Vulnerabilities (CVE)

Filtered by CWE-416
Total 5622 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-2156 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2042 2 Apple, Vim 2 Macos, Vim 2024-11-21 6.8 MEDIUM 7.8 HIGH
Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2011 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2007 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 N/A 8.8 HIGH
Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-29919 1 Intel 1 Virtual Raid On Cpu 2024-11-21 N/A 7.8 HIGH
Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-29794 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 HIGH 9.8 CRITICAL
The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality.
CVE-2022-29692 1 Unicorn-engine 1 Unicorn Engine 2024-11-21 6.8 MEDIUM 7.8 HIGH
Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function.
CVE-2022-29522 1 Fujielectric 2 V-server, V-sft 2024-11-21 6.8 MEDIUM 7.8 HIGH
Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
CVE-2022-29228 1 Envoyproxy 1 Envoy 2024-11-21 5.0 MEDIUM 7.5 HIGH
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue.
CVE-2022-29227 1 Envoyproxy 1 Envoy 2024-11-21 5.0 MEDIUM 7.5 HIGH
Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. Users unable to upgrade are advised to disable internal redirects if crashes are observed.
CVE-2022-28893 3 Debian, Linux, Netapp 22 Debian Linux, Linux Kernel, H300e and 19 more 2024-11-21 7.2 HIGH 7.8 HIGH
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.
CVE-2022-28849 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2024-11-21 6.8 MEDIUM 7.8 HIGH
Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-28842 3 Adobe, Apple, Microsoft 3 Bridge, Macos, Windows 2024-11-21 9.3 HIGH 7.8 HIGH
Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-28838 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 9.3 HIGH 7.8 HIGH
Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-28837 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-28835 3 Adobe, Apple, Microsoft 3 Incopy, Macos, Windows 2024-11-21 N/A 7.8 HIGH
Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-28824 2 Adobe, Microsoft 2 Framemaker, Windows 2024-11-21 9.3 HIGH 7.8 HIGH
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by a Use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-28823 2 Adobe, Microsoft 2 Framemaker, Windows 2024-11-21 9.3 HIGH 7.8 HIGH
Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by a Use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-28736 1 Gnu 1 Grub2 2024-11-21 N/A 6.4 MEDIUM
There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.
CVE-2022-28683 2 Foxit, Microsoft 3 Pdf Editor, Pdf Reader, Windows 2024-11-21 N/A 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deletePages method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16828.