Total
3445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22624 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2022-09-28 | N/A | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-4052 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | |||||
| CVE-2021-4053 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-4057 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-4064 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-4067 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-4065 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-4063 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2022-09-27 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2998 | 1 Google | 1 Chrome | 2022-09-26 | N/A | 8.8 HIGH |
| Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-15859 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-09-23 | 2.1 LOW | 3.3 LOW |
| QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. | |||||
| CVE-2020-25084 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-09-23 | 2.1 LOW | 3.2 LOW |
| QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked. | |||||
| CVE-2022-38667 | 1 Crowcpp | 1 Crow | 2022-09-23 | N/A | 9.8 CRITICAL |
| HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request. | |||||
| CVE-2022-40009 | 1 Swftools | 1 Swftools | 2022-09-21 | N/A | 9.8 CRITICAL |
| SWFTools commit 772e55a was discovered to contain a heap-use-after-free via the function grow_unicode at /lib/ttf.c. | |||||
| CVE-2022-35704 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-09-21 | N/A | 7.8 HIGH |
| Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-35709 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-09-21 | N/A | 5.5 MEDIUM |
| Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-38425 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2022-09-21 | N/A | 5.5 MEDIUM |
| Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-3016 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-09-20 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0286. | |||||
| CVE-2022-2982 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-09-20 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0260. | |||||
| CVE-2022-3037 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-09-20 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0322. | |||||
| CVE-2022-38428 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-09-20 | N/A | 5.5 MEDIUM |
| Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||