Total
5696 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29815 | 2025-04-07 | N/A | 7.6 HIGH | ||
| Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-31115 | 2025-04-07 | N/A | N/A | ||
| XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases. | |||||
| CVE-2024-45540 | 2025-04-07 | N/A | 6.6 MEDIUM | ||
| Memory corruption while invoking IOCTL map buffer request from userspace. | |||||
| CVE-2025-21437 | 2025-04-07 | N/A | 7.8 HIGH | ||
| Memory corruption while processing memory map or unmap IOCTL operations simultaneously. | |||||
| CVE-2024-45544 | 2025-04-07 | N/A | 6.6 MEDIUM | ||
| Memory corruption while processing IOCTL calls to add route entry in the HW. | |||||
| CVE-2024-43066 | 2025-04-07 | N/A | 7.8 HIGH | ||
| Memory corruption while handling file descriptor during listener registration/de-registration. | |||||
| CVE-2025-21436 | 2025-04-07 | N/A | 7.8 HIGH | ||
| Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads. | |||||
| CVE-2024-49848 | 2025-04-07 | N/A | 6.7 MEDIUM | ||
| Memory corruption while processing multiple IOCTL calls from HLOS to DSP. | |||||
| CVE-2025-30427 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-04-07 | N/A | 4.3 MEDIUM |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash. | |||||
| CVE-2025-3028 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 6.5 MEDIUM |
| JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. | |||||
| CVE-2025-3030 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-07 | N/A | 8.1 HIGH |
| Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9. | |||||
| CVE-2021-29256 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-04-07 | 9.0 HIGH | 8.8 HIGH |
| . The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0. | |||||
| CVE-2022-36449 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-04-07 | N/A | 6.5 MEDIUM |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1. | |||||
| CVE-2024-5688 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.1 HIGH |
| If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | |||||
| CVE-2021-0920 | 3 Debian, Google, Linux | 3 Debian Linux, Android, Linux Kernel | 2025-04-04 | 6.9 MEDIUM | 6.4 MEDIUM |
| In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel | |||||
| CVE-2019-2215 | 5 Canonical, Debian, Google and 2 more | 145 Ubuntu Linux, Debian Linux, Android and 142 more | 2025-04-04 | 4.6 MEDIUM | 7.8 HIGH |
| A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 | |||||
| CVE-2019-0211 | 8 Apache, Canonical, Debian and 5 more | 27 Http Server, Ubuntu Linux, Debian Linux and 24 more | 2025-04-04 | 7.2 HIGH | 7.8 HIGH |
| In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. | |||||
| CVE-2025-1930 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 8.8 HIGH |
| On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. This vulnerability affects Firefox < 136, Firefox ESR < 115.21, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8. | |||||
| CVE-2024-5702 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.5 HIGH |
| Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12. | |||||
| CVE-2024-26737 | 1 Linux | 1 Linux Kernel | 2025-04-04 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel The following race is possible between bpf_timer_cancel_and_free and bpf_timer_cancel. It will lead a UAF on the timer->timer. bpf_timer_cancel(); spin_lock(); t = timer->time; spin_unlock(); bpf_timer_cancel_and_free(); spin_lock(); t = timer->timer; timer->timer = NULL; spin_unlock(); hrtimer_cancel(&t->timer); kfree(t); /* UAF on t */ hrtimer_cancel(&t->timer); In bpf_timer_cancel_and_free, this patch frees the timer->timer after a rcu grace period. This requires a rcu_head addition to the "struct bpf_hrtimer". Another kfree(t) happens in bpf_timer_init, this does not need a kfree_rcu because it is still under the spin_lock and timer->timer has not been visible by others yet. In bpf_timer_cancel, rcu_read_lock() is added because this helper can be used in a non rcu critical section context (e.g. from a sleepable bpf prog). Other timer->timer usages in helpers.c have been audited, bpf_timer_cancel() is the only place where timer->timer is used outside of the spin_lock. Another solution considered is to mark a t->flag in bpf_timer_cancel and clear it after hrtimer_cancel() is done. In bpf_timer_cancel_and_free, it busy waits for the flag to be cleared before kfree(t). This patch goes with a straight forward solution and frees timer->timer after a rcu grace period. | |||||