Total
3445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21146 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-04-26 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-3700 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2022-04-25 | 4.4 MEDIUM | 6.4 MEDIUM |
| A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. | |||||
| CVE-2017-5043 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2022-04-22 | 6.8 MEDIUM | 8.8 HIGH |
| Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. | |||||
| CVE-2017-5036 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2022-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file. | |||||
| CVE-2017-5038 | 6 Apple, Debian, Google and 3 more | 8 Macos, Debian Linux, Chrome and 5 more | 2022-04-22 | 6.8 MEDIUM | 6.3 MEDIUM |
| Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. | |||||
| CVE-2017-5039 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Android and 6 more | 2022-04-22 | 6.8 MEDIUM | 7.8 HIGH |
| A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2020-10018 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2022-04-22 | 7.5 HIGH | 9.8 CRITICAL |
| WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling. | |||||
| CVE-2020-6436 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-04-22 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in window management in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6434 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-04-22 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in devtools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6423 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-04-22 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-44497 | 1 Fisglobal | 1 Gt.m | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, can cause the bounds of a for loop to be miscalculated, which leads to a use after free condition a pointer is pushed into previously free memory by the loop. | |||||
| CVE-2022-1280 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2022-04-20 | 3.3 LOW | 6.3 MEDIUM |
| A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. | |||||
| CVE-2021-39812 | 1 Google | 1 Android | 2022-04-20 | 7.2 HIGH | 7.8 HIGH |
| In TBD of TBD, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205522359References: N/A | |||||
| CVE-2021-0707 | 1 Google | 1 Android | 2022-04-20 | 7.2 HIGH | 7.8 HIGH |
| In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernel | |||||
| CVE-2017-2821 | 1 Lexmark | 1 Perceptive Document Filters | 2022-04-19 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution. | |||||
| CVE-2017-2808 | 1 Ledger-cli | 1 Ledger | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability. | |||||
| CVE-2018-3924 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2022-27528 | 1 Autodesk | 1 Navisworks | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | |||||
| CVE-2022-25789 | 1 Autodesk | 10 Advance Steel, Autocad, Autocad Architecture and 7 more | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | |||||
| CVE-2022-0098 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-04-18 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. | |||||