Total
4955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1212 | 1 Mruby | 1 Mruby | 2022-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited. | |||||
| CVE-2022-0603 | 1 Google | 2 Chrome, Chrome Os | 2022-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0459 | 1 Google | 1 Chrome | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Screen Capture in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process and convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0607 | 1 Google | 1 Chrome | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0605 | 1 Google | 1 Chrome | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0452 | 1 Google | 1 Chrome | 2022-04-11 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-35115 | 1 Qualcomm | 56 Apq8096au, Apq8096au Firmware, Ar6003 and 53 more | 2022-04-09 | 4.6 MEDIUM | 7.8 HIGH |
| Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile | |||||
| CVE-2022-0464 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | |||||
| CVE-2022-0465 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Extensions in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via user interaction. | |||||
| CVE-2022-0468 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Payments in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0460 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Window Dialogue in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0458 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0606 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0469 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0463 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | |||||
| CVE-2022-0453 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-0456 | 1 Google | 1 Chrome | 2022-04-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Web Search in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via profile destruction. | |||||
| CVE-2022-24791 | 1 Bytecodealliance | 1 Wasmtime | 2022-04-08 | 6.8 MEDIUM | 9.8 CRITICAL |
| Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is disabled by default) then you are not affected. If you are explicitly disabling the Wasm reference types proposal (it is enabled by default) then you are also not affected. The use after free is caused by Cranelift failing to emit stack maps when there are safepoints inside cold blocks. Cold blocks occur when epoch interruption is enabled. Cold blocks are emitted at the end of compiled functions, and change the order blocks are emitted versus defined. This reordering accidentally caused Cranelift to skip emitting some stack maps because it expected to emit the stack maps in block definition order, rather than block emission order. When Wasmtime would eventually collect garbage, it would fail to find live references on the stack because of the missing stack maps, think that they were unreferenced garbage, and therefore reclaim them. Then after the collection ended, the Wasm code could use the reclaimed-too-early references, which is a use after free. Patches have been released in versions 0.34.2 and 0.35.2, which fix the vulnerability. All Wasmtime users are recommended to upgrade to these patched versions. If upgrading is not an option for you at this time, you can avoid the vulnerability by either: disabling the Wasm reference types proposal, config.wasm_reference_types(false); or by disabling epoch interruption if you were previously enabling it. config.epoch_interruption(false). | |||||
| CVE-2022-26417 | 1 Omron | 1 Cx-position | 2022-04-08 | 6.8 MEDIUM | 7.8 HIGH |
| Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2020-26950 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-04-08 | 9.3 HIGH | 8.8 HIGH |
| In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. | |||||