Vulnerabilities (CVE)

Filtered by CWE-416
Total 5696 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-49128 1 Microsoft 6 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 3 more 2025-05-13 N/A 8.1 HIGH
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2021-47335 1 Linux 1 Linux Kernel 2025-05-12 N/A 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid racing on fsync_entry_slab by multi filesystem instances As syzbot reported, there is an use-after-free issue during f2fs recovery: Use-after-free write at 0xffff88823bc16040 (in kfence-#10): kmem_cache_destroy+0x1f/0x120 mm/slab_common.c:486 f2fs_recover_fsync_data+0x75b0/0x8380 fs/f2fs/recovery.c:869 f2fs_fill_super+0x9393/0xa420 fs/f2fs/super.c:3945 mount_bdev+0x26c/0x3a0 fs/super.c:1367 legacy_get_tree+0xea/0x180 fs/fs_context.c:592 vfs_get_tree+0x86/0x270 fs/super.c:1497 do_new_mount fs/namespace.c:2905 [inline] path_mount+0x196f/0x2be0 fs/namespace.c:3235 do_mount fs/namespace.c:3248 [inline] __do_sys_mount fs/namespace.c:3456 [inline] __se_sys_mount+0x2f9/0x3b0 fs/namespace.c:3433 do_syscall_64+0x3f/0xb0 arch/x86/entry/common.c:47 entry_SYSCALL_64_after_hwframe+0x44/0xae The root cause is multi f2fs filesystem instances can race on accessing global fsync_entry_slab pointer, result in use-after-free issue of slab cache, fixes to init/destroy this slab cache only once during module init/destroy procedure to avoid this issue.
CVE-2025-27578 2025-05-12 N/A 7.5 HIGH
Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.
CVE-2025-31946 2025-05-12 N/A 6.2 MEDIUM
Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.
CVE-2025-0427 1 Arm 3 5th Gen Gpu Architecture Kernel Driver, Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver 2025-05-12 N/A 7.8 HIGH
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r8p0 through r49p3, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r19p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0.
CVE-2025-0072 1 Arm 2 5th Gen Gpu Architecture Kernel Driver, Valhall Gpu Kernel Driver 2025-05-12 N/A 7.8 HIGH
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p3, from r50p0 through r53p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p3, from r50p0 through r53p0.
CVE-2024-26455 1 Treasuredata 1 Fluent Bit 2025-05-12 N/A 7.5 HIGH
fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.
CVE-2024-45567 1 Qualcomm 28 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 25 more 2025-05-09 N/A 7.8 HIGH
Memory corruption while encoding JPEG format.
CVE-2024-45566 1 Qualcomm 46 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 43 more 2025-05-09 N/A 7.8 HIGH
Memory corruption during concurrent buffer access due to modification of the reference count.
CVE-2024-45564 1 Qualcomm 126 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 123 more 2025-05-09 N/A 7.8 HIGH
Memory corruption during concurrent access to server info object due to incorrect reference count update.
CVE-2024-45562 1 Qualcomm 160 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 157 more 2025-05-09 N/A 6.6 MEDIUM
Memory corruption during concurrent access to server info object due to unprotected critical field.
CVE-2024-45554 1 Qualcomm 42 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 39 more 2025-05-09 N/A 7.8 HIGH
Memory corruption during concurrent SSR execution due to race condition on the global maps list.
CVE-2024-45583 1 Qualcomm 14 Fastconnect 7800, Fastconnect 7800 Firmware, Snapdragon 8 Gen 3 Mobile and 11 more 2025-05-09 N/A 6.6 MEDIUM
Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations.
CVE-2025-21453 1 Qualcomm 532 205 Mobile, 205 Mobile Firmware, 215 Mobile and 529 more 2025-05-09 N/A 7.8 HIGH
Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur.
CVE-2024-25062 1 Xmlsoft 1 Libxml2 2025-05-09 N/A 7.5 HIGH
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
CVE-2022-25666 1 Qualcomm 296 Apq8096au, Apq8096au Firmware, Aqt1000 and 293 more 2025-05-09 N/A 6.7 MEDIUM
Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CVE-2022-43033 1 Axiosys 1 Bento4 2025-05-08 N/A 6.5 MEDIUM
An issue was discovered in Bento4 1.6.0-639. There is a bad free in the component AP4_HdlrAtom::~AP4_HdlrAtom() which allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2022-39823 1 Softing 2 Opc, Opc Ua C\+\+ Software Development Kit 2025-05-08 N/A 7.5 HIGH
An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error
CVE-2024-1059 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-08 N/A 8.8 HIGH
Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-1432 1 Autodesk 9 Advance Steel, Autocad, Autocad Architecture and 6 more 2025-05-08 N/A 7.8 HIGH
A maliciously crafted 3DM file, when parsed through Autodesk AutoCAD, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.