Vulnerabilities (CVE)

Filtered by CWE-416
Total 5697 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-33981 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-05-05 2.1 LOW 3.3 LOW
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.
CVE-2022-23597 1 Element 1 Desktop 2025-05-05 5.1 MEDIUM 8.3 HIGH
Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit is non-trivial and requires clicking on a malicious link, followed by another button click. To the best of our knowledge, the vulnerability has never been exploited in the wild. If you are using Element Desktop < 1.9.7, we recommend upgrading at your earliest convenience. If successfully exploited, the vulnerability allows an attacker to specify a file path of a binary on the victim's computer which then gets executed. Notably, the attacker does *not* have the ability to specify program arguments. However, in certain unspecified configurations, the attacker may be able to specify an URI instead of a file path which then gets handled using standard platform mechanisms. These may allow exploiting further vulnerabilities in those mechanisms, potentially leading to arbitrary code execution.
CVE-2022-23308 6 Apple, Debian, Fedoraproject and 3 more 44 Ipados, Iphone Os, Mac Os X and 41 more 2025-05-05 4.3 MEDIUM 7.5 HIGH
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
CVE-2021-36980 1 Openvswitch 1 Openvswitch 2025-05-05 4.3 MEDIUM 5.5 MEDIUM
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.
CVE-2021-30560 4 Debian, Google, Splunk and 1 more 4 Debian Linux, Chrome, Universal Forwarder and 1 more 2025-05-05 6.8 MEDIUM 8.8 HIGH
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-9715 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2025-05-05 9.3 HIGH 7.8 HIGH
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2020-9567 2 Adobe, Microsoft 2 Bridge, Windows 2025-05-05 9.3 HIGH 7.8 HIGH
Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2020-9566 2 Adobe, Microsoft 2 Bridge, Windows 2025-05-05 9.3 HIGH 7.8 HIGH
Adobe Bridge versions 10.0.1 and earlier version have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2023-4763 2 Debian, Google 2 Debian Linux, Chrome 2025-05-05 N/A 8.8 HIGH
Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-41071 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-05-05 N/A 7.8 HIGH
A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.
CVE-2023-3421 2 Debian, Google 2 Debian Linux, Chrome 2025-05-05 N/A 8.8 HIGH
Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-3217 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-05-05 N/A 8.8 HIGH
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-3215 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-05-05 N/A 8.8 HIGH
Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-3214 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-05-05 N/A 8.8 HIGH
Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVE-2023-35824 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-05-05 N/A 7.0 HIGH
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
CVE-2023-35823 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-05-05 N/A 7.0 HIGH
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
CVE-2023-32269 1 Linux 1 Linux Kernel 2025-05-05 N/A 6.7 MEDIUM
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.
CVE-2023-32233 3 Linux, Netapp, Redhat 3 Linux Kernel, Hci Baseboard Management Controller, Enterprise Linux 2025-05-05 N/A 7.8 HIGH
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.
CVE-2023-30772 1 Linux 1 Linux Kernel 2025-05-05 N/A 6.4 MEDIUM
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
CVE-2023-2933 1 Google 1 Chrome 2025-05-05 N/A 8.8 HIGH
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)