CVE Daily
← All tags

Tag: Use-After-Free

All CVEs associated with "Use-After-Free". Page 50/58 • 6956 CVEs.

Subscribe CVEs: RSS for “Use-After-Free”  ·  RSS (High+Critical only)

About “Use-After-Free”

A curated feed of “Use-After-Free”-related CVEs appears below. We currently track 6956 CVEs for this tag (all time). In the last 365 days, 1453 were published. Average CVSS is 7.9 (all time; 7.6 over 365d), and 79% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer.

In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2016-06-05
High

CVE-2016-1700

extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cau…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2016-1690

The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2016-1680

Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or p…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-1679

The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote a…

CVSS: 8.8 CWE: N/A View on NVD
2016-05-23
High

CVE-2016-4805

Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or pos…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-4794

Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2016-4558

The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2016-4557

The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or caus…

CVSS: 7.8 CWE: N/A View on NVD
2016-05-20
Medium

CVE-2016-1837

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS…

CVSS: 5.5 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows…

CVSS: 5.5 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-1835

Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of servic…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-1819

Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2016-05-16
Critical

CVE-2015-6835

The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or ca…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2015-6834

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2015-4116

Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a f…

CVSS: 9.8 CWE: N/A View on NVD
2016-05-14
High

CVE-2016-1663

The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishand…

CVSS: 8.8 CWE: N/A View on NVD
Critical

CVE-2016-1662

extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a…

CVSS: 9.8 CWE: N/A View on NVD
2016-05-13
Critical

CVE-2016-2099

Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML d…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1578

Use-after-free vulnerability in Oxide allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to responding synchronously t…

CVSS: 9.8 CWE: N/A View on NVD
2016-05-11
Critical

CVE-2016-4107

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-4102

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1122

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1121

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1094

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1075

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1070

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1069

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1068

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1067

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1066

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1065

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1061

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1060

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1059

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1058

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1057

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1056

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1055

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1054

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1053

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1052

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1051

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1050

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1049

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1048

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1047

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1046

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1045

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2016-0184

Use-after-free vulnerability in GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gol…

CVSS: 8.8 CWE: N/A View on NVD
2016-04-30
High

CVE-2016-2811

Use-after-free vulnerability in the ServiceWorkerInfo class in the Service Worker subsystem in Mozilla Firefox before 46.0 allows remote attackers to execute arbitrary code via vectors related to the…

CVSS: 8.8 CWE: N/A View on NVD
2016-04-27
Medium

CVE-2016-2547

sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use…

CVSS: 5.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2016-2546

sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a cra…

CVSS: 5.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2016-2544

Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making…

CVSS: 5.1 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Critical

CVE-2015-8812

drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service…

CVSS: 9.8 CWE: N/A View on NVD
2016-04-25
Medium

CVE-2016-4077

epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use…

CVSS: 5.9 CWE: N/A View on NVD
2016-04-22
High

CVE-2015-8823

Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, A…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-4064

Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge cal…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2016-4063

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2016-4060

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2016-4059

Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.

CVSS: 7.8 CWE: N/A View on NVD
2016-04-20
High

CVE-2015-7801

Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via a crafted PNG file.

CVSS: 8.8 CWE: N/A View on NVD
2016-04-18
High

CVE-2016-1655

Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or pos…

CVSS: 8.8 CWE: N/A View on NVD
2016-04-12
High

CVE-2016-1568

Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with IDE AHCI Emulation support, allows guest OS users to cause a denial of service (instance crash) or possibly execute arbitrary co…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2015-8833

Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbit…

CVSS: 9.8 CWE: N/A View on NVD
2016-04-09
High

CVE-2016-1031

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-1017

Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allow…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-1016

Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linu…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-1013

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-1011

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2016-03-31
Critical

CVE-2016-3141

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash…

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2016-03-29
High

CVE-2016-1648

Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2016-1647

Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy function in content/browser/renderer_host/render_widget_host_impl.cc in the Navigation implementation in Google Chrome before 49.0.26…

CVSS: 8.8 CWE: N/A View on NVD
2016-03-24
High

CVE-2016-1750

Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2016-03-13
High

CVE-2016-1644

WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of s…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2016-1979

Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote a…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2016-1978

Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers t…

CVSS: 7.3 CWE: N/A View on NVD
Medium

CVE-2016-1976

Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or poss…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2016-1973

Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-a…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2016-1972

Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vec…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2016-1964

Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of se…

CVSS: 8.8 CWE: N/A View on NVD
Critical

CVE-2016-1962

Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2016-1961

Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2016-1960

Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause…

CVSS: 8.8 CWE: N/A View on NVD
2016-03-12
High

CVE-2016-1000

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-0999

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-0998

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-0997

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-0996

Use-after-free vulnerability in the setInterval method in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-0995

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-0994

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-0991

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-0990

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-0988

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-0987

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe A…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2016-03-06
High

CVE-2016-1641

Use-after-free vulnerability in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 49.0.2623.75 allows remote attackers to cause a denial of service or possibly have unspecifie…

CVSS: 8.8 CWE: N/A View on NVD
Critical

CVE-2016-1639

Use-after-free vulnerability in browser/extensions/api/webrtc_audio_private/webrtc_audio_private_api.cc in the WebRTC Audio Private API implementation in Google Chrome before 49.0.2623.75 allows remo…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2016-1635

extensions/renderer/render_frame_observer_natives.cc in Google Chrome before 49.0.2623.75 does not properly consider object lifetimes and re-entrancy issues during OnDocumentElementCreated handling,…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2016-1634

Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows rem…

CVSS: 8.8 CWE: N/A View on NVD
Critical

CVE-2016-1633

Use-after-free vulnerability in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS: 9.8 CWE: N/A View on NVD
2016-03-04
High

CVE-2015-8822

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2015-8821

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2015-8655

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2015-8653

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2016-02-22
High

CVE-2016-2536

Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. NOTE: the primary affected product may be…

CVSS: 8.8 CWE: CWE-399 View on NVD
2016-02-15
Critical

CVE-2016-0746

Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspeci…

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD
2016-02-10
High

CVE-2016-0984

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR S…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-0983

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR S…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-0982

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR S…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2016-0975

Use-after-free vulnerability in the instanceof function in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR bef…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-0974

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR S…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2016-0973

Use-after-free vulnerability in the URLRequest object implementation in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux,…

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2016-02-08
High

CVE-2016-0728

The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2016-0723

Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (…

CVSS: 6.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2016-02-07
High

CVE-2016-0809

Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the loc…

CVSS: 8.8 CWE: CWE-264 View on NVD
2016-01-29
Critical

CVE-2015-8789

Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" fo…

CVSS: 9.6 CWE: N/A View on NVD
2016-01-25
High

CVE-2016-1613

Multiple use-after-free vulnerabilities in the formfiller implementation in PDFium, as used in Google Chrome before 48.0.2564.82, allow remote attackers to cause a denial of service or possibly have…

CVSS: 7.6 CWE: N/A View on NVD
2016-01-19
High

CVE-2015-8616

Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application…

CVSS: 8.6 CWE: N/A View on NVD
High

CVE-2015-6832

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitra…

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2015-6831

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObjec…

CVSS: 7.3 CWE: CWE-416 - Use After Free View on NVD
2016-01-14
High

CVE-2016-0941

Use-after-free vulnerability in the Search object implementation in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader…

CVSS: 8.8 CWE: N/A View on NVD