Total
6189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2584 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 3.6 LOW | 7.1 HIGH |
| arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt. | |||||
| CVE-2017-2360 | 2 Apple, Webkitgtk | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. | |||||
| CVE-2017-11254 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-2951 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-2808 | 1 Ledger-cli | 1 Ledger | 2025-04-20 | 6.8 MEDIUM | 7.5 HIGH |
| An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability. | |||||
| CVE-2017-8277 | 1 Google | 1 Android | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when traversing the list next time. | |||||
| CVE-2016-4473 | 2 Php, Suse | 3 Php, Linux Enterprise Module For Web Scripting, Linux Enterprise Software Development Kit | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| /ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833. | |||||
| CVE-2017-10948 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.1.6871. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the app.execMenuItem function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-4723. | |||||
| CVE-2017-2958 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-5031 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2015-6673 | 1 Libpgf | 1 Libpgf | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. | |||||
| CVE-2017-14989 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMagick 7.0.7-4 Q16 allows attackers to crash the application via a crafted font file, because the FT_Done_Glyph function (from FreeType 2) is called at an incorrect place in the ImageMagick code. | |||||
| CVE-2017-5080 | 3 Google, Linux, Microsoft | 3 Chrome, Linux Kernel, Windows | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | |||||
| CVE-2017-16939 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. | |||||
| CVE-2017-3081 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-2982 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-11232 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-6885 | 1 Matrixssl | 1 Matrixssl | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation. | |||||
| CVE-2017-3075 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-17820 | 2 Canonical, Nasm | 2 Ubuntu Linux, Netwide Assembler | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors. | |||||