Vulnerabilities > Use After Free

DATE CVE VULNERABILITY TITLE RISK
2016-10-05 CVE-2016-7020 Use After Free vulnerability in Adobe Flash Player and Flash Player Desktop Runtime
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.
network
low complexity
adobe CWE-416
8.8
2016-09-26 CVE-2016-6309 Use After Free vulnerability in Openssl 1.1.0A
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
network
low complexity
openssl CWE-416
critical
9.8
2016-09-26 CVE-2016-6980 Use After Free vulnerability in Adobe Digital Editions
Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263.
network
low complexity
adobe CWE-416
critical
9.8
2016-09-25 CVE-2016-5171 Use After Free vulnerability in Google Chrome
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
network
low complexity
google CWE-416
8.8
2016-09-25 CVE-2016-5170 Use After Free vulnerability in Google Chrome
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.
network
low complexity
google CWE-416
8.8
2016-09-22 CVE-2016-5281 Use After Free vulnerability in Mozilla Firefox
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
network
low complexity
mozilla CWE-416
critical
9.8
2016-09-22 CVE-2016-5280 Use After Free vulnerability in Mozilla Firefox
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.
network
low complexity
mozilla CWE-416
critical
9.8
2016-09-22 CVE-2016-5277 Use After Free vulnerability in Mozilla Firefox
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.
network
low complexity
mozilla CWE-416
critical
9.8
2016-09-22 CVE-2016-5276 Use After Free vulnerability in Mozilla Firefox
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.
network
low complexity
mozilla CWE-416
critical
9.8
2016-09-22 CVE-2016-5274 Use After Free vulnerability in Mozilla Firefox
Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.
network
low complexity
mozilla CWE-416
critical
9.8