Export limit exceeded: 335225 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7791 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-7993 | 1 Huawei | 2 Mate 10, Mate 10 Firmware | 2024-11-21 | N/A |
| HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause execution of arbitrary code. | ||||
| CVE-2018-7899 | 1 Huawei | 4 Berkeley-al20, Berkeley-al20 Firmware, Berkeley-bd and 1 more | 2024-11-21 | N/A |
| The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot. | ||||
| CVE-2018-7817 | 1 Schneider-electric | 1 Zelio Soft 2 | 2024-11-21 | N/A |
| A Use After Free (CWE-416) vulnerability exists in Zelio Soft 2 v5.1 and prior versions which could cause remote code execution when opening a specially crafted Zelio Soft project file. | ||||
| CVE-2018-7589 | 1 Cimg | 1 Cimg | 2024-11-21 | N/A |
| An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image. | ||||
| CVE-2018-7554 | 2 Debian, Sam2p Project | 2 Debian Linux, Sam2p | 2024-11-21 | N/A |
| There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | ||||
| CVE-2018-7551 | 2 Debian, Sam2p Project | 2 Debian Linux, Sam2p | 2024-11-21 | N/A |
| There is an invalid free in MiniPS::delete0 in minips.cpp that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | ||||
| CVE-2018-7523 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a double free vulnerability. | ||||
| CVE-2018-7521 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | N/A |
| In Omron CX-Supervisor Versions 3.30 and prior, use after free vulnerabilities can be exploited when CX Supervisor parses a specially crafted project file. | ||||
| CVE-2018-7480 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 7.8 High |
| The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure. | ||||
| CVE-2018-7263 | 2 Redhat, Underbit | 2 Enterprise Linux, Libmad | 2024-11-21 | N/A |
| The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may overlap CVE-2017-11552. | ||||
| CVE-2018-7249 | 2 Microsoft, Tivo | 5 Windows 7, Windows 8, Windows 8.1 and 2 more | 2024-11-21 | N/A |
| An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel. | ||||
| CVE-2018-7162 | 1 Nodejs | 1 Node.js | 2024-11-21 | 7.5 High |
| All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation. | ||||
| CVE-2018-7054 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2024-11-21 | N/A |
| An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191. | ||||
| CVE-2018-7053 | 3 Canonical, Debian, Irssi | 3 Ubuntu Linux, Debian Linux, Irssi | 2024-11-21 | N/A |
| An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order. | ||||
| CVE-2018-6952 | 2 Gnu, Redhat | 2 Patch, Enterprise Linux | 2024-11-21 | N/A |
| A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. | ||||
| CVE-2018-6916 | 1 Freebsd | 1 Freebsd | 2024-11-21 | N/A |
| In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results. | ||||
| CVE-2018-6703 | 1 Mcafee | 1 Agent | 2024-11-21 | 9.8 Critical |
| Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service. | ||||
| CVE-2018-6641 | 1 Wiris | 1 Mathtype | 2024-11-21 | 9.8 Critical |
| An Arbitrary Free (Remote Code Execution) issue was discovered in Design Science MathType 6.9c. Crafted input can overwrite a structure, leading to a function call with an invalid parameter, and a subsequent free of important data such as a function pointer or list pointer. This is fixed in 6.9d. | ||||
| CVE-2018-6556 | 4 Canonical, Linuxcontainers, Opensuse and 1 more | 6 Ubuntu Linux, Lxc, Leap and 3 more | 2024-11-21 | N/A |
| lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2. | ||||
| CVE-2018-6555 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | N/A |
| The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. | ||||