Search
Total
3203 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6346 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-05 | N/A | 8.8 HIGH |
| Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-44328 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2023-12-04 | N/A | 5.5 MEDIUM |
| Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-35828 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2023-12-04 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c. | |||||
| CVE-2023-35826 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2023-12-04 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c. | |||||
| CVE-2022-45886 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2023-12-04 | N/A | 7.0 HIGH |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. | |||||
| CVE-2023-6111 | 1 Linux | 1 Linux Kernel | 2023-12-04 | N/A | 7.8 HIGH |
| A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a catchall set element many times. We recommend upgrading past commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630. | |||||
| CVE-2023-32616 | 1 Foxitsoftware | 1 Foxit Reader | 2023-12-01 | N/A | 8.8 HIGH |
| A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2023-38573 | 1 Foxitsoftware | 1 Foxit Reader | 2023-12-01 | N/A | 8.8 HIGH |
| A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | |||||
| CVE-2023-5341 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2023-12-01 | N/A | 5.5 MEDIUM |
| A heap use-after-free flaw was found in coders/bmp.c in ImageMagick. | |||||
| CVE-2023-5380 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Enterprise Linux and 2 more | 2023-11-30 | N/A | 4.7 MEDIUM |
| A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. | |||||
| CVE-2023-6207 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-11-30 | N/A | 8.8 HIGH |
| Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | |||||
| CVE-2023-6205 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2023-11-30 | N/A | 6.5 MEDIUM |
| It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. | |||||
| CVE-2023-42365 | 1 Busybox | 1 Busybox | 2023-11-30 | N/A | 5.5 MEDIUM |
| A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. | |||||
| CVE-2023-42364 | 1 Busybox | 1 Busybox | 2023-11-30 | N/A | 5.5 MEDIUM |
| A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. | |||||
| CVE-2023-42363 | 1 Busybox | 1 Busybox | 2023-11-30 | N/A | 5.5 MEDIUM |
| A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. | |||||
| CVE-2023-3567 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2023-11-29 | N/A | 7.1 HIGH |
| A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. | |||||
| CVE-2023-3777 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2023-11-29 | N/A | 7.8 HIGH |
| A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. When nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances. We recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8. | |||||
| CVE-2023-46850 | 3 Debian, Fedoraproject, Openvpn | 4 Debian Linux, Fedora, Openvpn and 1 more | 2023-11-29 | N/A | 9.8 CRITICAL |
| Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer. | |||||
| CVE-2023-42459 | 1 Eprosima | 1 Fast Dds | 2023-11-28 | N/A | 7.5 HIGH |
| Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2021-36980 | 1 Openvswitch | 1 Openvswitch | 2023-11-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. | |||||
| CVE-2023-30549 | 3 Lfprojects, Redhat, Sylabs | 3 Apptainer, Enterprise Linux, Singularity | 2023-11-25 | N/A | 7.8 HIGH |
| Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation. Apptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs. Some workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf. This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts. (Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files. The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed. | |||||
| CVE-2023-3215 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-3214 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2022-4177 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) | |||||
| CVE-2023-2932 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | |||||
| CVE-2023-0128 | 1 Google | 2 Chrome, Chrome Os | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-2930 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-3217 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-2725 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4180 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | |||||
| CVE-2022-4181 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-2931 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | |||||
| CVE-2023-2721 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2022-4440 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4179 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | |||||
| CVE-2022-4178 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4439 | 2 Google, Microsoft | 2 Chrome, Windows | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) | |||||
| CVE-2022-4191 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) | |||||
| CVE-2023-2933 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | |||||
| CVE-2023-2723 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4436 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4194 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0135 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0134 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4438 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4192 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) | |||||
| CVE-2023-2722 | 3 Debian, Fedoraproject, Google | 4 Debian Linux, Fedora, Android and 1 more | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4437 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4175 | 1 Google | 1 Chrome | 2023-11-25 | N/A | 8.8 HIGH |
| Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-48024 | 1 Howerj | 1 Liblisp | 2023-11-25 | N/A | 6.5 MEDIUM |
| Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c | |||||