Total
3445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7479 | 1 Php | 1 Php | 2018-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free. A remote attacker may exploit this bug to gain arbitrary code execution. | |||||
| CVE-2016-9936 | 1 Php | 1 Php | 2018-05-03 | 7.5 HIGH | 9.8 CRITICAL |
| The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6834. | |||||
| CVE-2017-14915 | 1 Qualcomm | 8 Sd 625, Sd 625 Firmware, Sd 650 and 5 more | 2018-04-27 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition. | |||||
| CVE-2017-14877 | 1 Google | 1 Android | 2018-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd IPA_IOC_DEL_RT_RULE, a use-after-free condition may occur. | |||||
| CVE-2018-3584 | 1 Google | 1 Android | 2018-04-25 | 5.0 MEDIUM | 7.5 HIGH |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a Use After Free condition can occur in the function rmnet_usb_ctrl_init(). | |||||
| CVE-2018-3599 | 1 Google | 1 Android | 2018-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while notifying a DCI client, a Use After Free condition can occur. | |||||
| CVE-2017-14881 | 1 Google | 1 Android | 2018-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur. | |||||
| CVE-2016-10385 | 1 Google | 1 Android | 2018-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS. | |||||
| CVE-2018-8962 | 1 Libming | 1 Libming | 2018-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2018-8964 | 1 Libming | 1 Libming | 2018-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2018-8961 | 1 Libming | 1 Libming | 2018-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2018-8807 | 1 Libming | 1 Libming | 2018-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2018-8963 | 1 Libming | 1 Libming | 2018-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2018-8806 | 1 Libming | 1 Libming | 2018-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c. Remote attackers could use this vulnerability to cause a denial-of-service via a crafted swf file. | |||||
| CVE-2017-16528 | 1 Linux | 1 Linux Kernel | 2018-04-06 | 7.2 HIGH | 6.6 MEDIUM |
| sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2018-3561 | 1 Google | 1 Android | 2018-04-04 | 4.4 MEDIUM | 7.0 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in diag_ioctl_lsm_deinit() leads to a Use After Free condition. | |||||
| CVE-2017-18066 | 1 Google | 1 Android | 2018-04-04 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, improper controls in MSM CORE leads to use memory after it is freed in msm_core_ioctl(). | |||||
| CVE-2018-6916 | 1 Freebsd | 1 Freebsd | 2018-03-29 | 9.0 HIGH | 9.8 CRITICAL |
| In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results. | |||||
| CVE-2018-7249 | 2 Microsoft, Tivo | 5 Windows 7, Windows 8, Windows 8.1 and 2 more | 2018-03-22 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel. | |||||
| CVE-2018-4902 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2018-03-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted PDF file containing a video annotation (and corresponding media files) that is activated by the embedded JavaScript. Successful exploitation could lead to arbitrary code execution. | |||||