Total
6799 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30644 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-02-27 | 7.8 High |
| Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-28835 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2025-02-27 | 7.8 High |
| Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-33039 | 1 Qualcomm | 42 Qam8295p, Qam8295p Firmware, Qam8650p and 39 more | 2025-02-27 | 8.4 High |
| Memory corruption in Automotive Display while destroying the image handle created using connected display driver. | ||||
| CVE-2023-38216 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2025-02-27 | 5.5 Medium |
| Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-1192 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Rhel Aus and 4 more | 2025-02-27 | 6.5 Medium |
| A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service. | ||||
| CVE-2023-1193 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-02-27 | 6.5 Medium |
| A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work. | ||||
| CVE-2023-1476 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux, Enterprise Linux Eus and 3 more | 2025-02-27 | 7 High |
| A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. | ||||
| CVE-2023-6039 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-02-27 | 5.5 Medium |
| A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches. | ||||
| CVE-2023-21018 | 1 Google | 1 Android | 2025-02-26 | 6.7 Medium |
| In UnwindingWorker of unwinding.cc, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233338564 | ||||
| CVE-2023-21459 | 1 Samsung | 2 Android, Exynos 2100 | 2025-02-26 | 5 Medium |
| Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault. | ||||
| CVE-2022-4095 | 1 Linux | 1 Linux Kernel | 2025-02-26 | 7.8 High |
| A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. | ||||
| CVE-2023-21043 | 1 Google | 1 Android | 2025-02-25 | 6.7 Medium |
| In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239872581References: N/A | ||||
| CVE-2023-21038 | 1 Google | 1 Android | 2025-02-25 | 6.7 Medium |
| In cs40l2x_cp_trigger_queue_show of cs40l2x.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224000736References: N/A | ||||
| CVE-2023-21045 | 1 Google | 1 Android | 2025-02-24 | 4.4 Medium |
| When cpif handles probe failures, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323725References: N/A | ||||
| CVE-2023-0494 | 3 Fedoraproject, Redhat, X.org | 22 Fedora, Enterprise Linux, Enterprise Linux Aus and 19 more | 2025-02-24 | 7.8 High |
| A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions. | ||||
| CVE-2023-21020 | 1 Google | 1 Android | 2025-02-24 | 6.7 Medium |
| In registerSignalHandlers of main.c, there is a possible local arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256591441 | ||||
| CVE-2023-21055 | 1 Google | 1 Android | 2025-02-21 | 6.4 Medium |
| In dit_hal_ioctl of dit.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244301523References: N/A | ||||
| CVE-2023-21042 | 1 Google | 1 Android | 2025-02-19 | 6.7 Medium |
| In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239873326References: N/A | ||||
| CVE-2023-1079 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-02-19 | 6.8 Medium |
| A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data. | ||||
| CVE-2024-12548 | 1 Tungstenautomation | 1 Power Pdf | 2025-02-19 | 3.3 Low |
| Tungsten Automation Power PDF JP2 File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files.The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25564. | ||||