Total
3445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1312 | 1 Google | 1 Chrome | 2022-08-30 | N/A | 9.6 CRITICAL |
| Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2022-1311 | 1 Google | 2 Chrome, Chrome Os | 2022-08-30 | N/A | 8.8 HIGH |
| Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1477 | 1 Google | 1 Chrome | 2022-08-30 | N/A | 8.8 HIGH |
| Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2477 | 1 Google | 1 Chrome | 2022-08-30 | N/A | 8.8 HIGH |
| Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2481 | 1 Google | 1 Chrome | 2022-08-30 | N/A | 8.8 HIGH |
| Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction. | |||||
| CVE-2022-2480 | 1 Google | 1 Chrome | 2022-08-30 | N/A | 8.8 HIGH |
| Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-10700 | 3 Fedoraproject, Opensuse, Samba | 3 Fedora, Leap, Samba | 2022-08-29 | 2.6 LOW | 5.3 MEDIUM |
| A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2. | |||||
| CVE-2022-20122 | 1 Google | 1 Android | 2022-08-28 | N/A | 9.8 CRITICAL |
| The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232441339 | |||||
| CVE-2021-39815 | 1 Google | 1 Android | 2022-08-28 | N/A | 9.8 CRITICAL |
| The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232440670 | |||||
| CVE-2022-1796 | 1 Vim | 1 Vim | 2022-08-26 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 8.2.4979. | |||||
| CVE-2022-2345 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-08-26 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0046. | |||||
| CVE-2022-2289 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-08-26 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-0156 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2022-08-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| vim is vulnerable to Use After Free | |||||
| CVE-2022-28678 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-08-25 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16805. | |||||
| CVE-2022-28679 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2022-08-25 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16861. | |||||
| CVE-2022-28680 | 2 Foxit, Microsoft | 2 Pdf Editor, Windows | 2022-08-25 | N/A | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16821. | |||||
| CVE-2021-21775 | 3 Debian, Fedoraproject, Webkitgtk | 3 Debian Linux, Fedora, Webkitgtk | 2022-08-24 | 6.0 MEDIUM | 8.0 HIGH |
| A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. | |||||
| CVE-2022-23459 | 1 Json\+\+ Project | 1 Json\+\+ | 2022-08-23 | N/A | 9.8 CRITICAL |
| Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. Users are advised to find a replacement. | |||||
| CVE-2022-35164 | 1 Gnu | 1 Libredwg | 2022-08-19 | N/A | 9.8 CRITICAL |
| LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. | |||||
| CVE-2022-36190 | 1 Gpac | 1 Gpac | 2022-08-18 | N/A | 9.8 CRITICAL |
| GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242. | |||||