Total
4506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22092 | 1 Qualcomm | 105 Ar8035, Ar8035 Firmware, Qca6390 and 102 more | 2023-04-19 | N/A | 7.8 HIGH |
| Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2022-25723 | 1 Qualcomm | 16 Sd 8 Gen1 5g Firmware, Sm8475, Wcd9380 and 13 more | 2023-04-19 | N/A | 7.8 HIGH |
| Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile | |||||
| CVE-2022-22077 | 1 Qualcomm | 16 Sd 8 Gen1 5g Firmware, Sm8475, Wcd9380 and 13 more | 2023-04-19 | N/A | 7.8 HIGH |
| Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile | |||||
| CVE-2021-35133 | 1 Qualcomm | 71 Ar8035, Ar8035 Firmware, Qca6174a and 68 more | 2023-04-19 | N/A | 6.7 MEDIUM |
| Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2022-43664 | 1 Justsystems | 1 Ichitaro 2022 | 2023-04-18 | N/A | 7.8 HIGH |
| A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. A specially crafted document can trigger reuse of freed memory, which can lead to further memory corruption and potentially result in arbitrary code execution. An attacker can provide a malicious document to trigger this vulnerability. | |||||
| CVE-2022-38457 | 1 Linux | 1 Linux Kernel | 2023-04-17 | N/A | 5.5 MEDIUM |
| A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res_check' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). | |||||
| CVE-2022-40133 | 1 Linux | 1 Linux Kernel | 2023-04-17 | N/A | 5.5 MEDIUM |
| A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf_tie_context' in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). | |||||
| CVE-2023-26495 | 1 Opendesign | 1 Drawings Sdk | 2023-04-14 | N/A | 7.8 HIGH |
| An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code. | |||||
| CVE-2023-20664 | 2 Google, Mediatek | 53 Android, Mt6580, Mt6735 and 50 more | 2023-04-13 | N/A | 6.7 MEDIUM |
| In gz, there is a possible double free due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505952; Issue ID: ALPS07505952. | |||||
| CVE-2023-0030 | 1 Linux | 1 Linux Kernel | 2023-04-13 | N/A | 7.8 HIGH |
| A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
| CVE-2022-37378 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2023-04-12 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the optimization of JavaScript functions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16867. | |||||
| CVE-2022-3977 | 1 Linux | 1 Linux Kernel | 2023-04-11 | N/A | 7.8 HIGH |
| A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system. | |||||
| CVE-2022-3176 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-04-11 | N/A | 7.8 HIGH |
| There exists a use-after-free in io_uring in the Linux kernel. Signalfd_poll() and binder_poll() use a waitqueue whose lifetime is the current task. It will send a POLLFREE notification to all waiters before the queue is freed. Unfortunately, the io_uring poll doesn't handle POLLFREE. This allows a use-after-free to occur if a signalfd or binder fd is polled with io_uring poll, and the waitqueue gets freed. We recommend upgrading past commit fc78b2fc21f10c4c9c4d5d659a685710ffa63659 | |||||
| CVE-2022-1158 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2023-04-11 | N/A | 7.8 HIGH |
| A flaw was found in KVM. When updating a guest's page table entry, vm_pgoff was improperly used as the offset to get the page's pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. | |||||
| CVE-2023-26991 | 1 Swftools | 1 Swftools | 2023-04-11 | N/A | 7.8 HIGH |
| SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in lib/rfxswf.c. | |||||
| CVE-2018-17236 | 1 Mp4v2 Project | 1 Mp4v2 | 2023-04-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal. | |||||
| CVE-2022-41285 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-04-11 | N/A | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2022-43638 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2023-04-10 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18627. | |||||
| CVE-2022-42430 | 1 Tesla | 2 Model 3, Model 3 Firmware | 2023-04-08 | N/A | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543. | |||||
| CVE-2022-43649 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2023-04-06 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.2.12465. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19478. | |||||