Filtered by vendor
Subscriptions
Total
5628 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-49115 | 2024-12-20 | 8.1 High | ||
Windows Remote Desktop Services Remote Code Execution Vulnerability | ||||
CVE-2024-49108 | 2024-12-20 | 8.1 High | ||
Windows Remote Desktop Services Remote Code Execution Vulnerability | ||||
CVE-2024-49106 | 2024-12-20 | 8.1 High | ||
Windows Remote Desktop Services Remote Code Execution Vulnerability | ||||
CVE-2024-49097 | 2024-12-20 | 7 High | ||
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | ||||
CVE-2024-49074 | 2024-12-20 | 7.8 High | ||
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | ||||
CVE-2024-49069 | 2024-12-20 | 7.8 High | ||
Microsoft Excel Remote Code Execution Vulnerability | ||||
CVE-2024-12694 | 2024-12-20 | N/A | ||
Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2013-2551 | 1 Microsoft | 9 Internet Explorer, Windows 7, Windows 8 and 6 more | 2024-12-20 | 8.8 High |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. | ||||
CVE-2013-1347 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2024-12-20 | 8.8 High |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. | ||||
CVE-2024-4948 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | 6.5 Medium |
Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-2176 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | 8.8 High |
Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-4949 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | 6.5 Medium |
Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2024-2400 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | 8.8 High |
Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2024-5157 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | 8.8 High |
Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
CVE-2012-4792 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2024-12-19 | 8.8 High |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012. | ||||
CVE-2024-23839 | 2 Fedoraproject, Oisf | 2 Fedora, Suricata | 2024-12-19 | 7.1 High |
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords. | ||||
CVE-2014-1776 | 1 Microsoft | 11 Internet Explorer, Windows 7, Windows 8 and 8 more | 2024-12-19 | 9.8 Critical |
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this issue originally emphasized VGX.DLL, but Microsoft clarified that "VGX.DLL does not contain the vulnerable code leveraged in this exploit. Disabling VGX.DLL is an exploit-specific workaround that provides an immediate, effective workaround to help block known attacks." | ||||
CVE-2014-0322 | 1 Microsoft | 7 Internet Explorer, Windows 7, Windows 8 and 4 more | 2024-12-19 | 8.8 High |
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014. | ||||
CVE-2024-9712 | 1 Trimble | 1 Sketchup | 2024-12-19 | 7.8 High |
Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23530. | ||||
CVE-2024-9713 | 1 Trimble | 2 Sketchup, Sketchup Pro | 2024-12-19 | 7.8 High |
Trimble SketchUp Pro SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23885. |