Total
4955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3314 | 1 Google | 1 Chrome | 2025-05-06 | N/A | 6.5 MEDIUM |
| Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-3309 | 1 Google | 2 Chrome, Chrome Os | 2025-05-06 | N/A | 6.5 MEDIUM |
| Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: Medium) | |||||
| CVE-2022-26717 | 1 Apple | 7 Ipados, Iphone Os, Itunes and 4 more | 2025-05-06 | N/A | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-32903 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2025-05-06 | N/A | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-33981 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-05-05 | 2.1 LOW | 3.3 LOW |
| drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. | |||||
| CVE-2022-23308 | 6 Apple, Debian, Fedoraproject and 3 more | 44 Ipados, Iphone Os, Mac Os X and 41 more | 2025-05-05 | 4.3 MEDIUM | 7.5 HIGH |
| valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | |||||
| CVE-2021-36980 | 1 Openvswitch | 1 Openvswitch | 2025-05-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. | |||||
| CVE-2021-30560 | 4 Debian, Google, Splunk and 1 more | 4 Debian Linux, Chrome, Universal Forwarder and 1 more | 2025-05-05 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-23597 | 1 Element | 1 Desktop | 2025-05-05 | 5.1 MEDIUM | 8.8 HIGH |
| Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the best of our knowledge, the vulnerability has never been exploited in the wild. If you are using Element Desktop < 1.9.7, we recommend upgrading at your earliest convenience. If successfully exploited, the vulnerability allows an attacker to specify a file path of a binary on the victim's computer which then gets executed. Notably, the attacker does *not* have the ability to specify program arguments. However, in certain unspecified configurations, the attacker may be able to specify an URI instead of a file path which then gets handled using standard platform mechanisms. These may allow exploiting further vulnerabilities in those mechanisms, potentially leading to arbitrary code execution. | |||||
| CVE-2020-9567 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2025-05-05 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9566 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2025-05-05 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9715 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2025-05-05 | 9.3 HIGH | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2023-26544 | 1 Linux | 1 Linux Kernel | 2025-05-05 | N/A | 7.8 HIGH |
| In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size. | |||||
| CVE-2023-30772 | 1 Linux | 1 Linux Kernel | 2025-05-05 | N/A | 6.4 MEDIUM |
| The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. | |||||
| CVE-2023-2725 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-05 | N/A | 8.8 HIGH |
| Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-2933 | 1 Google | 1 Chrome | 2025-05-05 | N/A | 8.8 HIGH |
| Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | |||||
| CVE-2023-0699 | 1 Google | 1 Chrome | 2025-05-05 | N/A | 8.8 HIGH |
| Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium) | |||||
| CVE-2023-35823 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-05-05 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. | |||||
| CVE-2023-2721 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-05 | N/A | 8.8 HIGH |
| Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2023-3215 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-05 | N/A | 8.8 HIGH |
| Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||