Total
5622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23584 | 1 Google | 1 Tensorflow | 2024-11-21 | 4.0 MEDIUM | 7.6 HIGH |
| Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-23459 | 1 Json\+\+ Project | 1 Json\+\+ | 2024-11-21 | N/A | 8.1 HIGH |
| Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. Users are advised to find a replacement. | |||||
| CVE-2022-23308 | 6 Apple, Debian, Fedoraproject and 3 more | 44 Ipados, Iphone Os, Mac Os X and 41 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | |||||
| CVE-2022-22942 | 1 Vmware | 1 Photon Os | 2024-11-21 | N/A | 7.8 HIGH |
| The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling 'file' pointer. | |||||
| CVE-2022-22669 | 1 Apple | 1 Macos | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-22667 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-22641 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. | |||||
| CVE-2022-22630 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | N/A | 9.8 CRITICAL |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution | |||||
| CVE-2022-22628 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-22624 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-22615 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-22614 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2022-22590 | 2 Apple, Webkitgtk | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2022-22533 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable. | |||||
| CVE-2022-22260 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability. | |||||
| CVE-2022-22252 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability. | |||||
| CVE-2022-22208 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | N/A | 5.9 MEDIUM |
| A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker's control and cannot be deterministically exploited. Continued flapping of BGP sessions can create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS: All versions prior to 18.4R2-S9, 18.4R3-S11; 19.1 versions prior to 19.1R3-S8; 19.2 version 19.2R1 and later versions; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R2-S1, 21.2R3. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. | |||||
| CVE-2022-22207 | 1 Juniper | 18 Junos, Mx10, Mx10000 and 15 more | 2024-11-21 | N/A | 7.5 HIGH |
| A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT) manager process (aftmand) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a kernel crash due to intensive polling of Abstracted Fabric (AF) interface statistics and thereby a Denial of Service (DoS). Continued gathering of AF interface statistics will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on MX Series: 20.1 versions later than 20.1R1; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R2. | |||||
| CVE-2022-22097 | 1 Qualcomm | 16 Qcs410, Qcs410 Firmware, Qcs610 and 13 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT | |||||
| CVE-2022-22095 | 1 Qualcomm | 98 Apq8053, Apq8053 Firmware, Msm8953 and 95 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption in synx driver due to use-after-free condition in the synx driver due to accessing object handles without acquiring lock in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||