Vulnerabilities > Use After Free

DATE CVE VULNERABILITY TITLE RISK
2016-08-05 CVE-2016-5259 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.
network
low complexity
mozilla oracle CWE-416
8.8
2016-08-05 CVE-2016-5258 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.
network
low complexity
oracle mozilla CWE-416
8.8
2016-08-05 CVE-2016-5255 Use After Free vulnerability in Mozilla Firefox
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.
network
low complexity
mozilla CWE-416
8.8
2016-08-05 CVE-2016-5254 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.
network
low complexity
mozilla oracle CWE-416
critical
9.8
2016-07-25 CVE-2016-6295 Use After Free vulnerability in PHP
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via crafted serialized data, a related issue to CVE-2016-5773.
network
low complexity
php CWE-416
critical
9.8
2016-07-25 CVE-2016-6290 Use After Free vulnerability in PHP
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session deserialization.
network
low complexity
php CWE-416
critical
9.8
2016-07-23 CVE-2016-5136 Use After Free vulnerability in Google Chrome
Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.
network
low complexity
google CWE-416
8.8
2016-07-23 CVE-2016-5131 Use After Free vulnerability in multiple products
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
8.8
2016-07-23 CVE-2016-5127 Use After Free vulnerability in Google Chrome
Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.
network
high complexity
google CWE-416
7.5
2016-07-23 CVE-2016-1708 Use After Free vulnerability in Google Chrome
The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.
network
low complexity
google CWE-416
8.8