Vulnerabilities (CVE)

CWE filter

CWE-416

Filter

789 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-16840 1 Canonical 1 Ubuntu Linux 2018-12-07 7.5
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct...
CVE-2018-17615 1 Foxitsoftware 2 Phantompdf, Reader 2018-12-06 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2018-17616 1 Foxitsoftware 2 Phantompdf, Reader 2018-12-06 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2018-17618 1 Foxitsoftware 2 Phantompdf, Reader 2018-12-06 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2018-17620 1 Foxitsoftware 2 Phantompdf, Reader 2018-12-06 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2018-17623 1 Foxitsoftware 2 Phantompdf, Reader 2018-12-06 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2018-17624 1 Foxitsoftware 2 Phantompdf, Reader 2018-12-06 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2018-17619 1 Foxitsoftware 1 Reader 2018-12-06 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2018-17621 1 Foxitsoftware 1 Reader 2018-12-06 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2018-17617 1 Foxitsoftware 1 Reader 2018-12-06 6.8
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
CVE-2018-12378 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2018-12-06 7.5
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox <...
CVE-2018-12377 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2018-12-06 7.5
A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is deleted while still in use. This results in a potentially exploitable crash. This vulnerability affects...
CVE-2018-3940 1 Foxitsoftware 2 Phantompdf, Reader 2018-12-06 6.8
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused. An attacker needs to...
CVE-2018-15366 2018-12-04 7.2
A UrlfWTPPagePtr KERedirect Use-After-Free Privilege Escalation vulnerability in Trend Micro Antivirus for Mac (Consumer) 7.0 (2017) and above could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first...
CVE-2018-12363 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2018-12-03 6.8
A use-after-free vulnerability can occur when script uses mutation events to move DOM nodes between documents, resulting in the old document that held the node being freed but the node still having a pointer referencing it. This results in a...
CVE-2018-12360 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2018-12-03 6.8
A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60, Thunderbird...
CVE-2018-12822 1 Adobe 1 Digital Editions 2018-12-03 10.0
Adobe Digital Editions versions 4.5.8 and below have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2018-10675 1 Linux 1 Linux Kernel 2018-11-30 7.2
The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
CVE-2017-8824 1 Linux 1 Linux Kernel 2018-11-30 7.2
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
CVE-2017-18017 1 Linux 1 Linux Kernel 2018-11-30 10.0
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified...