Vulnerabilities > Use After Free

DATE CVE VULNERABILITY TITLE RISK
2017-11-15 CVE-2017-15115 Use After Free vulnerability in multiple products
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel before 4.14 does not check whether the intended netns is used in a peel-off action, which allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls.
local
low complexity
linux debian suse canonical CWE-416
7.8
2017-11-15 CVE-2017-15271 Use After Free vulnerability in Psftp Psftpd 10.0.4
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729.
network
high complexity
psftp CWE-416
5.9
2017-11-10 CVE-2017-12780 Use After Free vulnerability in Matroska Libebml2, Mkclean and Mkvalidator
The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.
network
low complexity
matroska CWE-416
6.5
2017-11-07 CVE-2017-16648 Use After Free vulnerability in Linux Kernel
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
low complexity
linux CWE-416
6.6
2017-11-07 CVE-2017-2922 Use After Free vulnerability in Cesanta Mongoose 6.8
An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8.
network
low complexity
cesanta CWE-416
critical
9.8
2017-11-07 CVE-2017-2891 Use After Free vulnerability in Cesanta Mongoose 6.8
An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8.
network
low complexity
cesanta CWE-416
critical
9.8
2017-11-04 CVE-2017-16528 Use After Free vulnerability in multiple products
sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
low complexity
linux canonical CWE-416
6.6
2017-11-04 CVE-2017-16527 Use After Free vulnerability in multiple products
sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
low complexity
linux canonical debian CWE-416
6.6
2017-11-04 CVE-2017-16525 Use After Free vulnerability in multiple products
The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.
low complexity
linux debian canonical CWE-416
6.6
2017-10-31 CVE-2017-10948 Use After Free vulnerability in Foxitsoftware Foxit Reader 8.2.1.6871
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871.
network
low complexity
foxitsoftware CWE-416
8.8