Search
Total
507 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39355 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2024-01-12 | N/A | 9.8 CRITICAL |
| FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `context->planesBuffer`, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addressed in version 3.0.0-beta3 and users of the beta 3.x releases are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-40187 | 1 Freerdp | 1 Freerdp | 2024-01-12 | N/A | 9.8 CRITICAL |
| FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the `avc420_ensure_buffer` and `avc444_ensure_buffer` functions. If the value of `piDstSize[x]` is 0, `ppYUVDstData[x]` will be freed. However, in this case `ppYUVDstData[x]` will not have been updated which leads to a Use-After-Free vulnerability. This issue has been addressed in version 3.0.0-beta3. Users of the 3.x beta releases are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-22088 | 1 Chendotjs | 1 Lotos Webserver | 2024-01-10 | N/A | 9.8 CRITICAL |
| Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled. | |||||
| CVE-2023-5175 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 9.8 CRITICAL |
| During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118. | |||||
| CVE-2023-5172 | 1 Mozilla | 1 Firefox | 2024-01-07 | N/A | 9.8 CRITICAL |
| A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118. | |||||
| CVE-2023-7152 | 1 Micropython | 1 Micropython | 2024-01-05 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability. | |||||
| CVE-2021-22930 | 4 Debian, Netapp, Nodejs and 1 more | 4 Debian Linux, Nextgen Api, Node.js and 1 more | 2024-01-05 | 7.5 HIGH | 9.8 CRITICAL |
| Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. | |||||
| CVE-2023-38703 | 1 Teluu | 1 Pjsip | 2023-12-29 | N/A | 9.8 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch. | |||||
| CVE-2022-28348 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2023-12-13 | 10.0 HIGH | 9.8 CRITICAL |
| Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation. | |||||
| CVE-2023-46850 | 3 Debian, Fedoraproject, Openvpn | 4 Debian Linux, Fedora, Openvpn and 1 more | 2023-11-29 | N/A | 9.8 CRITICAL |
| Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. | |||||
| CVE-2019-16140 | 1 Isahc Project | 1 Isahc | 2023-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion. | |||||
| CVE-2021-33390 | 1 Dpic Project | 1 Dpic | 2023-08-24 | N/A | 9.8 CRITICAL |
| dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421. | |||||
| CVE-2023-30186 | 1 Onlyoffice | 1 Document Server | 2023-08-21 | N/A | 9.8 CRITICAL |
| A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file. | |||||
| CVE-2022-4924 | 1 Google | 1 Chrome | 2023-08-12 | N/A | 9.6 CRITICAL |
| Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-45406 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-08-08 | N/A | 9.8 CRITICAL |
| If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||
| CVE-2022-31747 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-08-08 | N/A | 9.8 CRITICAL |
| Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100 and Firefox ESR 91.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10. | |||||
| CVE-2021-31166 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2023-08-02 | 7.5 HIGH | 9.8 CRITICAL |
| HTTP Protocol Stack Remote Code Execution Vulnerability | |||||
| CVE-2023-38669 | 1 Paddlepaddle | 1 Paddlepaddle | 2023-07-31 | N/A | 9.8 CRITICAL |
| Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition. | |||||
| CVE-2023-32387 | 1 Apple | 1 Macos | 2023-07-27 | N/A | 9.8 CRITICAL |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. | |||||
| CVE-2023-32412 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2023-07-27 | N/A | 9.8 CRITICAL |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. | |||||
| CVE-2021-21941 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-07-29 | 6.8 MEDIUM | 9.0 CRITICAL |
| A use-after-free vulnerability exists in the pushMuxer CreatePushThread functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted set of network packets can lead to remote code execution. | |||||
| CVE-2022-1312 | 1 Google | 1 Chrome | 2022-07-27 | N/A | 9.6 CRITICAL |
| Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2022-0977 | 1 Google | 2 Chrome, Chrome Os | 2022-07-26 | N/A | 9.6 CRITICAL |
| Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1154 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2022-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. | |||||
| CVE-2019-10082 | 2 Apache, Oracle | 6 Http Server, Communications Element Manager, Enterprise Manager Ops Center and 3 more | 2022-07-25 | 6.4 MEDIUM | 9.1 CRITICAL |
| In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. | |||||
| CVE-2016-5771 | 3 Debian, Opensuse, Php | 4 Debian Linux, Leap, Opensuse and 1 more | 2022-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) via crafted serialized data. | |||||
| CVE-2019-13224 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. | |||||
| CVE-2021-37045 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| There is an UAF vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed. | |||||
| CVE-2022-21806 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network. | |||||
| CVE-2019-5066 | 1 Aspose | 1 Aspose.pdf For C\+\+ | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable use-after-free vulnerability exists in the way LZW-compressed streams are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free condition. To trigger this vulnerability, a specifically crafted PDF document needs to be processed by the target application. | |||||
| CVE-2022-2042 | 1 Vim | 1 Vim | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Use After Free in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2019-5096 | 1 Embedthis | 1 Goahead | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server. | |||||
| CVE-2020-3992 | 1 Vmware | 2 Cloud Foundation, Esxi | 2022-06-15 | 10.0 HIGH | 9.8 CRITICAL |
| OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. | |||||
| CVE-2017-2922 | 1 Cesanta | 1 Mongoose | 2022-06-13 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability. | |||||
| CVE-2017-2891 | 1 Cesanta | 1 Mongoose | 2022-06-07 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability. | |||||
| CVE-2022-28349 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midguard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2022-05-28 | 10.0 HIGH | 9.8 CRITICAL |
| Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0. | |||||
| CVE-2022-28350 | 1 Arm | 1 Valhall Gpu Kernel Driver | 2022-05-28 | 10.0 HIGH | 9.8 CRITICAL |
| Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation. | |||||
| CVE-2022-1795 | 1 Gpac | 1 Gpac | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV. | |||||
| CVE-2022-22260 | 1 Huawei | 2 Emui, Harmonyos | 2022-05-23 | 6.4 MEDIUM | 9.1 CRITICAL |
| The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability. | |||||
| CVE-2022-29794 | 1 Huawei | 2 Emui, Harmonyos | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality. | |||||
| CVE-2022-27007 | 1 F5 | 1 Njs | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). | |||||
| CVE-2020-15683 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2022-04-28 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. | |||||
| CVE-2019-15874 | 2 Freebsd, Netapp | 2 Freebsd, Clustered Data Ontap | 2022-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results. | |||||
| CVE-2021-21146 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-04-26 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2022-23608 | 4 Asterisk, Debian, Sangoma and 1 more | 4 Certified Asterisk, Debian Linux, Asterisk and 1 more | 2022-04-25 | 7.5 HIGH | 9.8 CRITICAL |
| PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue. | |||||
| CVE-2021-38002 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-02-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2022-25139 | 1 Nginx | 1 Njs | 2022-02-23 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. | |||||
| CVE-2021-38504 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2022-0290 | 1 Google | 1 Chrome | 2022-02-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2022-0559 | 1 Radare | 1 Radare2 | 2022-02-19 | 7.5 HIGH | 9.8 CRITICAL |
| Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. | |||||