CWE-399: Resource Management Errors — known CVE vulnerabilities
CVEs classified under CWE-399 (Resource Management Errors), ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2015-8104 — CVSS 10.0 (critical): The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host…
CVE-2015-0339 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows…
CVE-2015-0335 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows…
CVE-2015-0333 — CVSS 10.0 (critical): Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows…
CVE-2014-4121 — CVSS 10.0 (critical): Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers…
CVE-2014-0560 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers…
CVE-2014-0528 — CVSS 10.0 (critical): Double free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to…
CVE-2014-0527 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers…
CVE-2014-1763 — CVSS 10.0 (critical): Use-after-free vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code and bypass a…
CVE-2014-0474 — CVSS 10.0 (critical): The (1) FilePathField, (2) GenericIPAddressField, and (3) IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6…
CVE-2014-0506 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and…
CVE-2013-3195 — CVSS 10.0 (critical): The DSA_InsertItem function in Comctl32.dll in the Windows common control library in Microsoft Windows XP SP2, Windows Server 2003 SP2…
CVE-2013-1686 — CVSS 10.0 (critical): Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird…
CVE-2013-2781 — CVSS 10.0 (critical): Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service…
CVE-2013-1681 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before…
CVE-2013-1679 — CVSS 10.0 (critical): Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before…
CVE-2013-1677 — CVSS 10.0 (critical): The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6…
CVE-2013-2833 — CVSS 10.0 (critical): Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause a denial of…
CVE-2013-0650 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before…
CVE-2013-1374 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x…
CVE-2013-0649 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x…
CVE-2013-0644 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x…
CVE-2013-0602 — CVSS 10.0 (critical): Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to…
CVE-2012-5112 — CVSS 10.0 (critical): Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to…
CVE-2012-2803 — CVSS 10.0 (critical): Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and…
CVE-2012-3970 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2012-3964 — CVSS 10.0 (critical): Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7…
CVE-2012-3958 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x…
CVE-2012-1962 — CVSS 10.0 (critical): Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before…
CVE-2012-1954 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6…
CVE-2012-1951 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before…
CVE-2012-2559 — CVSS 10.0 (critical): WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a…
CVE-2011-3108 — CVSS 10.0 (critical): Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allows remote attackers to execute arbitrary code via vectors related to…
CVE-2011-3099 — CVSS 10.0 (critical): Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of…
CVE-2011-3091 — CVSS 10.0 (critical): Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial…
CVE-2011-3089 — CVSS 10.0 (critical): Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have…
CVE-2011-3086 — CVSS 10.0 (critical): Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have…
CVE-2011-3079 — CVSS 10.0 (critical): The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and…
CVE-2012-0469 — CVSS 10.0 (critical): Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through…
CVE-2012-0768 — CVSS 10.0 (critical): The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris…
CVE-2011-3488 — CVSS 10.0 (critical): Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc…
CVE-2011-3143 — CVSS 10.0 (critical): Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5…
CVE-2011-2363 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox…
CVE-2011-0085 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and…
CVE-2011-0083 — CVSS 10.0 (critical): Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox…
CVE-2011-1854 — CVSS 10.0 (critical): Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary…
CVE-2011-0066 — CVSS 10.0 (critical): Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers…
CVE-2011-0065 — CVSS 10.0 (critical): Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers…
CVE-2011-0057 — CVSS 10.0 (critical): Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey…
CVE-2011-0055 — CVSS 10.0 (critical): Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and…