CWE:
 

Topic
Date
Author
Med.
PHP 5.6.9 Use-After-Free
10.06.2015
High-Tech Bridge Secur...


CVEMAP Search Results

CVE
Details
Description
2018-12-11
Medium
CVE-2018-18343

Vendor: Google
Software: Chrome
 

 
Incorrect handing of paths leading to a use after free in Skia in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

 
Medium
CVE-2018-18337

Vendor: Google
Software: Chrome
 

 
Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

 
Medium
CVE-2018-18336

Vendor: Google
Software: Chrome
 

 
Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

 
Medium
CVE-2018-17481

Vendor: Google
Software: Chrome
 

 
Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

 
2018-12-04
Medium
CVE-2018-6086

Vendor: Google
Software: Chrome
 

 
A double-eviction in the Incognito mode cache that lead to a user-after-free in Networking Disk Cache in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

 
Medium
CVE-2018-6087

Vendor: Google
Software: Chrome
 

 
A use-after-free in WebAssembly in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

 
2018-11-13
High
CVE-2018-8544

Vendor: Microsoft
Software: Windows 10
 

 
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

 
2018-11-12
Medium
CVE-2018-19216

Vendor: NASM
Software: Netwide asse...
 

 
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.

 
2018-11-06
Medium
CVE-2018-9465

Vendor: Google
Software: Android
 

 
In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel.

 
Medium
CVE-2018-9422

Vendor: Debian
Software: Debian linux
 

 
In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top