CWE-416
Use After Free
Description
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (1,889)
page 85 of 95| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-27195 | — | 0.00 | — | 0.00 | Oct 22, 2020 | HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6 | ||
| CVE-2020-8945 | — | 0.00 | — | 0.02 | Feb 12, 2020 | The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. | ||
| CVE-2019-16882 | — | 0.00 | — | 0.00 | Sep 25, 2019 | An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw. | ||
| CVE-2019-16881 | — | 0.00 | — | 0.01 | Sep 25, 2019 | An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback. | ||
| CVE-2019-16138 | — | 0.00 | — | 0.02 | Sep 9, 2019 | An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution. | ||
| CVE-2019-16140 | — | 0.00 | — | 0.01 | Sep 9, 2019 | An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion. | ||
| CVE-2018-20997 | — | 0.00 | — | 0.01 | Aug 26, 2019 | An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing. | ||
| CVE-2019-15552 | — | 0.00 | — | 0.02 | Aug 26, 2019 | An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution. | ||
| CVE-2019-7560 | 0.00 | — | 0.00 | Feb 7, 2019 | In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted input file leads to a use after free in get_failed_assumptions or btor_delete. | |||
| CVE-2018-1000807 | — | 0.00 | — | 0.03 | Oct 8, 2018 | Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be… | ||
| CVE-2017-15412 | — | 0.00 | — | 0.03 | Aug 28, 2018 | Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2015-6126 | 0.00 | — | 0.01 | Dec 9, 2015 | Race condition in the Pragmatic General Multicast (PGM) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511… | |||
| CVE-2015-7312 | 0.00 | — | 0.00 | Nov 16, 2015 | Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync… | |||
| CVE-2015-7621 | 0.00 | — | 0.01 | Oct 14, 2015 | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute… | |||
| CVE-2015-7619 | 0.00 | — | 0.02 | Oct 14, 2015 | The ANShareFile2 method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass… | |||
| CVE-2015-7618 | 0.00 | — | 0.01 | Oct 14, 2015 | The CBAutoConfigCommentRepository method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers… | |||
| CVE-2015-7617 | 0.00 | — | 0.01 | Oct 14, 2015 | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute… | |||
| CVE-2015-7615 | 0.00 | — | 0.01 | Oct 14, 2015 | Use-after-free vulnerability in a SaveAs feature in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows… | |||
| CVE-2015-6691 | 0.00 | — | 0.03 | Oct 14, 2015 | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute… | |||
| CVE-2015-6690 | 0.00 | — | 0.01 | Oct 14, 2015 | Use-after-free vulnerability in the popUpMenuEx method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X… |
- CVE-2020-27195Oct 22, 2020risk 0.00cvss —epss 0.00
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
- CVE-2020-8945Feb 12, 2020risk 0.00cvss —epss 0.02
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
- CVE-2019-16882Sep 25, 2019risk 0.00cvss —epss 0.00
An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw.
- CVE-2019-16881Sep 25, 2019risk 0.00cvss —epss 0.01
An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback.
- CVE-2019-16138Sep 9, 2019risk 0.00cvss —epss 0.02
An issue was discovered in the image crate before 0.21.3 for Rust, affecting the HDR image format decoder. Vec::set_len is called on an uninitialized vector, leading to a use-after-free and arbitrary code execution.
- CVE-2019-16140Sep 9, 2019risk 0.00cvss —epss 0.01
An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion.
- CVE-2018-20997Aug 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing.
- CVE-2019-15552Aug 26, 2019risk 0.00cvss —epss 0.02
An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution.
- CVE-2019-7560Feb 7, 2019risk 0.00cvss —epss 0.00
In parser/btorsmt2.c in Boolector 3.0.0, opening a specially crafted input file leads to a use after free in get_failed_assumptions or btor_delete.
- CVE-2018-1000807Oct 8, 2018risk 0.00cvss —epss 0.03
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be…
- CVE-2017-15412Aug 28, 2018risk 0.00cvss —epss 0.03
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- CVE-2015-6126Dec 9, 2015risk 0.00cvss —epss 0.01
Race condition in the Pragmatic General Multicast (PGM) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511…
- CVE-2015-7312Nov 16, 2015risk 0.00cvss —epss 0.00
Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync…
- CVE-2015-7621Oct 14, 2015risk 0.00cvss —epss 0.01
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute…
- CVE-2015-7619Oct 14, 2015risk 0.00cvss —epss 0.02
The ANShareFile2 method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass…
- CVE-2015-7618Oct 14, 2015risk 0.00cvss —epss 0.01
The CBAutoConfigCommentRepository method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers…
- CVE-2015-7617Oct 14, 2015risk 0.00cvss —epss 0.01
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute…
- CVE-2015-7615Oct 14, 2015risk 0.00cvss —epss 0.01
Use-after-free vulnerability in a SaveAs feature in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows…
- CVE-2015-6691Oct 14, 2015risk 0.00cvss —epss 0.03
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute…
- CVE-2015-6690Oct 14, 2015risk 0.00cvss —epss 0.01
Use-after-free vulnerability in the popUpMenuEx method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X…