Total
3445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2157 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2007 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1870 | 1 Google | 1 Chrome | 2022-10-26 | N/A | 8.8 HIGH |
| Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | |||||
| CVE-2022-29582 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-10-25 | 6.9 MEDIUM | 7.0 HIGH |
| In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. | |||||
| CVE-2022-39823 | 1 Softing | 2 Opc, Opc Ua C\+\+ Software Development Kit | 2022-10-25 | N/A | 7.5 HIGH |
| An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10. An OPC/UA browse request exceeding the server limit on continuation points may cause a use-after-free error | |||||
| CVE-2022-1131 | 1 Google | 1 Chrome | 2022-10-25 | N/A | 8.8 HIGH |
| Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1135 | 1 Google | 1 Chrome | 2022-10-25 | N/A | 8.8 HIGH |
| Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. | |||||
| CVE-2022-1133 | 1 Google | 1 Chrome | 2022-10-25 | N/A | 8.8 HIGH |
| Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1136 | 1 Google | 1 Chrome | 2022-10-25 | N/A | 8.8 HIGH |
| Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures. | |||||
| CVE-2022-2817 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-10-25 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0213. | |||||
| CVE-2022-2862 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-10-25 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0221. | |||||
| CVE-2020-25656 | 4 Debian, Linux, Redhat and 1 more | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2022-10-25 | 1.9 LOW | 4.1 MEDIUM |
| A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2020-36385 | 3 Linux, Netapp, Starwindsoftware | 19 Linux Kernel, H300e, H300e Firmware and 16 more | 2022-10-25 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. | |||||
| CVE-2020-0427 | 4 Debian, Google, Opensuse and 1 more | 4 Debian Linux, Android, Leap and 1 more | 2022-10-25 | 2.1 LOW | 5.5 MEDIUM |
| In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 | |||||
| CVE-2021-22893 | 1 Pulsesecure | 1 Pulse Connect Secure | 2022-10-24 | 7.5 HIGH | 10.0 CRITICAL |
| Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. This vulnerability has been exploited in the wild. | |||||
| CVE-2022-22077 | 1 Qualcomm | 16 Sd 8 Gen1 5g, Sd 8 Gen1 5g Firmware, Wcd9380 and 13 more | 2022-10-21 | N/A | 7.8 HIGH |
| Memory corruption in graphics due to use-after-free in graphics dispatcher logic in Snapdragon Mobile | |||||
| CVE-2022-25666 | 1 Qualcomm | 296 Apq8096au, Apq8096au Firmware, Aqt1000 and 293 more | 2022-10-21 | N/A | 6.7 MEDIUM |
| Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-43033 | 1 Axiosys | 1 Bento4 | 2022-10-21 | N/A | 6.5 MEDIUM |
| An issue was discovered in Bento4 1.6.0-639. There is a bad free in the component AP4_HdlrAtom::~AP4_HdlrAtom() which allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2022-25723 | 1 Qualcomm | 16 Sd 8 Gen1 5g, Sd 8 Gen1 5g Firmware, Wcd9380 and 13 more | 2022-10-20 | N/A | 7.8 HIGH |
| Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile | |||||
| CVE-2022-22208 | 1 Juniper | 2 Junos, Junos Os Evolved | 2022-10-20 | N/A | 5.9 MEDIUM |
| A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker's control and cannot be deterministically exploited. Continued flapping of BGP sessions can create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: All versions prior to 18.4R2-S9, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 version 19.2R1 and later versions; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R2-S1, 21.2R3. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. | |||||