Vulnerabilities > Use After Free

DATE CVE VULNERABILITY TITLE RISK
2017-01-11 CVE-2017-2936 Use After Free vulnerability in Adobe Flash Player
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript FileReference class.
network
low complexity
adobe CWE-416
8.8
2017-01-11 CVE-2017-2932 Use After Free vulnerability in Adobe Flash Player
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class.
network
low complexity
adobe CWE-416
8.8
2017-01-05 CVE-2016-6892 Use After Free vulnerability in Matrixssl
The x509FreeExtensions function in MatrixSSL before 3.8.6 allows remote attackers to cause a denial of service (free of unallocated memory) via a crafted X.509 certificate.
network
low complexity
matrixssl CWE-416
7.5
2017-01-04 CVE-2016-9936 Use After Free vulnerability in PHP
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted serialized data.
network
low complexity
php CWE-416
critical
9.8
2017-01-04 CVE-2016-9138 Use After Free vulnerability in PHP
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.
network
low complexity
php CWE-416
critical
9.8
2017-01-04 CVE-2016-9137 Use After Free vulnerability in PHP
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing.
network
low complexity
php CWE-416
critical
9.8
2016-12-30 CVE-2016-10088 Use After Free vulnerability in Linux Kernel
The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.
local
high complexity
linux CWE-416
7.0
2016-12-28 CVE-2016-9794 Use After Free vulnerability in Linux Kernel
Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.
local
low complexity
linux CWE-416
7.8
2016-12-28 CVE-2016-9576 Use After Free vulnerability in Linux Kernel
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.
local
low complexity
linux CWE-416
7.8
2016-12-23 CVE-2016-9923 Use After Free vulnerability in Qemu
Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue.
local
low complexity
qemu CWE-416
5.5