Vulnérabilités des apps mobiles
99 entrées
| CVE | Sévérité | KEV | Publié | Description |
|---|---|---|---|---|
| CVE-2020-6819 | HIGH 8.1 | KEV | Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abu… | |
| CVE-2020-6820 | HIGH 8.1 | KEV | Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing thi… | |
| CVE-2019-17026 | HIGH 8.8 | KEV | Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild a… | |
| CVE-2020-6418 | HIGH 8.8 | KEV | Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-18426 | HIGH 8.2 | KEV | A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and l… | |
| CVE-2019-13720 | HIGH 8.8 | KEV | Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2019-1297 | HIGH 8.8 | KEV | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Rem… | |
| CVE-2019-11707 | HIGH 8.8 | KEV | A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware… | |
| CVE-2018-17480 | HIGH 8.8 | KEV | Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a rem… | |
| CVE-2018-6065 | HIGH 8.8 | KEV | Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a r… | |
| CVE-2018-17463 | HIGH 8.8 | KEV | Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafte… | |
| CVE-2016-9079 | HIGH 7.5 | KEV | A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox a… | |
| CVE-2018-0798 | HIGH 8.8 | KEV | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability … | |
| CVE-2018-0802 | HIGH 7.8 | KEV | Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability d… | |
| CVE-2017-5070 | HIGH 8.8 | KEV | Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to execute arb… | |
| CVE-2017-11826 | HIGH 7.8 | KEV | Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 200… | |
| CVE-2017-11774 | HIGH 7.8 | KEV | Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles … | |
| CVE-2017-5030 | HIGH 8.8 | KEV | Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote a… | |
| CVE-2017-0037 | HIGH 8.1 | KEV | Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningEle… | |
| CVE-2016-5198 | HIGH 8.8 | KEV | V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumpt… | |
| CVE-2016-7262 | HIGH 7.8 | KEV | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted re… | |
| CVE-2016-7201 | HIGH 8.8 | KEV | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via… | |
| CVE-2016-7200 | HIGH 8.8 | KEV | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via… | |
| CVE-2016-7193 | HIGH 7.8 | KEV | Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word… | |
| CVE-2016-1646 | HIGH 8.8 | KEV | The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data t… | |
| CVE-2015-4495 | HIGH 8.8 | KEV | The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Po… | |
| CVE-2015-2424 | HIGH 8.8 | KEV | Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, Word 2010 SP2, PowerPoint 2013 SP1, Word 2013 SP1, and PowerPoint 2013 RT SP1 allow remote a… | |
| CVE-2015-1641 | HIGH 7.8 | KEV | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Ser… | |
| CVE-2014-1761 | HIGH 7.8 | KEV | Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Servic… | |
| CVE-2013-1690 | HIGH 8.8 | KEV | Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadyst… | |
| CVE-2013-0641 | HIGH 7.8 | KEV | Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via… | |
| CVE-2013-0640 | HIGH 7.8 | KEV | Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allow remote attackers to execute arbitrary code or cause a denial of se… | |
| CVE-2012-2539 | HIGH 7.8 | KEV | Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attacker… | |
| CVE-2011-0611 | HIGH 8.8 | KEV | Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay… | |
| CVE-2011-0609 | HIGH 7.8 | KEV | Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR… | |
| CVE-2010-2572 | HIGH 7.8 | KEV | Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "Powe… | |
| CVE-2010-2883 | HIGH 7.3 | KEV | Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers t… | |
| CVE-2010-0188 | HIGH 7.8 | KEV | Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) o… | |
| CVE-2009-4324 | HIGH 7.8 | KEV | Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and … | |
| CVE-2009-3129 | HIGH 7.8 | KEV | Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003… | |
| CVE-2009-1862 | HIGH 7.8 | KEV | Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remot… | |
| CVE-2009-0556 | HIGH 8.8 | KEV | Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary cod… | |
| CVE-2009-0927 | HIGH 8.8 | KEV | Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary co… | |
| CVE-2009-0238 | HIGH 8.8 | KEV | Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerP… | |
| CVE-2008-2992 | HIGH 7.8 | KEV | Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.… | |
| CVE-2007-5659 | HIGH 7.8 | KEV | Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to … | |
| CVE-2008-0655 | HIGH 8.8 | KEV | Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors. | |
| CVE-2007-0671 | HIGH 8.8 | KEV | Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to exe… | |
| CVE-2024-4367 | HIGH 8.8 | — | A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Fire… |