Search
Total
479 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8339 | 1 Falco | 1 Falco | 2019-05-28 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Falco through 0.14.0. A missing indicator for insufficient resources allows local users to bypass the detection engine. | |||||
| CVE-2019-7136 | 3 Adobe, Apple, Microsoft | 3 Bridge Cc, Mac Os X, Windows | 2019-05-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Bridge CC versions 9.0.2 have an use after free vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2019-6556 | 1 Omron | 2 Common Components, Cx-programmer | 2019-04-15 | 6.8 MEDIUM | 6.6 MEDIUM |
| When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. | |||||
| CVE-2018-18091 | 1 Intel | 1 Graphics Driver | 2019-04-04 | 2.1 LOW | 6.5 MEDIUM |
| Use after free in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an unprivileged user to potentially enable a denial of service via local access. | |||||
| CVE-2018-20592 | 2 Fedoraproject, Msweet | 2 Fedora, Mini-xml | 2019-04-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc. | |||||
| CVE-2018-20005 | 2 Fedoraproject, Msweet | 2 Fedora, Mini-xml | 2019-04-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc. | |||||
| CVE-2018-9517 | 1 Google | 1 Android | 2019-04-03 | 7.2 HIGH | 6.7 MEDIUM |
| In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. | |||||
| CVE-2016-5823 | 1 Libical Project | 1 Libical | 2019-04-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. | |||||
| CVE-2016-5824 | 3 Canonical, Libical Project, Redhat | 8 Ubuntu Linux, Libical, Enterprise Linux Desktop and 5 more | 2019-04-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file. | |||||
| CVE-2018-10876 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-04-01 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. | |||||
| CVE-2017-17820 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assmembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors. | |||||
| CVE-2017-17817 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assmembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack. | |||||
| CVE-2017-17816 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack. | |||||
| CVE-2017-17813 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors. | |||||
| CVE-2017-17814 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2019-03-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack. | |||||
| CVE-2018-12929 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2019-03-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem. | |||||
| CVE-2016-1837 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document. | |||||
| CVE-2016-1836 | 6 Apple, Canonical, Debian and 3 more | 14 Iphone Os, Mac Os X, Tvos and 11 more | 2019-03-25 | 4.3 MEDIUM | 5.5 MEDIUM |
| Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document. | |||||
| CVE-2018-11412 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2019-03-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode. | |||||
| CVE-2017-11232 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2019-03-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2018-16541 | 4 Artifex, Canonical, Debian and 1 more | 9 Ghostscript, Ubuntu Linux, Debian Linux and 6 more | 2019-03-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect free logic in pagedevice replacement to crash the interpreter. | |||||
| CVE-2019-7560 | 1 Boolector Project | 1 Boolector | 2019-02-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted input file leads to a use after free in get_failed_assumptions or btor_delete. | |||||
| CVE-2018-19876 | 1 Cairographics | 1 Cairo | 2019-01-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error. | |||||
| CVE-2018-20535 | 1 Nasm | 1 Netwide Assembler | 2019-01-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt. | |||||
| CVE-2018-20538 | 1 Nasm | 1 Netwide Assembler | 2019-01-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests. | |||||
| CVE-2018-17236 | 1 Mp4v2 Project | 1 Mp4v2 | 2018-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal. | |||||
| CVE-2015-5221 | 4 Fedoraproject, Jasper Project, Opensuse and 1 more | 5 Fedora, Jasper, Leap and 2 more | 2018-11-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | |||||
| CVE-2017-16648 | 1 Linux | 1 Linux Kernel | 2018-10-31 | 7.2 HIGH | 6.6 MEDIUM |
| The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. | |||||
| CVE-2016-7591 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 9.3 HIGH | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. | |||||
| CVE-2016-6265 | 2 Artifex, Opensuse | 3 Mupdf, Leap, Opensuse | 2018-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Use-after-free vulnerability in the pdf_load_xref function in pdf/pdf-xref.c in MuPDF allows remote attackers to cause a denial of service (crash) via a crafted PDF file. | |||||
| CVE-2017-6420 | 1 Clamav | 1 Clamav | 2018-10-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. | |||||
| CVE-2017-15271 | 1 Psftp | 1 Psftpd | 2018-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effective DoS attack against this service. By sending a crafted SSH identification / version string to the server, a NULL pointer dereference could be caused, apparently because of a race condition in the window message handling, performing the cleanup for invalid connections. This incorrect cleanup code has a use-after-free. | |||||
| CVE-2018-1999013 | 1 Ffmpeg | 1 Ffmpeg | 2018-09-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| FFmpeg before commit a7e032a277452366771951e29fd0bf2bd5c029f0 contains a use-after-free vulnerability in the realmedia demuxer that can result in vulnerability allows attacker to read heap memory. This attack appear to be exploitable via specially crafted RM file has to be provided as input. This vulnerability appears to have been fixed in a7e032a277452366771951e29fd0bf2bd5c029f0 and later. | |||||
| CVE-2017-16527 | 1 Linux | 1 Linux Kernel | 2018-08-24 | 7.2 HIGH | 6.6 MEDIUM |
| sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2016-9067 | 1 Mozilla | 1 Firefox | 2018-07-30 | 5.0 MEDIUM | 6.5 MEDIUM |
| Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. | |||||
| CVE-2017-18272 | 1 Imagemagick | 1 Imagemagick | 2018-06-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call. | |||||
| CVE-2017-12431 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the function ReadWMFImage in coders/wmf.c, which allows attackers to cause a denial of service. | |||||
| CVE-2017-14989 | 1 Imagemagick | 1 Imagemagick | 2018-06-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. | |||||
| CVE-2017-17975 | 1 Linux | 1 Linux Kernel | 2018-05-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure. | |||||
| CVE-2018-5826 | 1 Google | 1 Android | 2018-05-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, due to a race condition, a Use After Free condition can occur in the WLAN driver. | |||||
| CVE-2017-13257 | 1 Google | 1 Android | 2018-05-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110692. | |||||
| CVE-2017-15129 | 1 Linux | 1 Linux Kernel | 2018-05-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely. | |||||
| CVE-2018-8806 | 1 Libming | 1 Libming | 2018-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c. Remote attackers could use this vulnerability to cause a denial-of-service via a crafted swf file. | |||||
| CVE-2018-8962 | 1 Libming | 1 Libming | 2018-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2018-8961 | 1 Libming | 1 Libming | 2018-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2018-8964 | 1 Libming | 1 Libming | 2018-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2018-8963 | 1 Libming | 1 Libming | 2018-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2018-8807 | 1 Libming | 1 Libming | 2018-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | |||||
| CVE-2017-16528 | 1 Linux | 1 Linux Kernel | 2018-04-07 | 7.2 HIGH | 6.6 MEDIUM |
| sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. | |||||
| CVE-2017-16525 | 1 Linux | 1 Linux Kernel | 2018-03-16 | 7.2 HIGH | 6.6 MEDIUM |
| The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. | |||||