Total
6804 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10217 | 1 Artifex | 1 Ghostscript | 2025-04-20 | N/A |
| The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file that is mishandled in the color management module. | ||||
| CVE-2017-3062 | 6 Adobe, Apple, Google and 3 more | 8 Flash Player, Mac Os X, Chrome Os and 5 more | 2025-04-20 | N/A |
| Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-3058 | 6 Adobe, Apple, Google and 3 more | 8 Flash Player, Mac Os X, Chrome Os and 5 more | 2025-04-20 | N/A |
| Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-3057 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | N/A |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-3027 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | N/A |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-14103 | 1 Graphicsmagick | 1 Graphicsmagick | 2025-04-20 | N/A |
| The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in GraphicsMagick 1.3.26 do not properly manage image pointers after certain error conditions, which allows remote attackers to conduct use-after-free attacks via a crafted file, related to a ReadMNGImage out-of-order CloseBlob call. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-11403. | ||||
| CVE-2017-15642 | 2 Debian, Sound Exchange Project | 2 Debian Linux, Sound Exchange | 2025-04-20 | N/A |
| In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is a Use-After-Free vulnerability triggered by supplying a malformed AIFF file. | ||||
| CVE-2015-5221 | 5 Fedoraproject, Jasper Project, Opensuse and 2 more | 6 Fedora, Jasper, Leap and 3 more | 2025-04-20 | N/A |
| Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | ||||
| CVE-2016-5219 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-20 | N/A |
| A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2016-5213 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-20 | N/A |
| A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2017-8824 | 2 Linux, Redhat | 9 Linux Kernel, Enterprise Linux, Enterprise Mrg and 6 more | 2025-04-20 | 7.8 High |
| The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state. | ||||
| CVE-2017-16939 | 3 Debian, Linux, Redhat | 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more | 2025-04-20 | 7.8 High |
| The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. | ||||
| CVE-2015-5177 | 2 Debian, Openslp | 2 Debian Linux, Openslp | 2025-04-20 | N/A |
| Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package. | ||||
| CVE-2017-9612 | 2 Artifex, Debian | 2 Ghostscript Ghostxps, Debian Linux | 2025-04-20 | N/A |
| The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. | ||||
| CVE-2017-2951 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | N/A |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2016-8693 | 4 Fedoraproject, Jasper Project, Opensuse and 1 more | 4 Fedora, Jasper, Opensuse and 1 more | 2025-04-20 | N/A |
| Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. | ||||
| CVE-2016-7591 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "IOHIDFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. | ||||
| CVE-2017-9789 | 1 Apache | 1 Http Server | 2025-04-20 | N/A |
| When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. | ||||
| CVE-2016-4473 | 3 Php, Redhat, Suse | 4 Php, Rhel Software Collections, Linux Enterprise Module For Web Scripting and 1 more | 2025-04-20 | N/A |
| /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833. | ||||
| CVE-2017-11176 | 3 Debian, Linux, Redhat | 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more | 2025-04-20 | 7.8 High |
| The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact. | ||||