CWE:
 

Tytuł
Data
Autor
High
Sqlite3 Window Function Remote Code Execution
13.05.2019
Cisco Talos
Med.
PHP 5.6.9 Use-After-Free
10.06.2015
High-Tech Bridge Secur...


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2019-11-13
High
CVE-2019-2205

Vendor: Google
Software: Android
 

 
In ProxyResolverV8::SetPacScript of proxy_resolver_v8.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139806216

 
Medium
CVE-2019-2213

Vendor: Google
Software: Android
 

 
In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-133758011References: Upstream kernel

 
2019-11-12
Low
CVE-2011-2334

Vendor: Google
Software: Blink
 

 
Use after free vulnerability exists in WebKit in Google Chrome before Blink M12 in RenderLayerwhen removing elements with reflections.

 
2019-11-08
Low
CVE-2019-14824

Vendor: Fedoraproject
Software: 389 director...
 

 
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.

 
2019-11-07
Low
CVE-2011-2353

Vendor: Google
Software: Blink
 

 
Use after free vulnerability in documentloader in WebKit in Google Chrome before Blink M13 in DocumentWriter::replaceDocument function.

 
Medium
CVE-2019-18814

Vendor: Linux
Software: Linux kernel
 

 
An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.

 
2019-11-04
Medium
CVE-2019-18178

Vendor: Amazon
Software: Freertos\+fat
 

 
Real Time Engineers FreeRTOS+FAT 160919a has a use after free. The function FF_Close() is defined in ff_file.c. The file handler pxFile is freed by ffconfigFREE, which (by default) is a macro definition of vPortFree(), but it is reused to flush modified file content from the cache to disk by the function FF_FlushCache().

 
2019-10-25
Medium
CVE-2019-17140

Updating...
 

 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OnFocus event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9091.

 
Medium
CVE-2019-17141

Updating...
 

 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Calculate action of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9044.

 
Medium
CVE-2019-17142

Updating...
 

 
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Keystroke action of a listbox field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9081.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top