Total
5622 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-2603 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-2602 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
io_uring UAF, Unix SCM garbage collection | |||||
CVE-2022-2588 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | |||||
CVE-2022-2585 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. | |||||
CVE-2022-2526 | 2 Netapp, Systemd Project | 10 Active Iq Unified Manager, H300s, H300s Firmware and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later. | |||||
CVE-2022-2481 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction. | |||||
CVE-2022-2480 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-2478 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-2477 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-2453 | 1 Gpac | 1 Gpac | 2024-11-21 | N/A | 7.8 HIGH |
Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV. | |||||
CVE-2022-2399 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-2345 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
Use After Free in GitHub repository vim/vim prior to 9.0.0046. | |||||
CVE-2022-2327 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.5 HIGH |
io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859 | |||||
CVE-2022-2318 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | |||||
CVE-2022-2296 | 2 Fedoraproject, Google | 4 Extra Packages For Enterprise Linux, Fedora, Chrome and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. | |||||
CVE-2022-2289 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
Use After Free in GitHub repository vim/vim prior to 9.0. | |||||
CVE-2022-2163 | 2 Fedoraproject, Google | 3 Extra Packages For Enterprise Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. | |||||
CVE-2022-2161 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
CVE-2022-2158 | 2 Fedoraproject, Google | 3 Extra Packages For Enterprise Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-2157 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. |