Total
4506 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-10497 | 1 Qualcomm | 86 Mdm9150, Mdm9150 Firmware, Mdm9206 and 83 more | 2019-10-02 | 4.6 MEDIUM | 7.8 HIGH |
Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | |||||
CVE-2019-10509 | 1 Qualcomm | 64 Msm8909w, Msm8909w Firmware, Msm8996au and 61 more | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016 | |||||
CVE-2019-9427 | 1 Google | 1 Android | 2019-10-01 | 2.1 LOW | 5.5 MEDIUM |
In Bluetooth, there is a possible information disclosure due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110166350 | |||||
CVE-2019-9431 | 1 Google | 1 Android | 2019-09-30 | 4.0 MEDIUM | 4.9 MEDIUM |
In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109755179 | |||||
CVE-2019-16882 | 1 String-interner Project | 1 String-interner | 2019-09-26 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw. | |||||
CVE-2019-16881 | 1 Portaudio-rs Project | 1 Portaudio-rs | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback. | |||||
CVE-2018-21008 | 1 Linux | 1 Linux Kernel | 2019-09-24 | 4.9 MEDIUM | 5.5 MEDIUM |
An issue was discovered in the Linux kernel before 4.16.7. A use-after-free can be caused by the function rsi_mac80211_detach in the file drivers/net/wireless/rsi/rsi_91x_mac80211.c. | |||||
CVE-2019-15890 | 2 Libslirp Project, Qemu | 2 Libslirp, Qemu | 2019-09-20 | 5.0 MEDIUM | 7.5 HIGH |
libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. | |||||
CVE-2019-16510 | 1 Mz-automation | 1 Libiec61850 | 2019-09-19 | 5.0 MEDIUM | 7.5 HIGH |
libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose. | |||||
CVE-2019-16396 | 1 Gnucobol Project | 1 Gnucobol | 2019-09-18 | 6.8 MEDIUM | 7.8 HIGH |
GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code. | |||||
CVE-2018-19824 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-09-10 | 4.6 MEDIUM | 7.8 HIGH |
In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. | |||||
CVE-2019-16165 | 1 Gnu | 1 Cflow | 2019-09-10 | 4.3 MEDIUM | 6.5 MEDIUM |
GNU cflow through 1.6 has a use-after-free in the reference function in parser.c. | |||||
CVE-2019-16138 | 1 Image-rs | 1 Image | 2019-09-10 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution. | |||||
CVE-2019-9271 | 1 Google | 1 Android | 2019-09-09 | 4.4 MEDIUM | 6.4 MEDIUM |
In the Android kernel in the mnh driver there is a race condition due to insufficient locking. This could lead to a use-after-free which could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2019-15552 | 1 Libflate Project | 1 Libflate | 2019-09-05 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution. | |||||
CVE-2019-7363 | 1 Autodesk | 1 Design Review | 2019-08-30 | 6.8 MEDIUM | 7.8 HIGH |
Use-after-free vulnerability in Autodesk Design Review versions 2011, 2012, 2013, and 2018. An attacker may trick a user into opening a malicious DWF file that may leverage a use-after-free vulnerability, which may result in code execution. | |||||
CVE-2019-7761 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 9.3 HIGH | 8.8 HIGH |
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-7768 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-7766 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-7796 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 9.3 HIGH | 8.8 HIGH |
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. |