Total
5622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26757 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26717 | 1 Apple | 7 Ipados, Iphone Os, Itunes and 4 more | 2024-11-21 | N/A | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5, iTunes 12.12.4 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-26710 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | N/A | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, tvOS 15.5, watchOS 8.6. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-26709 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-26702 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-26453 | 2 Google, Mediatek | 17 Android, Mt6761, Mt6765 and 14 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In teei, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06664675; Issue ID: ALPS06664675. | |||||
| CVE-2022-26417 | 1 Omron | 1 Cx-position | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-26291 | 2 Debian, Long Range Zip Project | 2 Debian Linux, Long Range Zip | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| lrzip v0.641 was discovered to contain a multiple concurrency use-after-free between the functions zpaq_decompress_buf() and clear_rulist(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted Irz file. | |||||
| CVE-2022-25822 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 4.0 MEDIUM |
| An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. | |||||
| CVE-2022-25789 | 1 Autodesk | 10 Advance Steel, Autocad, Autocad Architecture and 7 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | |||||
| CVE-2022-25723 | 1 Qualcomm | 16 Sd 8 Gen1 5g Firmware, Sm8475, Wcd9380 and 13 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption in multimedia due to use after free during callback registration failure in Snapdragon Mobile | |||||
| CVE-2022-25693 | 1 Qualcomm | 29 Sd 8 Gen1 5g Firmware, Sm7450, Sm7450 Firmware and 26 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile | |||||
| CVE-2022-25666 | 1 Qualcomm | 296 Apq8096au, Apq8096au Firmware, Aqt1000 and 293 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2022-25325 | 1 Omron | 1 Cx-programmer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230. | |||||
| CVE-2022-25230 | 1 Omron | 1 Cx-programmer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25325. | |||||
| CVE-2022-25139 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled. | |||||
| CVE-2022-24960 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows. | |||||
| CVE-2022-24791 | 1 Bytecodealliance | 1 Wasmtime | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is disabled by default) then you are not affected. If you are explicitly disabling the Wasm reference types proposal (it is enabled by default) then you are also not affected. The use after free is caused by Cranelift failing to emit stack maps when there are safepoints inside cold blocks. Cold blocks occur when epoch interruption is enabled. Cold blocks are emitted at the end of compiled functions, and change the order blocks are emitted versus defined. This reordering accidentally caused Cranelift to skip emitting some stack maps because it expected to emit the stack maps in block definition order, rather than block emission order. When Wasmtime would eventually collect garbage, it would fail to find live references on the stack because of the missing stack maps, think that they were unreferenced garbage, and therefore reclaim them. Then after the collection ended, the Wasm code could use the reclaimed-too-early references, which is a use after free. Patches have been released in versions 0.34.2 and 0.35.2, which fix the vulnerability. All Wasmtime users are recommended to upgrade to these patched versions. If upgrading is not an option for you at this time, you can avoid the vulnerability by either: disabling the Wasm reference types proposal, config.wasm_reference_types(false); or by disabling epoch interruption if you were previously enabling it. config.epoch_interruption(false). | |||||
| CVE-2022-24576 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| GPAC 1.0.1 is affected by Use After Free through MP4Box. | |||||
| CVE-2022-24368 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16115. | |||||