Total
6799 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21472 | 1 Qualcomm | 78 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 75 more | 2025-01-13 | 8.4 High |
| Memory corruption in Kernel while handling GPU operations. | ||||
| CVE-2023-29543 | 1 Mozilla | 2 Firefox, Focus | 2025-01-10 | 8.8 High |
| An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | ||||
| CVE-2024-33059 | 1 Qualcomm | 32 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 29 more | 2025-01-10 | 6.7 Medium |
| Memory corruption while processing frame command IOCTL calls. | ||||
| CVE-2023-25735 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-01-09 | 8.8 High |
| Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | ||||
| CVE-2017-18153 | 1 Qualcomm | 10 9206 Lte Modem, 9206 Lte Modem Firmware, Apq8017 and 7 more | 2025-01-09 | 6.8 Medium |
| A race condition exists in a driver potentially leading to a use-after-free condition. | ||||
| CVE-2023-25739 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-01-09 | 8.8 High |
| Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | ||||
| CVE-2023-29536 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Focus and 6 more | 2025-01-09 | 8.8 High |
| An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | ||||
| CVE-2023-28469 | 1 Arm | 2 Avalon Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-01-08 | 5.5 Medium |
| An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm's GPU Architecture Gen5 r41p0 through r42p0 before r43p0. | ||||
| CVE-2024-0155 | 1 Dell | 1 Digital Delivery | 2025-01-08 | 7 High |
| Dell Digital Delivery, versions prior to 5.2.0.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to application crash or execution of arbitrary code. | ||||
| CVE-2023-20744 | 3 Google, Linuxfoundation, Mediatek | 14 Android, Iot-yocto, Yocto and 11 more | 2025-01-07 | 6.7 Medium |
| In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519200. | ||||
| CVE-2022-33263 | 1 Qualcomm | 98 Aqt1000, Aqt1000 Firmware, Qam8255p and 95 more | 2025-01-07 | 6.7 Medium |
| Memory corruption due to use after free in Core when multiple DCI clients register and deregister. | ||||
| CVE-2023-28653 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2025-01-07 | 7.8 High |
| The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2024-56762 | 2025-01-07 | 7.0 High | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2023-33657 | 1 Emqx | 1 Nanomq | 2025-01-06 | 7.5 High |
| A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the file mqtt_msg.c. This vulnerability is caused by improper data tracing, and an attacker could exploit it to cause a denial of service attack. | ||||
| CVE-2023-34494 | 1 Emqx | 1 Nanomq | 2025-01-03 | 7.5 High |
| NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c. | ||||
| CVE-2023-35734 | 1 Santesoft | 1 Dicom Viewer Pro | 2025-01-03 | 6.5 Medium |
| Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21405. | ||||
| CVE-2023-34294 | 1 Santesoft | 1 Dicom Viewer Pro | 2025-01-03 | 6.5 Medium |
| Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21086. | ||||
| CVE-2023-32135 | 1 Santesoft | 2 Dicom Editor, Dicom Viewer Pro | 2025-01-03 | 6.5 Medium |
| Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18863. | ||||
| CVE-2023-32134 | 1 Santesoft | 2 Dicom Editor, Dicom Viewer Pro | 2025-01-03 | 8.8 High |
| Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM images. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15629. | ||||
| CVE-2024-27934 | 1 Deno | 1 Deno | 2025-01-03 | 8.4 High |
| Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. This bug is known to be exploitable for both `*const c_void` and `ExternalPointer` implementations. Version 1.40.3 fixes this issue. | ||||