Total
3445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29581 | 4 Canonical, Debian, Linux and 1 more | 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more | 2022-10-19 | 7.2 HIGH | 7.8 HIGH |
| Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. | |||||
| CVE-2022-1055 | 5 Canonical, Fedoraproject, Linux and 2 more | 20 Ubuntu Linux, Fedora, Linux Kernel and 17 more | 2022-10-19 | 4.6 MEDIUM | 7.8 HIGH |
| A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 | |||||
| CVE-2021-46669 | 3 Debian, Fedoraproject, Mariadb | 3 Debian Linux, Fedora, Mariadb | 2022-10-19 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. | |||||
| CVE-2020-15436 | 3 Broadcom, Linux, Netapp | 34 Brocade Fabric Operating System Firmware, Linux Kernel, A250 and 31 more | 2022-10-19 | 7.2 HIGH | 6.7 MEDIUM |
| Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | |||||
| CVE-2022-41303 | 1 Autodesk | 1 Fbx Software Development Kit | 2022-10-18 | N/A | 7.8 HIGH |
| A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system. | |||||
| CVE-2022-3534 | 1 Linux | 1 Linux Kernel | 2022-10-18 | N/A | 8.0 HIGH |
| A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032. | |||||
| CVE-2022-3523 | 1 Linux | 1 Linux Kernel | 2022-10-18 | N/A | 5.3 MEDIUM |
| A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211020. | |||||
| CVE-2022-38437 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-10-18 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-38442 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2022-10-18 | N/A | 7.8 HIGH |
| Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-8945 | 3 Fedoraproject, Gpgme Project, Redhat | 10 Fedora, Gpgme, Enterprise Linux and 7 more | 2022-10-18 | 5.1 MEDIUM | 7.5 HIGH |
| The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. | |||||
| CVE-2022-38444 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2022-10-18 | N/A | 7.8 HIGH |
| Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-38446 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2022-10-18 | N/A | 7.8 HIGH |
| Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-38448 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2022-10-18 | N/A | 7.8 HIGH |
| Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-38447 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2022-10-18 | N/A | 7.8 HIGH |
| Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-38445 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2022-10-18 | N/A | 7.8 HIGH |
| Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-38983 | 1 Huawei | 2 Emui, Harmonyos | 2022-10-18 | N/A | 9.8 CRITICAL |
| The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Successful exploitation of this vulnerability may result in arbitrary code execution. | |||||
| CVE-2020-1752 | 3 Canonical, Gnu, Netapp | 8 Ubuntu Linux, Glibc, Active Iq Unified Manager and 5 more | 2022-10-17 | 3.7 LOW | 7.0 HIGH |
| A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. | |||||
| CVE-2020-6493 | 3 Debian, Google, Opensuse | 4 Debian Linux, Chrome, Backports and 1 more | 2022-10-14 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in WebAuthentication in Google Chrome prior to 83.0.4103.97 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2019-13699 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2022-10-14 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in media in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-13723 | 4 Fedoraproject, Google, Opensuse and 1 more | 6 Fedora, Chrome, Backports and 3 more | 2022-10-14 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebBluetooth in Google Chrome prior to 78.0.3904.108 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||