Total
6319 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34094 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-12-02 | 7.8 High |
| Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-30284 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-12-02 | 7.8 High |
| Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2018-0170 | 1 Cisco | 1 Ios Xe | 2024-12-02 | 7.5 High |
| A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, related to the OpenDNS software. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvb86327. | ||||
| CVE-2024-43703 | 1 Imaginationtech | 1 Ddk | 2024-12-01 | 8.1 High |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW. | ||||
| CVE-2024-9250 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-11-29 | 7.8 High |
| Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24489. | ||||
| CVE-2024-9251 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-11-29 | 7.8 High |
| Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24490. | ||||
| CVE-2024-9252 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-11-29 | 7.8 High |
| Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24491. | ||||
| CVE-2024-9254 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-11-29 | 8.8 High |
| Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25173. | ||||
| CVE-2024-9255 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-11-29 | 7.8 High |
| Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25174. | ||||
| CVE-2024-9243 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-11-29 | 7.8 High |
| Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23932. | ||||
| CVE-2024-0217 | 3 Fedoraproject, Packagekit Project, Redhat | 3 Fedora, Packagekit, Enterprise Linux | 2024-11-27 | 3.3 Low |
| A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost. | ||||
| CVE-2022-46891 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2024-11-27 | 8.8 High |
| An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0 through r40p0. | ||||
| CVE-2022-46395 | 1 Arm | 4 Avalon Gpu Kernel Driver, Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more | 2024-11-27 | 8.8 High |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. | ||||
| CVE-2023-24734 | 1 Sigb | 1 Pmb | 2024-11-27 | 9.8 Critical |
| An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. | ||||
| CVE-2024-9764 | 1 Tungstenautomation | 1 Power Pdf | 2024-11-26 | 7.8 High |
| Tungsten Automation Power PDF PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24480. | ||||
| CVE-2024-33010 | 1 Qualcomm | 499 Ar8035, Ar8035 Firmware, Ar9380 and 496 more | 2024-11-26 | 7.5 High |
| Transient DOS while parsing fragments of MBSSID IE from beacon frame. | ||||
| CVE-2024-23384 | 1 Qualcomm | 211 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 208 more | 2024-11-26 | 8.4 High |
| Memory corruption when the mapped pages in VBO are still mapped after reclaiming by shrinker. | ||||
| CVE-2024-23383 | 1 Qualcomm | 145 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 142 more | 2024-11-26 | 8.4 High |
| Memory corruption when kernel driver attempts to trigger hardware fences. | ||||
| CVE-2024-23382 | 1 Qualcomm | 211 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 208 more | 2024-11-26 | 8.4 High |
| Memory corruption while processing graphics kernel driver request to create DMA fence. | ||||
| CVE-2024-23381 | 1 Qualcomm | 147 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 144 more | 2024-11-26 | 8.4 High |
| Memory corruption when memory mapped in a VBO is not unmapped by the GPU SMMU. | ||||