Total
4506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33796 | 1 Artifex | 1 Mujs | 2023-07-13 | N/A | 7.5 HIGH |
| In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service. | |||||
| CVE-2022-23459 | 1 Json\+\+ Project | 1 Json\+\+ | 2023-07-13 | N/A | 9.8 CRITICAL |
| Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. Users are advised to find a replacement. | |||||
| CVE-2022-48511 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-13 | N/A | 9.8 CRITICAL |
| Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally. | |||||
| CVE-2022-48512 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-13 | N/A | 9.8 CRITICAL |
| Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally. | |||||
| CVE-2021-46894 | 1 Huawei | 2 Emui, Harmonyos | 2023-07-12 | N/A | 9.8 CRITICAL |
| Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation. | |||||
| CVE-2023-37202 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-07-12 | N/A | 8.8 HIGH |
| Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | |||||
| CVE-2023-37201 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-07-12 | N/A | 8.8 HIGH |
| An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13. | |||||
| CVE-2023-3439 | 1 Linux | 1 Linux Kernel | 2023-07-06 | N/A | 4.7 MEDIUM |
| A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device's relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service. | |||||
| CVE-2023-1652 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2023-07-06 | N/A | 7.1 HIGH |
| A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem. | |||||
| CVE-2023-25001 | 1 Autodesk | 1 Navisworks | 2023-07-06 | N/A | 7.8 HIGH |
| A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | |||||
| CVE-2023-25002 | 1 Autodesk | 4 3ds Max, Navisworks, Revit and 1 more | 2023-07-06 | N/A | 7.8 HIGH |
| A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | |||||
| CVE-2023-1118 | 1 Linux | 1 Linux Kernel | 2023-07-06 | N/A | 7.8 HIGH |
| A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | |||||
| CVE-2023-21147 | 1 Google | 1 Android | 2023-06-30 | N/A | 7.8 HIGH |
| In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-269661912References: N/A | |||||
| CVE-2023-21146 | 1 Google | 1 Android | 2023-06-30 | N/A | 6.7 MEDIUM |
| there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239867994References: N/A | |||||
| CVE-2022-22630 | 1 Apple | 2 Mac Os X, Macos | 2023-06-30 | N/A | 9.8 CRITICAL |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution | |||||
| CVE-2022-2896 | 1 Measuresoft | 1 Scadapro Server | 2023-06-28 | N/A | 7.8 HIGH |
| Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file. | |||||
| CVE-2022-2961 | 3 Fedoraproject, Linux, Netapp | 12 Fedora, Linux Kernel, H300s and 9 more | 2023-06-28 | N/A | 7.0 HIGH |
| A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
| CVE-2022-22034 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2023-06-27 | 7.2 HIGH | 7.8 HIGH |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||
| CVE-2022-22208 | 1 Juniper | 2 Junos, Junos Os Evolved | 2023-06-27 | N/A | 5.9 MEDIUM |
| A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker's control and cannot be deterministically exploited. Continued flapping of BGP sessions can create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: All versions prior to 18.4R2-S9, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 version 19.2R1 and later versions; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R2-S1, 21.2R3. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. | |||||
| CVE-2022-1516 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-06-27 | 4.9 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. | |||||