502 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40140 | 1 Google | 1 Android | 2024-09-09 | 7.8 High |
| In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-41769 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-09-09 | 8.1 High |
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | ||||
| CVE-2023-41770 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-09-09 | 8.1 High |
| Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | ||||
| CVE-2023-49142 | 1 Openatom | 1 Openharmony | 2024-09-09 | 4 Medium |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer. | ||||
| CVE-2023-22436 | 1 Openatom | 1 Openharmony | 2024-09-09 | 7.8 High |
| The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root. | ||||
| CVE-2023-47857 | 1 Openatom | 1 Openharmony | 2024-09-09 | 4 Medium |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer. | ||||
| CVE-2023-48360 | 1 Openatom | 1 Openharmony | 2024-09-09 | 4 Medium |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. | ||||
| CVE-2024-37030 | 1 Openatom | 1 Openharmony | 2024-09-09 | 8.2 High |
| in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free. | ||||
| CVE-2024-41160 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2024-09-09 | 8.8 High |
| in OpenHarmony v4.1.0 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free. | ||||
| CVE-2023-21355 | 1 Google | 1 Android | 2024-09-06 | 7.8 High |
| In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-21381 | 1 Google | 1 Android | 2024-09-06 | 7.8 High |
| In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-30326 | 2024-09-06 | N/A | ||
| Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22593. | ||||
| CVE-2024-8384 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Enterprise Linux and 5 more | 2024-09-06 | 9.8 Critical |
| The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. | ||||
| CVE-2024-45063 | 1 Freebsd | 1 Freebsd | 2024-09-06 | 9.8 Critical |
| The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. | ||||
| CVE-2024-45107 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-09-06 | 5.5 Medium |
| Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-30343 | 2024-09-06 | N/A | ||
| Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22721. | ||||
| CVE-2024-38402 | 1 Qualcomm | 362 Ar8035, Ar8035 Firmware, Csra6620 and 359 more | 2024-09-06 | 7.8 High |
| Memory corruption while processing IOCTL call for getting group info. | ||||
| CVE-2023-2763 | 1 3ds | 1 3dexperience Solidworks | 2024-09-05 | 7.8 High |
| Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file. | ||||
| CVE-2024-38401 | 1 Qualcomm | 82 Ar8035, Ar8035 Firmware, C-v2x 9150 and 79 more | 2024-09-05 | 7.8 High |
| Memory corruption while processing concurrent IOCTL calls. | ||||
| CVE-2024-33060 | 1 Qualcomm | 540 215 Mobile, 215 Mobile Firmware, 315 5g Iot and 537 more | 2024-09-05 | 8.4 High |
| Memory corruption when two threads try to map and unmap a single node simultaneously. | ||||