The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2017-5194 | Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. | MEDIUM | Mar 6, 2017 | n/a |
| CVE-2021-1947 | Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | -- | Sep 17, 2021 | n/a |
| CVE-2016-5421 | Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. | HIGH | Aug 12, 2016 | n/a |
| CVE-2016-4487 | Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to btypevec. | MEDIUM | Feb 24, 2017 | n/a |
| CVE-2015-3890 | Use-after-free vulnerability in Open Litespeed before 1.3.10. | MEDIUM | Sep 20, 2017 | n/a |
| CVE-2015-7687 | Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta. | HIGH | Oct 16, 2017 | n/a |
| CVE-2015-1329 | Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code. | HIGH | Sep 20, 2017 | n/a |
| CVE-2016-10109 | Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses cardsList after the handle has been released through the SCardReleaseContext function. | MEDIUM | Feb 24, 2017 | n/a |
| CVE-2017-14746 | Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. | HIGH | Nov 27, 2017 | n/a |
| CVE-2013-2830 | Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted PDF file. | HIGH | Feb 8, 2018 | n/a |
| CVE-2014-3622 | Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value. | MEDIUM | Feb 24, 2020 | n/a |
| CVE-2016-9137 | Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup processing. | HIGH | Jan 10, 2017 | n/a |
| CVE-2015-0209 | Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.<a href=http://cwe.mitre.org/data/definitions/416.html>CWE-416: Use After Free</a> | Medium | Mar 26, 2015 | openSSL-1.0.4.0 (VxWorks 7) |
| CVE-2017-12877 | Use-after-free vulnerability in the DestroyImage function in image.c in ImageMagick before 7.0.6-6 allows remote attackers to cause a denial of service via a crafted file. | Medium | Aug 30, 2017 | n/a |
| CVE-2016-7910 | Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. | HIGH | Nov 16, 2016 | n/a |
| CVE-2016-7912 | Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call. | HIGH | Nov 16, 2016 | n/a |
| CVE-2017-7264 | Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. | MEDIUM | Mar 26, 2017 | n/a |
| CVE-2016-10150 | Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device. | HIGH | Feb 6, 2017 | n/a |
| CVE-2020-16119 | Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. | MEDIUM | Jan 14, 2021 | n/a |
| CVE-2018-20352 | Use-after-free vulnerability in the mg_cgi_ev_handler function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.13 and earlier allows a denial of service (application crash) or remote code execution. | MEDIUM | Jun 11, 2019 | n/a |
| CVE-2017-7185 | Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string. | MEDIUM | Apr 10, 2017 | n/a |
| CVE-2015-5221 | Use-after-free vulnerability in the mif_process_cmpt function in libjasper/mif/mif_cod.c in the JasPer JPEG-2000 library before 1.900.2 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file. | MEDIUM | Jul 25, 2017 | n/a |
| CVE-2016-10051 | Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | MEDIUM | Mar 24, 2017 | n/a |
| CVE-2016-9279 | Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. | MEDIUM | Jan 20, 2017 | n/a |
| CVE-2017-0861 | Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. | MEDIUM | Nov 16, 2017 | n/a |
| CVE-2017-13711 | Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. | Medium | Sep 5, 2017 | n/a |
| CVE-2016-1634 | Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that triggers Cascading Style Sheets (CSS) style invalidation during a certain subtree-removal action.<a href=http://cwe.mitre.org/data/definitions/416.html>CWE-416: Use After Free</a> | HIGH | Mar 7, 2016 | n/a |
| CVE-2016-6833 | Use-after-free vulnerability in the vmxnet3_io_bar0_write function in hw/net/vmxnet3.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (QEMU instance crash) by leveraging failure to check if the device is active. | LOW | Dec 12, 2016 | n/a |
| CVE-2016-7413 | Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a wddxPacket XML document that lacks an end-tag for a recordset field element, leading to mishandling in a wddx_deserialize call. | HIGH | Sep 19, 2016 | n/a |
| CVE-2015-1351 | Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.<a href=http://cwe.mitre.org/data/definitions/416.html>CWE-416: Use After Free</a> | High | Apr 13, 2015 | n/a |
| CVE-2016-5177 | Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors. | MEDIUM | May 23, 2017 | n/a |
| CVE-2017-5379 | Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox < 51. | MEDIUM | Jun 12, 2018 | n/a |
| CVE-2018-13900 | Use-after-free vulnerability will occur as there is no protection for the route table`s rule in IPA driver in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24. | HIGH | Mar 20, 2019 | n/a |
| CVE-2018-13919 | Use-after-free vulnerability will occur if reset of the routing table encounters an invalid rule id while processing command to reset in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, QCS405, QCS605, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24 | HIGH | Jun 17, 2019 | n/a |
| CVE-2016-9899 | Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | HIGH | Jun 12, 2018 | n/a |
| CVE-2016-9896 | Use-after-free while manipulating the navigator object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1. | MEDIUM | Jun 12, 2018 | n/a |
| CVE-2017-5376 | Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. | HIGH | Jun 12, 2018 | n/a |
| CVE-2023-2763 | Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file. | -- | Jul 12, 2023 | n/a |
| CVE-2019-5787 | Use-after-garbage-collection in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | HIGH | May 28, 2019 | n/a |
| CVE-2023-49214 | Usedesk before 1.7.57 allows chat template injection. | -- | Nov 24, 2023 | n/a |
| CVE-2023-49215 | Usedesk before 1.7.57 allows filter reflected XSS. | -- | Nov 24, 2023 | n/a |
| CVE-2023-49216 | Usedesk before 1.7.57 allows profile stored XSS. | -- | Nov 24, 2023 | n/a |
| CVE-2022-21666 | Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers. Versions prior to Pb2.4Bfx3 allowed Sql injection in usersearch.php only for users with administrative privileges. Users should replace the file `admin/pages/useredit.php` with a newer version. USOC version Pb2.4Bfx3 contains a fixed version of `admin/pages/useredit.php`. | MEDIUM | Jan 10, 2022 | n/a |
| CVE-2022-1071 | User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. | MEDIUM | Mar 26, 2022 | n/a |
| CVE-2021-21115 | User after free in safe browsing in Google Chrome prior to 87.0.4280.141 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | MEDIUM | Jan 10, 2021 | n/a |
| CVE-2019-2308 | User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | HIGH | Jul 29, 2019 | n/a |
| CVE-2023-4501 | User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user. Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon. Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password. | -- | Sep 12, 2023 | n/a |
| CVE-2023-49258 | User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at /gui/terminal_tool.cgi in the data parameter. | -- | Jan 12, 2024 | n/a |
| CVE-2022-23944 | User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | MEDIUM | Feb 1, 2022 | n/a |
| CVE-2020-11177 | User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | HIGH | Feb 26, 2021 | n/a |
