Total
5850 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4366 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-4356 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-4351 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4349 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4147 | 4 Debian, Fedoraproject, Linux and 1 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2024-11-21 | N/A | 7.8 HIGH |
| A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. | |||||
| CVE-2023-4133 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
| A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. | |||||
| CVE-2023-4132 | 4 Debian, Fedoraproject, Linux and 1 more | 6 Debian Linux, Fedora, Linux Kernel and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. | |||||
| CVE-2023-4076 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) | |||||
| CVE-2023-4075 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4074 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-4004 | 5 Debian, Fedoraproject, Linux and 2 more | 8 Debian Linux, Fedora, Linux Kernel and 5 more | 2024-11-21 | N/A | 7.8 HIGH |
| A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. | |||||
| CVE-2023-49676 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability. | |||||
| CVE-2023-49288 | 1 Squid-cache | 1 Squid | 2024-11-21 | N/A | 8.6 HIGH |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf. | |||||
| CVE-2023-49142 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 4.0 MEDIUM |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer. | |||||
| CVE-2023-49135 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 4.0 MEDIUM |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. | |||||
| CVE-2023-48706 | 1 Vim | 1 Vim | 2024-11-21 | N/A | 3.6 LOW |
| Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. | |||||
| CVE-2023-48633 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2023-48360 | 1 Openatom | 1 Openharmony | 2024-11-21 | N/A | 4.0 MEDIUM |
| in OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer. | |||||
| CVE-2023-48184 | 2024-11-21 | N/A | 3.9 LOW | ||
| QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures. | |||||
| CVE-2023-48024 | 1 Howerj | 1 Liblisp | 2024-11-21 | N/A | 6.5 MEDIUM |
| Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c | |||||