Total
4506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4623 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-01-11 | N/A | 7.8 HIGH |
| A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. | |||||
| CVE-2023-4622 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-01-11 | N/A | 7.0 HIGH |
| A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. | |||||
| CVE-2023-4244 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-01-11 | N/A | 7.0 HIGH |
| A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8. | |||||
| CVE-2023-40283 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-01-11 | N/A | 7.8 HIGH |
| An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. | |||||
| CVE-2023-3609 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-01-11 | N/A | 7.8 HIGH |
| A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. | |||||
| CVE-2023-1989 | 3 Debian, Linux, Netapp | 7 Debian Linux, Linux Kernel, H300s and 4 more | 2024-01-11 | N/A | 7.0 HIGH |
| A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. | |||||
| CVE-2023-0590 | 1 Linux | 1 Linux Kernel | 2024-01-11 | N/A | 4.7 MEDIUM |
| A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. | |||||
| CVE-2024-22088 | 1 Chendotjs | 1 Lotos Webserver | 2024-01-10 | N/A | 9.8 CRITICAL |
| Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled. | |||||
| CVE-2023-52266 | 1 Hongliuliao | 1 Ehttp | 2024-01-09 | N/A | 7.5 HIGH |
| ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this. | |||||
| CVE-2023-49554 | 1 Yasm Project | 1 Yasm | 2024-01-09 | N/A | 5.5 MEDIUM |
| Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component. | |||||
| CVE-2023-5175 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 9.8 CRITICAL |
| During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118. | |||||
| CVE-2023-5172 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 9.8 CRITICAL |
| A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118. | |||||
| CVE-2023-37209 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 8.8 HIGH |
| A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115. | |||||
| CVE-2023-47857 | 1 Openharmony | 1 Openharmony | 2024-01-05 | N/A | 5.5 MEDIUM |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer. | |||||
| CVE-2023-48360 | 1 Openharmony | 1 Openharmony | 2024-01-05 | N/A | 5.5 MEDIUM |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. | |||||
| CVE-2023-49135 | 1 Openharmony | 1 Openharmony | 2024-01-05 | N/A | 5.5 MEDIUM |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. | |||||
| CVE-2023-49142 | 1 Openharmony | 1 Openharmony | 2024-01-05 | N/A | 3.3 LOW |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer. | |||||
| CVE-2023-48706 | 1 Vim | 1 Vim | 2024-01-05 | N/A | 4.7 MEDIUM |
| Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. | |||||
| CVE-2023-28198 | 3 Apple, Webkitgtk, Wpewebkit | 5 Ipados, Iphone Os, Macos and 2 more | 2024-01-05 | N/A | 8.8 HIGH |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2021-22940 | 5 Debian, Netapp, Nodejs and 2 more | 7 Debian Linux, Nextgen Api, Node.js and 4 more | 2024-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | |||||