Vulnerabilities > Use After Free

DATE CVE VULNERABILITY TITLE RISK
2016-09-09 CVE-2016-7180 Use After Free vulnerability in multiple products
epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
network
high complexity
debian wireshark CWE-416
5.9
2016-08-19 CVE-2015-8949 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
network
low complexity
debian dbd-mysql-project CWE-416
critical
9.8
2016-08-19 CVE-2014-9906 Use After Free vulnerability in multiple products
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
network
low complexity
debian dbd-mysql-project CWE-416
critical
9.8
2016-08-10 CVE-2016-5421 Use After Free vulnerability in multiple products
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
8.1
2016-08-07 CVE-2015-0568 Use After Free vulnerability in Linux Kernel
Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.
local
low complexity
linux CWE-416
7.8
2016-08-07 CVE-2016-5142 Use After Free vulnerability in Google Chrome
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.
network
low complexity
google CWE-416
critical
9.8
2016-08-07 CVE-2016-5773 Use After Free vulnerability in PHP
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data containing a ZipArchive object.
network
low complexity
php CWE-416
critical
9.8
2016-08-07 CVE-2016-5771 Use After Free vulnerability in multiple products
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data.
network
low complexity
php opensuse debian CWE-416
critical
9.8
2016-08-06 CVE-2016-3841 Use After Free vulnerability in multiple products
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
local
low complexity
google linux CWE-416
7.3
2016-08-05 CVE-2016-5264 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.
network
low complexity
mozilla oracle CWE-416
8.8