Total
3445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22424 | 1 Jtekt | 1 Kostac Plc Programming Software | 2023-03-13 | N/A | 7.8 HIGH |
| Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | |||||
| CVE-2022-46395 | 1 Arm | 4 Avalon Gpu Kernel Driver, Bifrost Gpu Kernel Driver, Midguard Gpu Kernel Driver and 1 more | 2023-03-13 | N/A | 8.8 HIGH |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. | |||||
| CVE-2023-24734 | 1 Pmb Project | 1 Pmb | 2023-03-13 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. | |||||
| CVE-2023-1213 | 1 Google | 1 Chrome | 2023-03-10 | N/A | 8.8 HIGH |
| Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1216 | 1 Google | 1 Chrome | 2023-03-10 | N/A | 8.8 HIGH |
| Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1218 | 1 Google | 1 Chrome | 2023-03-10 | N/A | 8.8 HIGH |
| Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2023-1227 | 1 Google | 2 Chrome, Linux And Chrome Os | 2023-03-10 | N/A | 8.8 HIGH |
| Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium) | |||||
| CVE-2022-44683 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2023-03-10 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-1118 | 1 Linux | 1 Linux Kernel | 2023-03-09 | N/A | 7.8 HIGH |
| A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | |||||
| CVE-2023-0461 | 1 Linux | 1 Linux Kernel | 2023-03-09 | N/A | 7.8 HIGH |
| There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c | |||||
| CVE-2022-46712 | 1 Apple | 1 Macos | 2023-03-08 | N/A | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13. An app may be able to cause unexpected system termination or potentially execute code with kernel privileges. | |||||
| CVE-2022-42826 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-03-07 | N/A | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13, iOS 16.1 and iPadOS 16, Safari 16.1. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-0934 | 2 Redhat, Thekelleys | 2 Enterprise Linux, Dnsmasq | 2023-03-07 | N/A | 7.5 HIGH |
| A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. | |||||
| CVE-2023-20933 | 1 Google | 1 Android | 2023-03-06 | N/A | 7.8 HIGH |
| In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753 | |||||
| CVE-2023-20937 | 1 Google | 1 Android | 2023-03-06 | N/A | 7.8 HIGH |
| In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257443051References: Upstream kernel | |||||
| CVE-2023-20938 | 1 Google | 1 Android | 2023-03-06 | N/A | 7.8 HIGH |
| In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel | |||||
| CVE-2018-11516 | 1 Videolan | 1 Vlc Media Player | 2023-03-03 | 6.8 MEDIUM | 8.8 HIGH |
| The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file. | |||||
| CVE-2019-13514 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2023-03-03 | 6.8 MEDIUM | 7.8 HIGH |
| In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger a use-after-free vulnerability, which may allow information disclosure, remote code execution, or crash of the application. | |||||
| CVE-2020-27784 | 1 Linux | 1 Linux Kernel | 2023-03-03 | N/A | 5.5 MEDIUM |
| A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). | |||||
| CVE-2022-3545 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2023-03-03 | N/A | 7.8 HIGH |
| A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. | |||||