Total
6311 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7722 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-10-18 | 4.3 Medium |
| Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-23702. | ||||
| CVE-2024-7723 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-10-18 | 8.8 High |
| Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23736. | ||||
| CVE-2024-7724 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-10-18 | 8.8 High |
| Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23900. | ||||
| CVE-2024-7725 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-10-18 | 8.8 High |
| Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23928. | ||||
| CVE-2024-45138 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-10-18 | 7.8 High |
| Substance3D - Stager versions 3.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-45146 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2024-10-18 | 7.8 High |
| Dimension versions 4.0.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-23370 | 1 Qualcomm | 22 Qca6584au, Qca6584au Firmware, Qca6698aq and 19 more | 2024-10-16 | 6.7 Medium |
| Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. | ||||
| CVE-2024-23376 | 1 Qualcomm | 42 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 39 more | 2024-10-16 | 6.7 Medium |
| Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. | ||||
| CVE-2024-33069 | 1 Qualcomm | 88 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 85 more | 2024-10-16 | 7.5 High |
| Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. | ||||
| CVE-2024-38399 | 1 Qualcomm | 80 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 77 more | 2024-10-16 | 8.4 High |
| Memory corruption while processing user packets to generate page faults. | ||||
| CVE-2024-8422 | 1 Schneider-electric | 1 Zelio Soft 2 | 2024-10-16 | 7.8 High |
| CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when application user opens a malicious Zelio Soft 2 project file. | ||||
| CVE-2024-39831 | 1 Openatom | 1 Openharmony | 2024-10-16 | 4.4 Medium |
| in OpenHarmony v4.1.0 allow a local attacker with high privileges arbitrary code execution in pre-installed apps through use after free. | ||||
| CVE-2024-43701 | 1 Imaginationtech | 1 Graphics Ddk | 2024-10-15 | 7.8 High |
| Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. | ||||
| CVE-2024-47418 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47415 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47414 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47413 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-47412 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-10-10 | 7.8 High |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-23923 | 2 Alpine, Alpsalpine | 3 Halo9, Ilx-f509, Ilx-f509 Firmware | 2024-10-03 | 8.8 High |
| Alpine Halo9 prh_l2_sar_data_ind Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prh_l2_sar_data_ind function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22945 | ||||
| CVE-2024-4607 | 1 Arm | 4 5th Gen Gpu Architecture Kernel Driver, Arm 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver and 1 more | 2024-09-30 | 7.8 High |
| Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p0; Valhall GPU Kernel Driver: from r41p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p0. | ||||