Vulnerabilities (CVE)

Filtered by CWE-416
Total 5651 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26717 1 Apple 7 Ipados, Iphone Os, Itunes and 4 more 2025-05-06 N/A 8.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2024-27975 1 Ivanti 1 Avalanche 2025-05-06 N/A 8.8 HIGH
An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-23658 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-05-06 N/A 4.4 MEDIUM
In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed
CVE-2022-32903 1 Apple 3 Iphone Os, Tvos, Watchos 2025-05-06 N/A 7.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges.
CVE-2025-1704 2025-05-06 N/A 6.5 MEDIUM
ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition.
CVE-2025-1884 2025-05-05 N/A 7.8 HIGH
Use-After-Free vulnerability exists in the SLDPRT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.
CVE-2022-33981 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-05-05 2.1 LOW 3.3 LOW
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
CVE-2022-23597 1 Element 1 Desktop 2025-05-05 5.1 MEDIUM 8.3 HIGH
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the best of our knowledge, the vulnerability has never been exploited in the wild. If you are using Element Desktop < 1.9.7, we recommend upgrading at your earliest convenience. If successfully exploited, the vulnerability allows an attacker to specify a file path of a binary on the victim's computer which then gets executed. Notably, the attacker does *not* have the ability to specify program arguments. However, in certain unspecified configurations, the attacker may be able to specify an URI instead of a file path which then gets handled using standard platform mechanisms. These may allow exploiting further vulnerabilities in those mechanisms, potentially leading to arbitrary code execution.
CVE-2022-23308 6 Apple, Debian, Fedoraproject and 3 more 44 Ipados, Iphone Os, Mac Os X and 41 more 2025-05-05 4.3 MEDIUM 7.5 HIGH
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
CVE-2021-36980 1 Openvswitch 1 Openvswitch 2025-05-05 4.3 MEDIUM 5.5 MEDIUM
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
CVE-2021-30560 4 Debian, Google, Splunk and 1 more 4 Debian Linux, Chrome, Universal Forwarder and 1 more 2025-05-05 6.8 MEDIUM 8.8 HIGH
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-9715 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2025-05-05 9.3 HIGH 7.8 HIGH
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2020-9567 2 Adobe, Microsoft 2 Bridge, Windows 2025-05-05 9.3 HIGH 7.8 HIGH
Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2020-9566 2 Adobe, Microsoft 2 Bridge, Windows 2025-05-05 9.3 HIGH 7.8 HIGH
Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2023-4763 2 Debian, Google 2 Debian Linux, Chrome 2025-05-05 N/A 8.8 HIGH
Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-41071 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-05-05 N/A 7.8 HIGH
A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-3421 2 Debian, Google 2 Debian Linux, Chrome 2025-05-05 N/A 8.8 HIGH
Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-3217 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-05-05 N/A 8.8 HIGH
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-3215 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-05-05 N/A 8.8 HIGH
Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-3214 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-05-05 N/A 8.8 HIGH
Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)