Search Results (8317 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-36902 1 Microsoft 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more 2025-04-14 7 High
Windows Runtime Remote Code Execution Vulnerability
CVE-2022-47939 1 Linux 1 Linux Kernel 2025-04-14 9.8 Critical
An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.
CVE-2022-4292 2 Netapp, Vim 2 Ontap Select Deploy Administration Utility, Vim 2025-04-14 7.8 High
Use After Free in GitHub repository vim/vim prior to 9.0.0882.
CVE-2024-11155 1 Rockwellautomation 1 Arena 2025-04-14 7.8 High
A “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
CVE-2022-3662 1 Axiosys 1 Bento4 2025-04-14 7.3 High
A vulnerability was found in Axiomatic Bento4. It has been declared as critical. This vulnerability affects the function GetOffset of the file Ap4Sample.h of the component mp42hls. The manipulation leads to use after free. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212002 is the identifier assigned to this vulnerability.
CVE-2022-3666 1 Axiosys 1 Bento4 2025-04-14 7.3 High
A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_LinearReader::Advance of the file Ap4LinearReader.cpp of the component mp42ts. The manipulation leads to use after free. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212006 is the identifier assigned to this vulnerability.
CVE-2024-25763 1 Opennds 1 Opennds 2025-04-14 5.5 Medium
openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c.
CVE-2014-0203 3 Linux, Oracle, Redhat 3 Linux Kernel, Linux, Enterprise Linux 2025-04-12 5.5 Medium
The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.
CVE-2016-2099 2 Apache, Opensuse 2 Xerces-c\+\+, Opensuse 2025-04-12 N/A
Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
CVE-2014-0100 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2025-04-12 N/A
Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load.
CVE-2016-9120 1 Linux 1 Linux Kernel 2025-04-12 7.8 High
Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time.
CVE-2016-7180 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-04-12 N/A
epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in Wireshark 2.x before 2.0.6 does not properly consider whether a string is constant, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.
CVE-2016-7154 1 Xen 1 Xen 2025-04-12 N/A
Use-after-free vulnerability in the FIFO event channel code in Xen 4.4.x allows local guest OS administrators to cause a denial of service (host crash) and possibly execute arbitrary code or obtain sensitive information via an invalid guest frame number.
CVE-2016-7117 4 Canonical, Debian, Linux and 1 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2025-04-12 9.8 Critical
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
CVE-2016-5421 6 Canonical, Debian, Fedoraproject and 3 more 7 Ubuntu Linux, Debian Linux, Fedora and 4 more 2025-04-12 8.1 High
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
CVE-2016-5281 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
CVE-2016-5280 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.
CVE-2016-5277 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.
CVE-2016-5276 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.
CVE-2016-5274 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.