Filtered by CWE-416
Filtered by vendor Subscriptions
Total 5628 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-49115 2024-12-20 8.1 High
Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49108 2024-12-20 8.1 High
Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49106 2024-12-20 8.1 High
Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49097 2024-12-20 7 High
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
CVE-2024-49074 2024-12-20 7.8 High
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-49069 2024-12-20 7.8 High
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-12694 2024-12-20 N/A
Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2013-2551 1 Microsoft 9 Internet Explorer, Windows 7, Windows 8 and 6 more 2024-12-20 8.8 High
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
CVE-2013-1347 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-12-20 8.8 High
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
CVE-2024-4948 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 6.5 Medium
Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-2176 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 8.8 High
Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-4949 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 6.5 Medium
Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-2400 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 8.8 High
Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-5157 2 Fedoraproject, Google 2 Fedora, Chrome 2024-12-19 8.8 High
Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2012-4792 1 Microsoft 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more 2024-12-19 8.8 High
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
CVE-2024-23839 2 Fedoraproject, Oisf 2 Fedora, Suricata 2024-12-19 7.1 High
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.
CVE-2014-1776 1 Microsoft 11 Internet Explorer, Windows 7, Windows 8 and 8 more 2024-12-19 9.8 Critical
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks."
CVE-2014-0322 1 Microsoft 7 Internet Explorer, Windows 7, Windows 8 and 4 more 2024-12-19 8.8 High
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.
CVE-2024-9712 1 Trimble 1 Sketchup 2024-12-19 7.8 High
Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23530.
CVE-2024-9713 1 Trimble 2 Sketchup, Sketchup Pro 2024-12-19 7.8 High
Trimble SketchUp Pro SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23885.