Export limit exceeded: 366859 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8325 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3890 | 1 Litespeedtech | 1 Openlitespeed | 2025-04-20 | 7.5 High |
| Use-after-free vulnerability in Open Litespeed before 1.3.10. | ||||
| CVE-2015-1329 | 1 Canonical | 1 Ubuntu Linux | 2025-04-20 | N/A |
| Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code. | ||||
| CVE-2016-10200 | 3 Google, Linux, Redhat | 6 Android, Linux Kernel, Enterprise Linux and 3 more | 2025-04-20 | 7.0 High |
| Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. | ||||
| CVE-2017-17973 | 1 Libtiff | 1 Libtiff | 2025-04-20 | 8.8 High |
| In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue | ||||
| CVE-2017-9986 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. | ||||
| CVE-2017-9985 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-20 | 7.8 High |
| The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. | ||||
| CVE-2017-9984 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.8 High |
| The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability. | ||||
| CVE-2017-9287 | 5 Debian, Mcafee, Openldap and 2 more | 11 Debian Linux, Policy Auditor, Openldap and 8 more | 2025-04-20 | 6.5 Medium |
| servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. | ||||
| CVE-2017-7946 | 1 Radare | 1 Radare2 | 2025-04-20 | N/A |
| The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 1.3.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted Mach0 file. | ||||
| CVE-2017-7191 | 1 Irssi | 1 Irssi | 2025-04-20 | N/A |
| The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2017-7185 | 1 Cesanta | 2 Mongoose Embedded Web Server Library, Mongoose Os | 2025-04-20 | N/A |
| Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string. | ||||
| CVE-2017-5924 | 1 Virustotal | 1 Yara | 2025-04-20 | N/A |
| libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function. | ||||
| CVE-2017-5836 | 1 Libimobiledevice | 1 Libplist | 2025-04-20 | N/A |
| The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free. | ||||
| CVE-2017-5666 | 1 Mp3splt Project | 1 Mp3splt | 2025-04-20 | N/A |
| The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file. | ||||
| CVE-2017-5100 | 4 Debian, Google, Microsoft and 1 more | 7 Debian Linux, Chrome, Windows and 4 more | 2025-04-20 | 8.8 High |
| A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| CVE-2017-5098 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2025-04-20 | 8.8 High |
| A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| CVE-2017-5092 | 4 Debian, Google, Microsoft and 1 more | 4 Debian Linux, Chrome, Windows and 1 more | 2025-04-20 | N/A |
| Insufficient validation of untrusted input in PPAPI Plugins in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2017-5091 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2025-04-20 | 8.8 High |
| A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| CVE-2017-5087 | 5 Apple, Google, Linux and 2 more | 9 Macos, Android, Chrome and 6 more | 2025-04-20 | 8.8 High |
| A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape. | ||||
| CVE-2017-5080 | 4 Google, Linux, Microsoft and 1 more | 4 Chrome, Linux Kernel, Windows and 1 more | 2025-04-20 | N/A |
| A use after free in credit card autofill in Google Chrome prior to 59.0.3071.86 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||