Total
6318 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46971 | 2024-12-16 | 7.8 High | ||
| Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. | ||||
| CVE-2023-21165 | 1 Google | 1 Android | 2024-12-16 | 7.8 High |
| In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40107 | 1 Google | 1 Android | 2024-12-13 | 7.8 High |
| In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-40114 | 1 Google | 1 Android | 2024-12-13 | 7.8 High |
| In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-40115 | 1 Google | 1 Android | 2024-12-13 | 7.8 High |
| In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-33053 | 1 Qualcomm | 114 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6200 and 111 more | 2024-12-12 | 6.7 Medium |
| Memory corruption when multiple threads try to unregister the CVP buffer at the same time. | ||||
| CVE-2024-33040 | 1 Qualcomm | 60 Fastconnect 6800, Fastconnect 6800 Firmware, Fastconnect 6900 and 57 more | 2024-12-12 | 6.7 Medium |
| Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access. | ||||
| CVE-2023-25747 | 1 Mozilla | 1 Firefox | 2024-12-11 | 7.5 High |
| A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0. | ||||
| CVE-2024-10074 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2024-12-11 | 8.8 High |
| in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free. | ||||
| CVE-2020-20703 | 1 Vim | 1 Vim | 2024-12-10 | 9.8 Critical |
| Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. | ||||
| CVE-2024-52568 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2024-12-10 | 7.8 High |
| A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0005), Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244) | ||||
| CVE-2024-38910 | 1 Open Robotics | 2 Nav2 Humble, Ros2 | 2024-12-06 | 7.5 High |
| Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to change dynamic parameters. | ||||
| CVE-2024-38920 | 1 Open Robotics | 2 Nav2 Humble, Ros2 | 2024-12-06 | 9.1 Critical |
| Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggerd via remotely sending a request for change the value of dynamic-parameter`/amcl max_beams` . | ||||
| CVE-2022-22630 | 1 Apple | 2 Mac Os X, Macos | 2024-12-06 | 9.8 Critical |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution | ||||
| CVE-2023-32412 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-05 | 9.8 Critical |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. | ||||
| CVE-2024-20792 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2024-12-05 | 7.8 High |
| Illustrator versions 28.4, 27.9.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-32387 | 1 Apple | 1 Macos | 2024-12-05 | 9.8 Critical |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. | ||||
| CVE-2023-32398 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-05 | 7.8 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2023-25002 | 1 Autodesk | 4 3ds Max, Navisworks, Revit and 1 more | 2024-12-05 | 7.8 High |
| A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | ||||
| CVE-2023-25001 | 1 Autodesk | 1 Navisworks | 2024-12-05 | 7.8 High |
| A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | ||||