Total
4506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1308 | 1 Google | 1 Chrome | 2022-08-30 | N/A | 8.8 HIGH |
| Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1479 | 1 Google | 1 Chrome | 2022-08-30 | N/A | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1478 | 1 Google | 1 Chrome | 2022-08-30 | N/A | 8.8 HIGH |
| Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1313 | 1 Google | 1 Chrome | 2022-08-30 | N/A | 8.8 HIGH |
| Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1312 | 1 Google | 1 Chrome | 2022-08-30 | N/A | 9.6 CRITICAL |
| Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2022-1311 | 1 Google | 2 Chrome, Chrome Os | 2022-08-30 | N/A | 8.8 HIGH |
| Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1477 | 1 Google | 1 Chrome | 2022-08-30 | N/A | 8.8 HIGH |
| Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2018-16841 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2022-08-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process. | |||||
| CVE-2022-20122 | 1 Google | 1 Android | 2022-08-29 | N/A | 9.8 CRITICAL |
| The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232441339 | |||||
| CVE-2021-39815 | 1 Google | 1 Android | 2022-08-29 | N/A | 9.8 CRITICAL |
| The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232440670 | |||||
| CVE-2022-28678 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-08-25 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16805. | |||||
| CVE-2022-28679 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-08-25 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16861. | |||||
| CVE-2022-28680 | 2 Foxit, Microsoft | 2 Pdf Editor, Windows | 2022-08-25 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16821. | |||||
| CVE-2022-35164 | 1 Gnu | 1 Libredwg | 2022-08-19 | N/A | 9.8 CRITICAL |
| LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. | |||||
| CVE-2022-20325 | 1 Google | 1 Android | 2022-08-18 | N/A | 7.8 HIGH |
| In Media, there is a possible code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-186473060 | |||||
| CVE-2022-36149 | 1 Monostream | 1 Tifig | 2022-08-17 | N/A | 5.5 MEDIUM |
| tifig v0.2.2 was discovered to contain a heap-use-after-free via temInfoEntry(). | |||||
| CVE-2022-35665 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-08-16 | N/A | 7.8 HIGH |
| Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-35670 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-08-16 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2017-14746 | 4 Canonical, Debian, Redhat and 1 more | 6 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 3 more | 2022-08-16 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. | |||||
| CVE-2022-20306 | 1 Google | 1 Android | 2022-08-15 | N/A | 6.7 MEDIUM |
| In Camera Provider HAL, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-199680794 | |||||