Total
6799 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-53953 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-12-18 | 7.8 High |
| Animate versions 23.0.8, 24.0.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-21101 | 1 Google | 1 Android | 2024-12-18 | 7.0 High |
| In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258189255 | ||||
| CVE-2023-21120 | 1 Google | 1 Android | 2024-12-18 | 7.8 High |
| In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-258188673 | ||||
| CVE-2018-9483 | 1 Google | 1 Android | 2024-12-18 | 6.5 Medium |
| In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-49576 | 2024-12-18 | 8.8 High | ||
| A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | ||||
| CVE-2024-47810 | 2024-12-18 | 8.8 High | ||
| A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | ||||
| CVE-2024-52997 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-12-18 | 7.8 High |
| Photoshop Desktop versions 26.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-38921 | 1 Openrobotics | 1 Robot Operating System | 2024-12-17 | 9.8 Critical |
| Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_rand ` . | ||||
| CVE-2024-38923 | 1 Openrobotics | 1 Robot Operating System | 2024-12-17 | 9.1 Critical |
| Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl odom_frame_id` . | ||||
| CVE-2024-38924 | 1 Openrobotics | 1 Robot Operating System | 2024-12-17 | 9.1 Critical |
| Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl laser_model_type` . | ||||
| CVE-2024-38925 | 1 Openrobotics | 1 Robot Operating System | 2024-12-17 | 9.1 Critical |
| Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_max` . | ||||
| CVE-2024-38926 | 1 Openrobotics | 1 Robot Operating System | 2024-12-17 | 9.1 Critical |
| Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`. | ||||
| CVE-2024-38927 | 1 Openrobotics | 1 Robot Operating System | 2024-12-17 | 9.1 Critical |
| Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl do_beamskip`. | ||||
| CVE-2024-34747 | 2 Google, Imaginationtech | 2 Android, Powervr-gpu | 2024-12-17 | 8.4 High |
| In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-23716 | 2 Google, Imaginationtech | 2 Android, Ddk | 2024-12-17 | 7.4 High |
| In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-31339 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In multiple functions of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-34795 | 1 Xlsxio Project | 1 Xlsxio | 2024-12-17 | 7.8 High |
| xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XLSX file. | ||||
| CVE-2023-35784 | 1 Openbsd | 2 Libressl, Openbsd | 2024-12-17 | 9.8 Critical |
| A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. NOTE: OpenSSL is not affected. | ||||
| CVE-2024-23696 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In RGXCreateZSBufferKM of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-23697 | 1 Google | 1 Android | 2024-12-17 | 7.8 High |
| In RGXCreateHWRTData_aux of rgxta3d.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||