Total
5651 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-26717 | 1 Apple | 7 Ipados, Iphone Os, Itunes and 4 more | 2025-05-06 | N/A | 8.8 HIGH |
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2024-27975 | 1 Ivanti | 1 Avalanche | 2025-05-06 | N/A | 8.8 HIGH |
An Use-after-free vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | |||||
CVE-2024-23658 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-05-06 | N/A | 4.4 MEDIUM |
In camera driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed | |||||
CVE-2022-32903 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2025-05-06 | N/A | 7.8 HIGH |
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2025-1704 | 2025-05-06 | N/A | 6.5 MEDIUM | ||
ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition. | |||||
CVE-2025-1884 | 2025-05-05 | N/A | 7.8 HIGH | ||
Use-After-Free vulnerability exists in the SLDPRT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file. | |||||
CVE-2022-33981 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-05-05 | 2.1 LOW | 3.3 LOW |
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. | |||||
CVE-2022-23597 | 1 Element | 1 Desktop | 2025-05-05 | 5.1 MEDIUM | 8.3 HIGH |
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the best of our knowledge, the vulnerability has never been exploited in the wild. If you are using Element Desktop < 1.9.7, we recommend upgrading at your earliest convenience. If successfully exploited, the vulnerability allows an attacker to specify a file path of a binary on the victim's computer which then gets executed. Notably, the attacker does *not* have the ability to specify program arguments. However, in certain unspecified configurations, the attacker may be able to specify an URI instead of a file path which then gets handled using standard platform mechanisms. These may allow exploiting further vulnerabilities in those mechanisms, potentially leading to arbitrary code execution. | |||||
CVE-2022-23308 | 6 Apple, Debian, Fedoraproject and 3 more | 44 Ipados, Iphone Os, Mac Os X and 41 more | 2025-05-05 | 4.3 MEDIUM | 7.5 HIGH |
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | |||||
CVE-2021-36980 | 1 Openvswitch | 1 Openvswitch | 2025-05-05 | 4.3 MEDIUM | 5.5 MEDIUM |
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action. | |||||
CVE-2021-30560 | 4 Debian, Google, Splunk and 1 more | 4 Debian Linux, Chrome, Universal Forwarder and 1 more | 2025-05-05 | 6.8 MEDIUM | 8.8 HIGH |
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-9715 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2025-05-05 | 9.3 HIGH | 7.8 HIGH |
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2020-9567 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2025-05-05 | 9.3 HIGH | 7.8 HIGH |
Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2020-9566 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2025-05-05 | 9.3 HIGH | 7.8 HIGH |
Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
CVE-2023-4763 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-05-05 | N/A | 8.8 HIGH |
Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2023-41071 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-05 | N/A | 7.8 HIGH |
A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2023-3421 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-05-05 | N/A | 8.8 HIGH |
Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2023-3217 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-05 | N/A | 8.8 HIGH |
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2023-3215 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-05 | N/A | 8.8 HIGH |
Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2023-3214 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2025-05-05 | N/A | 8.8 HIGH |
Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) |