Total
4955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20062 | 2025-05-13 | N/A | N/A | ||
| Use after free for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.100 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2025-26594 | 3 Redhat, Tigervnc, X.org | 4 Enterprise Linux, Tigervnc, X Server and 1 more | 2025-05-13 | N/A | 7.8 HIGH |
| A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free. | |||||
| CVE-2022-25723 | 1 Qualcomm | 16 Sd 8 Gen1 5g Firmware, Sm8475, Wcd9380 and 13 more | 2025-05-13 | N/A | 7.8 HIGH |
| Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile | |||||
| CVE-2021-47335 | 1 Linux | 1 Linux Kernel | 2025-05-12 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid racing on fsync_entry_slab by multi filesystem instances As syzbot reported, there is an use-after-free issue during f2fs recovery: Use-after-free write at 0xffff88823bc16040 (in kfence-#10): kmem_cache_destroy+0x1f/0x120 mm/slab_common.c:486 f2fs_recover_fsync_data+0x75b0/0x8380 fs/f2fs/recovery.c:869 f2fs_fill_super+0x9393/0xa420 fs/f2fs/super.c:3945 mount_bdev+0x26c/0x3a0 fs/super.c:1367 legacy_get_tree+0xea/0x180 fs/fs_context.c:592 vfs_get_tree+0x86/0x270 fs/super.c:1497 do_new_mount fs/namespace.c:2905 [inline] path_mount+0x196f/0x2be0 fs/namespace.c:3235 do_mount fs/namespace.c:3248 [inline] __do_sys_mount fs/namespace.c:3456 [inline] __se_sys_mount+0x2f9/0x3b0 fs/namespace.c:3433 do_syscall_64+0x3f/0xb0 arch/x86/entry/common.c:47 entry_SYSCALL_64_after_hwframe+0x44/0xae The root cause is multi f2fs filesystem instances can race on accessing global fsync_entry_slab pointer, result in use-after-free issue of slab cache, fixes to init/destroy this slab cache only once during module init/destroy procedure to avoid this issue. | |||||
| CVE-2025-0072 | 1 Arm | 2 5th Gen Gpu Architecture Kernel Driver, Valhall Gpu Kernel Driver | 2025-05-12 | N/A | 7.8 HIGH |
| Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0. | |||||
| CVE-2025-0427 | 1 Arm | 3 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-05-12 | N/A | 7.8 HIGH |
| Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r8p0 through r49p3, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r19p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0. | |||||
| CVE-2024-45566 | 1 Qualcomm | 46 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 43 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption during concurrent buffer access due to modification of the reference count. | |||||
| CVE-2024-45554 | 1 Qualcomm | 42 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 39 more | 2025-05-09 | N/A | 7.0 HIGH |
| Memory corruption during concurrent SSR execution due to race condition on the global maps list. | |||||
| CVE-2024-45567 | 1 Qualcomm | 28 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 25 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption while encoding JPEG format. | |||||
| CVE-2024-45564 | 1 Qualcomm | 126 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 123 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption during concurrent access to server info object due to incorrect reference count update. | |||||
| CVE-2024-45583 | 1 Qualcomm | 14 Fastconnect 7800, Fastconnect 7800 Firmware, Snapdragon 8 Gen 3 Mobile and 11 more | 2025-05-09 | N/A | 7.8 HIGH |
| Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations. | |||||
| CVE-2024-25062 | 1 Xmlsoft | 1 Libxml2 | 2025-05-09 | N/A | 7.5 HIGH |
| An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. | |||||
| CVE-2022-25666 | 1 Qualcomm | 296 Apq8096au, Apq8096au Firmware, Aqt1000 and 293 more | 2025-05-09 | N/A | 6.7 MEDIUM |
| Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2025-27578 | 2025-05-08 | N/A | N/A | ||
| Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition. | |||||
| CVE-2025-31946 | 2025-05-08 | N/A | N/A | ||
| Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash. | |||||
| CVE-2022-43033 | 1 Axiosys | 1 Bento4 | 2025-05-08 | N/A | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.6.0-639. There is a bad free in the component AP4_HdlrAtom::~AP4_HdlrAtom() which allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2022-39823 | 1 Softing | 2 Opc, Opc Ua C\+\+ Software Development Kit | 2025-05-08 | N/A | 7.5 HIGH |
| An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error | |||||
| CVE-2024-1059 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-05-08 | N/A | 8.8 HIGH |
| Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-52752 | 1 Linux | 1 Linux Kernel | 2025-05-07 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] <TASK> [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f [ 816.263945] vfs_read+0x201/0x350 [ 816.264211] ksys_read+0x75/0x100 [ 816.264472] do_syscall_64+0x3f/0x90 [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 816.265135] RIP: 0033:0x7fd5e669d381 | |||||
| CVE-2022-43286 | 1 F5 | 1 Njs | 2025-05-07 | N/A | 9.8 CRITICAL |
| Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c. | |||||