Vulnerabilities (CVE)

Filtered by CWE-416
Total 4506 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5823 1 Libical Project 1 Libical 2019-04-02 4.3 MEDIUM 5.5 MEDIUM
The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.
CVE-2017-10686 2 Canonical, Nasm 2 Ubuntu Linux, Netwide Assembler 2019-03-28 6.8 MEDIUM 7.8 HIGH
In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.
CVE-2018-0491 1 Torproject 1 Tor 2019-03-26 5.0 MEDIUM 7.5 HIGH
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
CVE-2017-17816 2 Canonical, Nasm 2 Ubuntu Linux, Netwide Assembler 2019-03-26 4.3 MEDIUM 5.5 MEDIUM
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-17814 2 Canonical, Nasm 2 Ubuntu Linux, Netwide Assembler 2019-03-26 4.3 MEDIUM 5.5 MEDIUM
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.
CVE-2017-17813 2 Canonical, Nasm 2 Ubuntu Linux, Netwide Assembler 2019-03-26 4.3 MEDIUM 5.5 MEDIUM
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.
CVE-2018-12929 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2019-03-26 4.9 MEDIUM 5.5 MEDIUM
ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.
CVE-2016-1819 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2019-03-25 9.3 HIGH 7.8 HIGH
Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1818.
CVE-2016-1750 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2019-03-25 9.3 HIGH 7.8 HIGH
Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2016-1837 6 Apple, Canonical, Debian and 3 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2019-03-25 4.3 MEDIUM 5.5 MEDIUM
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1836 6 Apple, Canonical, Debian and 3 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2019-03-25 4.3 MEDIUM 5.5 MEDIUM
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2018-11529 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2019-03-21 6.8 MEDIUM 8.0 HIGH
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
CVE-2016-1863 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2019-03-20 7.2 HIGH 7.8 HIGH
The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.
CVE-2017-9182 1 Autotrace Project 1 Autotrace 2019-03-19 5.0 MEDIUM 7.5 HIGH
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (use-after-free and invalid heap read), related to the GET_COLOR function in color.c:16:11.
CVE-2017-2463 2 Apple, Microsoft 6 Icloud, Iphone Os, Itunes and 3 more 2019-03-19 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-5194 2 Debian, Irssi 2 Debian Linux, Irssi 2019-03-19 5.0 MEDIUM 7.5 HIGH
Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message.
CVE-2018-11412 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2019-03-15 4.3 MEDIUM 5.9 MEDIUM
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
CVE-2018-1000051 2 Artifex, Debian 2 Mupdf, Debian Linux 2019-03-14 6.8 MEDIUM 7.8 HIGH
Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability in fz_keep_key_storable that can result in DOS / Possible code execution. This attack appear to be exploitable via Victim opens a specially crafted PDF.
CVE-2017-11256 3 Adobe, Apple, Microsoft 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more 2019-03-14 9.3 HIGH 8.8 HIGH
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution.
CVE-2017-11254 3 Adobe, Apple, Microsoft 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more 2019-03-14 6.8 MEDIUM 8.8 HIGH
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution.