Skip to main content

Use After Free

6128 CVEs technique

Monthly

CVE-2023-21747 HIGH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-21735 HIGH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-21734 HIGH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-21724 HIGH This Week

Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 20H2 +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-21680 HIGH This Week

Windows Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-21679 HIGH This Week

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free RCE Memory Corruption Microsoft Windows 10 1607 +14
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-21674 HIGH KEV PATCH THREAT This Week

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
8.8
EPSS
41.5%
CVE-2023-21552 HIGH This Week

Windows GDI Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1607 +14
NVD
CVSS 3.1
7.8
EPSS
3.5%
CVE-2023-21551 HIGH This Week

Microsoft Cryptographic Services Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1809 +7
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-21532 HIGH This Week

Windows GDI Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1607 +14
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-0135 HIGH This Week

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-0134 HIGH This Week

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-0128 HIGH This Week

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-47946 MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel 5.10.x before 5.10.155. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Use After Free Denial Of Service Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-47939 CRITICAL PATCH Act Now

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Linux Use After Free Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
9.8
EPSS
46.4%
CVE-2022-46882 CRITICAL Act Now

A use-after-free in WebGL extensions could have led to a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-46880 MEDIUM This Month

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-45409 HIGH This Week

The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-45407 HIGH This Week

If an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-45406 CRITICAL Act Now

If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-45405 MEDIUM This Month

Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-40960 MEDIUM This Month

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-38476 HIGH This Week

A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Use After Free Mozilla Memory Corruption Firefox Esr +1
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2022-34484 HIGH POC This Week

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Buffer Overflow RCE Use After Free Memory Corruption +3
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-34470 CRITICAL Act Now

Session history navigations may have led to a use-after-free and potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-28282 MEDIUM POC This Month

By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2022-26486 CRITICAL POC KEV THREAT Act Now

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Mozilla Information Disclosure Use After Free Memory Corruption +3
NVD
CVSS 3.1
9.6
EPSS
2.3%
CVE-2022-26485 HIGH POC KEV THREAT This Week

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Mozilla Information Disclosure Use After Free Memory Corruption +3
NVD
CVSS 3.1
8.8
EPSS
14.3%
CVE-2022-26385 MEDIUM POC This Month

In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-26381 HIGH POC This Week

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-22740 HIGH POC This Week

Certain network request objects were freed too early when releasing a network request handle. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-1196 MEDIUM POC This Month

After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-1097 MEDIUM POC This Month

<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla Memory Corruption Firefox +2
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2022-46282 HIGH This Week

Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Use After Free Denial Of Service Memory Corruption Cx Drive
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-46311 HIGH PATCH This Week

The contacts component has a free (undefined) provider vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Use After Free Memory Corruption Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-42520 MEDIUM This Month

In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Google Use After Free Memory Corruption +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2022-20581 MEDIUM This Month

In the Pixel camera driver, there is a possible use after free due to a logic error in the code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Google Use After Free Memory Corruption +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-20571 MEDIUM PATCH This Month

In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google Use After Free Memory Corruption +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-20568 HIGH PATCH This Week

In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google Use After Free Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20566 HIGH PATCH This Week

In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google Use After Free Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20561 HIGH This Week

In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Google Buffer Overflow Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20554 MEDIUM PATCH This Month

In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google Use After Free Memory Corruption +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-20552 MEDIUM PATCH This Month

In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Buffer Overflow Information Disclosure Use After Free +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-20540 HIGH PATCH This Week

In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google RCE Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20524 HIGH PATCH This Week

In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google RCE Use After Free +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-20514 MEDIUM PATCH This Month

In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google Buffer Overflow Use After Free +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-42867 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE Use After Free Memory Corruption +6
NVD
CVSS 3.1
8.8
EPSS
34.6%
CVE-2022-4283 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption X Server Fedora +2
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-46343 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2022-46342 HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption X Server Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-4440 HIGH This Week

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-4439 HIGH This Week

Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Microsoft Use After Free Memory Corruption +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-4438 HIGH This Week

Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4437 HIGH This Week

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4436 HIGH This Week

Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-44683 HIGH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Use After Free Memory Corruption Windows 10 +7
NVD
CVSS 3.1
7.8
EPSS
8.2%
CVE-2022-41285 HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8),. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-25677 HIGH PATCH This Week

Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Qualcomm Buffer Overflow Use After Free Memory Corruption +143
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-20502 MEDIUM PATCH This Month

In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Information Disclosure Use After Free Memory Corruption +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-20496 MEDIUM PATCH This Month

In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Denial Of Service Google RCE Use After Free +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-42716 HIGH This Week

An issue was discovered in the Arm Mali GPU Kernel Driver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption Valhall Gpu Kernel Driver
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-43508 HIGH This Week

Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Use After Free Memory Corruption Cx Programmer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-42754 MEDIUM This Month

In npu driver, there is a memory corruption due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Buffer Overflow Memory Corruption Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-35254 HIGH This Week

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Use After Free Memory Corruption Connect Secure +2
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2022-42705 MEDIUM PATCH This Month

A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Asterisk Certified Asterisk
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2022-4292 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0882. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Ontap Select Deploy Administration Utility
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2022-3591 HIGH PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0789. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Vim
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-4194 HIGH This Week

Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-4192 HIGH This Week

Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2022-4191 HIGH This Week

Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2022-4181 HIGH This Week

Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-4180 HIGH This Week

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-4179 HIGH This Week

Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-4178 HIGH This Week

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
23.9%
CVE-2022-4177 HIGH This Week

Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2022-4175 HIGH This Week

Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2022-45343 HIGH POC This Week

GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-45919 HIGH This Week

An issue was discovered in the Linux kernel through 6.0.10. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Linux Use After Free Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2022-42896 HIGH PATCH This Week

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Google RCE Use After Free Memory Corruption +1
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-3910 HIGH PATCH This Week

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Linux Use After Free Memory Corruption +1
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-40129 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Use After Free Memory Corruption Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-38097 HIGH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-37332 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Use After Free Memory Corruption Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-32774 HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Use After Free Memory Corruption Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-45146 Maven MEDIUM POC PATCH This Month

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Use After Free Memory Corruption Fips Java Api
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-45474 CRITICAL POC PATCH Act Now

drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Use After Free Memory Corruption Drachtio Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2022-25743 HIGH PATCH This Week

Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Qualcomm Use After Free Buffer Overflow Memory Corruption Apq8009 Firmware +188
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-44550 HIGH This Week

The graphics display module has a UAF vulnerability when traversing graphic layers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-44547 HIGH This Week

The Display Service module has a UAF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption Harmonyos Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-3450 HIGH This Week

Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service Memory Corruption Chrome
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
EPSS 1% CVSS 7.8
HIGH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +16
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption +4
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Microsoft DWM Core Library Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +7
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Windows Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +16
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free RCE Memory Corruption +16
NVD
EPSS 42% CVSS 8.8
HIGH KEV PATCH THREAT This Week

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption +14
NVD
EPSS 4% CVSS 7.8
HIGH This Week

Windows GDI Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +16
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Microsoft Cryptographic Services Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption +9
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Windows GDI Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Use After Free Information Disclosure Memory Corruption +16
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +2
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in the Linux kernel 5.10.x before 5.10.155. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Linux Use After Free Denial Of Service +2
NVD
EPSS 46% CVSS 9.8
CRITICAL PATCH Act Now

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Linux Use After Free +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

A use-after-free in WebGL extensions could have led to a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The garbage collector could have been aborted in several states and zones and <code>GCRuntime::finishCollection</code> may not have been called, leading to a use-after-free and potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

If an attacker loaded a font using <code>FontFace()</code> on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Freeing arbitrary <code>nsIInputStream</code>'s on a different thread than creation could have led to a use-after-free and potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Concurrent use of the URL parser with non-UTF-8 data was not thread-safe. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A data race could occur in the <code>PK11_ChangePW</code> function, potentially leading to a use-after-free vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Use After Free Mozilla +3
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Buffer Overflow RCE +5
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Session history navigations may have led to a use-after-free and potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla +4
NVD
EPSS 2% CVSS 6.5
MEDIUM POC This Month

By using a link with <code>rel="localization"</code> a use-after-free could have been triggered by destroying an object during JavaScript execution and then referencing the object through a freed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla +4
NVD
EPSS 2% CVSS 9.6
CRITICAL POC KEV THREAT Act Now

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Mozilla Information Disclosure +5
NVD
EPSS 14% CVSS 8.8
HIGH POC KEV THREAT This Week

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Mozilla Information Disclosure +5
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In unusual circumstances, an individual thread may outlive the thread's manager during shutdown. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla +2
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla +4
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Certain network request objects were freed too early when releasing a network request handle. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla +4
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

After a VR Process is destroyed, a reference to it may have been retained and used, leading to a use-after-free and potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla +3
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

<code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Mozilla +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Use After Free Denial Of Service +2
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The contacts component has a free (undefined) provider vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Information Disclosure Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a possible use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Google +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In the Pixel camera driver, there is a possible use after free due to a logic error in the code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Google +3
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In extract_metadata of dm-android-verity.c, there is a possible way to corrupt kernel memory due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In TBD of aud_hal_tunnel.c, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Google +4
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In removeEventHubDevice of InputDevice.cpp, there is a possible OOB read due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possible out of bounds read due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Buffer Overflow +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google +4
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and releaseFabricatedOverlayIterator of Idmap2Service.cpp, there is a possible out of bounds write due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Google +4
NVD
EPSS 35% CVSS 8.8
HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple RCE +8
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption +4
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Microsoft +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +2
NVD
EPSS 8% CVSS 7.8
HIGH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Use After Free +9
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability has been identified in JT2Go (All versions < V14.1.0.6), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8),. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Denial Of Service Qualcomm Buffer Overflow +145
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Information Disclosure +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Denial Of Service Google +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in the Arm Mali GPU Kernel Driver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Use-after free vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Use After Free +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

In npu driver, there is a memory corruption due to a use after free. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Buffer Overflow +2
NVD
EPSS 3% CVSS 7.5
HIGH This Week

An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Information Disclosure Use After Free +4
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption +2
NVD
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0882. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.0789. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +1
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +2
NVD
EPSS 24% CVSS 8.8
HIGH This Week

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Use After Free Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

An issue was discovered in the Linux kernel through 6.0.10. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Linux Use After Free +7
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Google RCE +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Use After Free vulnerability in Linux Kernel allows Privilege Escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Linux +3
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Use After Free Memory Corruption +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Use After Free Memory Corruption +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Use After Free Memory Corruption +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Use After Free +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC PATCH Act Now

drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Use After Free Memory Corruption +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Qualcomm Use After Free Buffer Overflow +190
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The graphics display module has a UAF vulnerability when traversing graphic layers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

The Display Service module has a UAF vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Use After Free Memory Corruption +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Denial Of Service +2
NVD VulDB
Prev Page 41 of 69 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy