Total
4955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20552 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.5 MEDIUM |
| In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-243922806 | |||||
| CVE-2022-20554 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
| In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245770596 | |||||
| CVE-2022-20540 | 1 Google | 1 Android | 2025-04-18 | N/A | 7.8 HIGH |
| In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237291506 | |||||
| CVE-2022-20571 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
| In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234030265References: Upstream kernel | |||||
| CVE-2022-20581 | 1 Google | 1 Android | 2025-04-18 | N/A | 6.7 MEDIUM |
| In the Pixel camera driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245916120References: N/A | |||||
| CVE-2025-27181 | 1 Adobe | 1 Substance 3d Modeler | 2025-04-18 | N/A | 7.8 HIGH |
| Substance3D - Modeler versions 1.15.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2025-27200 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2025-04-18 | N/A | 7.8 HIGH |
| Animate versions 24.0.7, 23.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-42520 | 1 Google | 1 Android | 2025-04-17 | N/A | 6.7 MEDIUM |
| In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242994270References: N/A | |||||
| CVE-2024-41049 | 1 Linux | 1 Linux Kernel | 2025-04-17 | N/A | 7.0 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen. | |||||
| CVE-2024-42108 | 1 Linux | 1 Linux Kernel | 2025-04-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: net: rswitch: Avoid use-after-free in rswitch_poll() The use-after-free is actually in rswitch_tx_free(), which is inlined in rswitch_poll(). Since `skb` and `gq->skbs[gq->dirty]` are in fact the same pointer, the skb is first freed using dev_kfree_skb_any(), then the value in skb->len is used to update the interface statistics. Let's move around the instructions to use skb->len before the skb is freed. This bug is trivial to reproduce using KFENCE. It will trigger a splat every few packets. A simple ARP request or ICMP echo request is enough. | |||||
| CVE-2023-32378 | 1 Apple | 1 Macos | 2025-04-17 | N/A | 7.8 HIGH |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-46311 | 1 Huawei | 1 Harmonyos | 2025-04-17 | N/A | 7.5 HIGH |
| The contacts component has a free (undefined) provider vulnerability. Successful exploitation of this vulnerability may affect data integrity. | |||||
| CVE-2018-16840 | 2 Canonical, Haxx | 2 Ubuntu Linux, Curl | 2025-04-17 | 7.5 HIGH | 9.8 CRITICAL |
| A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. | |||||
| CVE-2024-43888 | 1 Linux | 1 Linux Kernel | 2025-04-16 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: mm: list_lru: fix UAF for memory cgroup The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or cgroup_mutex or others which could prevent returned memcg from being freed. Fix it by adding missing rcu read lock. Found by code inspection. [songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil] | |||||
| CVE-2023-50716 | 1 Eprosima | 1 Fast Dds | 2025-04-16 | N/A | 9.8 CRITICAL |
| eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the `Inline_qos, SerializedPayload` member of object `ch` will attempt to release memory without initialization, resulting in a 'bad-free' error. Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue. | |||||
| CVE-2022-1196 | 1 Mozilla | 2 Firefox Esr, Thunderbird | 2025-04-16 | N/A | 6.5 MEDIUM |
| After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8 and Firefox ESR < 91.8. | |||||
| CVE-2022-1097 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-16 | N/A | 6.5 MEDIUM |
| <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird < 91.8, Firefox < 99, and Firefox ESR < 91.8. | |||||
| CVE-2021-4128 | 2 Apple, Mozilla | 2 Macos, Firefox | 2025-04-16 | N/A | 6.5 MEDIUM |
| When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95. | |||||
| CVE-2022-46282 | 1 Omron | 1 Cx-drive | 2025-04-16 | N/A | 7.8 HIGH |
| Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file, | |||||
| CVE-2022-22740 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-16 | N/A | 8.8 HIGH |
| Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||||