Total
4506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41995 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2023-12-22 | N/A | 7.8 HIGH |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2019-8343 | 1 Nasm | 1 Netwide Assembler | 2023-12-22 | 6.8 MEDIUM | 7.8 HIGH |
| In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. | |||||
| CVE-2023-1194 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2023-12-21 | N/A | 8.1 HIGH |
| An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory. | |||||
| CVE-2022-32293 | 2 Debian, Intel | 2 Debian Linux, Connman | 2023-12-21 | N/A | 8.1 HIGH |
| In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. | |||||
| CVE-2022-1184 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2023-12-20 | N/A | 5.5 MEDIUM |
| A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | |||||
| CVE-2022-22942 | 1 Vmware | 1 Photon Os | 2023-12-18 | N/A | 7.8 HIGH |
| The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. | |||||
| CVE-2023-46246 | 1 Vim | 1 Vim | 2023-12-17 | N/A | 5.5 MEDIUM |
| Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068. | |||||
| CVE-2023-48633 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2023-12-16 | N/A | 7.8 HIGH |
| Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-46751 | 1 Artifex | 1 Ghostscript | 2023-12-16 | N/A | 7.5 HIGH |
| An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. | |||||
| CVE-2014-2851 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-15 | 6.9 MEDIUM | N/A |
| Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. | |||||
| CVE-2023-47075 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2023-12-14 | N/A | 7.8 HIGH |
| Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-46891 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2023-12-14 | N/A | 8.8 HIGH |
| An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r13p0 through r32p0, Bifrost r1p0 through r40p0, and Valhall r19p0 through r40p0. | |||||
| CVE-2022-42716 | 1 Arm | 1 Valhall Gpu Kernel Driver | 2023-12-14 | N/A | 8.8 HIGH |
| An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0. | |||||
| CVE-2015-8963 | 1 Linux | 1 Linux Kernel | 2023-12-14 | 7.6 HIGH | 7.0 HIGH |
| Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation. | |||||
| CVE-2021-20204 | 3 Debian, Fedoraproject, Getdata Project | 3 Debian Linux, Fedora, Getdata | 2023-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker. | |||||
| CVE-2020-25725 | 2 Fedoraproject, Xpdfreader | 2 Fedora, Xpdf | 2023-12-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font. | |||||
| CVE-2022-28348 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2023-12-13 | 10.0 HIGH | 9.8 CRITICAL |
| Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation. | |||||
| CVE-2022-46395 | 1 Arm | 4 Avalon Gpu Kernel Driver, Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver and 1 more | 2023-12-13 | N/A | 8.8 HIGH |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. | |||||
| CVE-2023-4015 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-12 | N/A | 7.8 HIGH |
| A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule, deactivating immediate expressions in nft_immediate_deactivate() can lead unbinding the chain and objects be deactivated but later used. We recommend upgrading past commit 0a771f7b266b02d262900c75f1e175c7fe76fec2. | |||||
| CVE-2023-33595 | 1 Python | 1 Python | 2023-12-08 | N/A | 5.5 MEDIUM |
| CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-free via the function ascii_decode at /Objects/unicodeobject.c. | |||||