Total
5984 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-7817 | 1 Schneider-electric | 1 Zelio Soft 2 | 2024-11-21 | N/A |
A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file. | ||||
CVE-2018-7554 | 2 Debian, Sam2p Project | 2 Debian Linux, Sam2p | 2024-11-21 | N/A |
There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | ||||
CVE-2018-7551 | 2 Debian, Sam2p Project | 2 Debian Linux, Sam2p | 2024-11-21 | N/A |
There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | ||||
CVE-2018-7521 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file. | ||||
CVE-2018-7480 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.8 High |
The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. | ||||
CVE-2018-7263 | 2 Redhat, Underbit | 2 Enterprise Linux, Libmad | 2024-11-21 | N/A |
The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552. | ||||
CVE-2018-7249 | 2 Microsoft, Tivo | 5 Windows 7, Windows 8, Windows 8.1 and 2 more | 2024-11-21 | N/A |
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel. | ||||
CVE-2018-7162 | 1 Nodejs | 1 Node.js | 2024-11-21 | 7.5 High |
All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation. | ||||
CVE-2018-7054 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2024-11-21 | N/A |
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191. | ||||
CVE-2018-7053 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2024-11-21 | N/A |
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order. | ||||
CVE-2018-6952 | 2 Gnu, Redhat | 2 Patch, Enterprise Linux | 2024-11-21 | N/A |
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. | ||||
CVE-2018-6916 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results. | ||||
CVE-2018-6703 | 1 Mcafee | 1 Agent | 2024-11-21 | 9.8 Critical |
Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service. | ||||
CVE-2018-6641 | 1 Wiris | 1 Mathtype | 2024-11-21 | 9.8 Critical |
An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a subsequent free of important data such as a function pointer or list pointer. This is fixed in 6.9d. | ||||
CVE-2018-6555 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | N/A |
The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. | ||||
CVE-2018-6548 | 1 Webmproject | 1 Libwebm | 2024-11-21 | N/A |
A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc. | ||||
CVE-2018-6359 | 2 Debian, Libming | 2 Debian Linux, Libming | 2024-11-21 | N/A |
The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file. | ||||
CVE-2018-6307 | 3 Canonical, Debian, Libvnc Project | 3 Ubuntu Linux, Debian Linux, Libvncserver | 2024-11-21 | N/A |
LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution. | ||||
CVE-2018-6268 | 1 Google | 1 Android | 2024-11-21 | N/A |
NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161. | ||||
CVE-2018-6171 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | N/A |
Use after free in Bluetooth in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. |