Total
6799 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27934 | 1 Deno | 1 Deno | 2025-01-03 | 8.4 High |
| Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. This bug is known to be exploitable for both `*const c_void` and `ExternalPointer` implementations. Version 1.40.3 fixes this issue. | ||||
| CVE-2017-18017 | 9 Arista, Canonical, Debian and 6 more | 33 Eos, Ubuntu Linux, Debian Linux and 30 more | 2025-01-03 | 9.8 Critical |
| The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. | ||||
| CVE-2024-22098 | 1 Openatom | 1 Openharmony | 2025-01-02 | 6.5 Medium |
| in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free. | ||||
| CVE-2024-27217 | 1 Openatom | 1 Openharmony | 2025-01-02 | 6.5 Medium |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. | ||||
| CVE-2024-3759 | 1 Openatom | 1 Openharmony | 2025-01-02 | 6.5 Medium |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in TCB through use after free. | ||||
| CVE-2024-9960 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-9961 | 2 Apple, Google | 2 Iphone Os, Chrome | 2025-01-02 | 8.8 High |
| Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-10488 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-10826 | 1 Google | 2 Android, Chrome | 2025-01-02 | 8.8 High |
| Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-10827 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-11112 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-01-02 | 7.5 High |
| Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-11113 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-8362 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2021-38023 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-9120 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-01-02 | 8.8 High |
| Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-9959 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | ||||
| CVE-2024-9957 | 2 Apple, Google | 2 Iphone Os, Chrome | 2025-01-02 | 8.8 High |
| Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-9955 | 1 Google | 1 Chrome | 2025-01-02 | 8.8 High |
| Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-35618 | 1 Microsoft | 1 Edge Chromium | 2025-01-01 | 9.6 Critical |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
| CVE-2023-35628 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-01 | 8.1 High |
| Windows MSHTML Platform Remote Code Execution Vulnerability | ||||