Total
3445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7687 | 2 Fedoraproject, Openbsd | 2 Fedora, Opensmtpd | 2017-11-01 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta. | |||||
| CVE-2017-11048 | 1 Google | 1 Android | 2017-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur. | |||||
| CVE-2017-14857 | 1 Exiv2 | 1 Exiv2 | 2017-10-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Exiv2 0.26, there is an invalid free in the Image class in image.cpp that leads to a Segmentation fault. A crafted input will lead to a denial of service attack. | |||||
| CVE-2015-1329 | 1 Canonical | 1 Ubuntu Linux | 2017-09-28 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code. | |||||
| CVE-2017-9676 | 1 Google | 1 Android | 2017-09-26 | 2.6 LOW | 4.7 MEDIUM |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, potential use after free scenarios and race conditions can occur when accessing global static variables without using a lock. | |||||
| CVE-2017-6966 | 1 Gnu | 1 Binutils | 2017-09-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. This is caused by mishandling of an invalid symbol index, and mishandling of state across invocations. | |||||
| CVE-2013-2873 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-18 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a 404 HTTP status code during the loading of resources. | |||||
| CVE-2013-2860 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-18 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process. | |||||
| CVE-2013-2857 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-18 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of images. | |||||
| CVE-2013-2856 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-18 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. | |||||
| CVE-2013-2858 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-09-18 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2012-5116 | 1 Google | 1 Chrome | 2017-09-18 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG filters. | |||||
| CVE-2012-5126 | 1 Google | 1 Chrome | 2017-09-18 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of plug-in placeholders. | |||||
| CVE-2012-5125 | 1 Google | 1 Chrome | 2017-09-18 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs. | |||||
| CVE-2012-5121 | 1 Google | 1 Chrome | 2017-09-18 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to video layout. | |||||
| CVE-2015-3107 | 6 Adobe, Apple, Google and 3 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2017-09-16 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106. | |||||
| CVE-2017-14103 | 1 Graphicsmagick | 1 Graphicsmagick | 2017-09-05 | 6.8 MEDIUM | 8.8 HIGH |
| The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403. | |||||
| CVE-2016-4625 | 1 Apple | 1 Mac Os X | 2017-09-02 | 7.2 HIGH | 7.8 HIGH |
| Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2016-7633 | 1 Apple | 1 Mac Os X | 2017-09-02 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors. | |||||
| CVE-2017-2353 | 1 Apple | 1 Mac Os X | 2017-09-01 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. | |||||