Total
5377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0568 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call. | |||||
| CVE-2014-9946 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | |||||
| CVE-2014-9940 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-11-21 | 7.6 HIGH | 7.0 HIGH |
| The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. | |||||
| CVE-2014-9930 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | |||||
| CVE-2014-9926 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | |||||
| CVE-2014-9914 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. | |||||
| CVE-2014-9906 | 2 Dbd-mysql Project, Debian | 2 Dbd-mysql, Debian Linux | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection. | |||||
| CVE-2014-9482 | 1 Libdwarf Project | 1 Libdwarf | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through 20140805 might allow remote attackers to cause a denial of service (program crash) via a crafted ELF file. | |||||
| CVE-2014-4654 | 3 Canonical, Linux, Suse | 3 Ubuntu Linux, Linux Kernel, Linux Enterprise Server | 2024-11-21 | 4.6 MEDIUM | N/A |
| The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. | |||||
| CVE-2014-4653 | 3 Canonical, Linux, Suse | 3 Ubuntu Linux, Linux Kernel, Linux Enterprise Server | 2024-11-21 | 4.6 MEDIUM | N/A |
| sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. | |||||
| CVE-2014-4060 | 1 Microsoft | 6 Windows 7, Windows 8, Windows 8.1 and 3 more | 2024-11-21 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center TV Pack for Windows Vista, Windows 7 SP1, and Windows Media Center for Windows 8 and 8.1 allows remote attackers to execute arbitrary code via a crafted Office document that triggers deletion of a CSyncBasePlayer object, aka "CSyncBasePlayer Use After Free Vulnerability." | |||||
| CVE-2014-3622 | 1 Php | 1 Php | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep value. | |||||
| CVE-2014-3471 | 1 Qemu | 1 Qemu | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (QEMU instance crash) via hotplug and hotunplug operations of Virtio block devices. | |||||
| CVE-2014-3194 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2024-11-21 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2014-3193 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2024-11-21 | 7.5 HIGH | N/A |
| The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage "type confusion" for callback processing. | |||||
| CVE-2014-3192 | 3 Apple, Google, Redhat | 9 Iphone Os, Itunes, Safari and 6 more | 2024-11-21 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the ProcessingInstruction::setXSLStyleSheet function in core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2014-3191 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2024-11-21 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree, related to the FrameView::updateLayoutAndStyleForPainting function in core/frame/FrameView.cpp and the RenderLayerScrollableArea::setScrollOffset function in core/rendering/RenderLayerScrollableArea.cpp. | |||||
| CVE-2014-3190 | 2 Google, Redhat | 5 Chrome, Enterprise Linux Desktop Supplementary, Enterprise Linux Server Supplementary and 2 more | 2024-11-21 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that accesses the path property of an Event object. | |||||
| CVE-2014-2851 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 6.9 MEDIUM | N/A |
| Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. | |||||
| CVE-2014-2568 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 2.9 LOW | N/A |
| Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced. | |||||