CWE:
 

Topic
Date
Author
Med.
PHP 5.6.9 Use-After-Free
10.06.2015
High-Tech Bridge Secur...


CVEMAP Search Results

CVE
Details
Description
2018-06-11
Medium
CVE-2018-5101

Vendor: Mozilla
Software: Firefox
 

 
A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 58.

 
Medium
CVE-2018-5100

Vendor: Mozilla
Software: Firefox
 

 
A use-after-free vulnerability can occur when arguments passed to the "IsPotentiallyScrollable" function are freed while still in use by scripts. This results in a potentially exploitable crash. This vulnerability affects Firefox < 58.

 
Medium
CVE-2018-5092

Vendor: Mozilla
Software: Firefox
 

 
A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. This vulnerability affects Firefox < 58.

 
2018-06-08
Medium
CVE-2018-4200

Vendor: Apple
Software: Apple tv
 

 
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.

 
2018-06-06
High
CVE-2018-5846

Vendor: Google
Software: Android
 

 
A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

 
High
CVE-2018-5845

Vendor: Google
Software: Android
 

 
A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.

 
2018-05-31
Medium
CVE-2018-11624

Vendor: Imagemagick
Software: Imagemagick
 

 
In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.

 
2018-05-26
Low
CVE-2018-11496

Vendor: Lrzip project
Software: Lrzip
 

 
In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.

 
Medium
CVE-2018-11499

Updating...
 

 
A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possibly unspecified other impact.

 
2018-05-24
Low
CVE-2018-11412

Vendor: Linux
Software: Linux kernel
 

 
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top