Total
4506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0994 | 6 Adobe, Apple, Google and 3 more | 15 Air, Air Desktop Runtime, Air Sdk and 12 more | 2022-12-14 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | |||||
| CVE-2016-0995 | 6 Adobe, Apple, Google and 3 more | 15 Air, Air Desktop Runtime, Air Sdk and 12 more | 2022-12-14 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. | |||||
| CVE-2016-4121 | 5 Adobe, Apple, Google and 2 more | 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more | 2022-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, and CVE-2016-4110. | |||||
| CVE-2021-29985 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. | |||||
| CVE-2021-29970 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2022-12-09 | 5.1 MEDIUM | 8.8 HIGH |
| A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. | |||||
| CVE-2022-1419 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-12-09 | 4.6 MEDIUM | 7.8 HIGH |
| The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. | |||||
| CVE-2016-7913 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2022-12-09 | 9.3 HIGH | 7.8 HIGH |
| The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure. | |||||
| CVE-2017-8846 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2022-12-09 | 4.3 MEDIUM | 5.5 MEDIUM |
| The read_stream function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted archive. | |||||
| CVE-2021-43539 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2022-3309 | 1 Google | 2 Chrome, Chrome Os | 2022-12-09 | N/A | 6.5 MEDIUM |
| Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: Medium) | |||||
| CVE-2022-3311 | 1 Google | 1 Chrome | 2022-12-09 | N/A | 6.5 MEDIUM |
| Use after free in import in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-3306 | 1 Google | 2 Chrome, Chrome Os | 2022-12-09 | N/A | 8.8 HIGH |
| Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3305 | 1 Google | 2 Chrome, Chrome Os | 2022-12-09 | N/A | 8.8 HIGH |
| Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-3654 | 1 Google | 1 Chrome | 2022-12-09 | N/A | 8.8 HIGH |
| Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2021-38504 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2022-3657 | 1 Google | 1 Chrome | 2022-12-09 | N/A | 8.8 HIGH |
| Use after free in Extensions in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
| CVE-2022-3658 | 1 Google | 2 Chrome, Chrome Os | 2022-12-09 | N/A | 8.8 HIGH |
| Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) | |||||
| CVE-2022-3659 | 1 Google | 2 Chrome, Chrome Os | 2022-12-09 | N/A | 8.8 HIGH |
| Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: Medium) | |||||
| CVE-2022-43508 | 1 Omron | 1 Cx-programmer | 2022-12-09 | N/A | 7.8 HIGH |
| Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | |||||
| CVE-2022-3314 | 1 Google | 1 Chrome | 2022-12-08 | N/A | 6.5 MEDIUM |
| Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||||