Total
5947 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-11112 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-01-02 | N/A | 8.8 HIGH |
| Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-11113 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-8362 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2021-38023 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Use after free in Extensions in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-9120 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-01-02 | N/A | 8.8 HIGH |
| Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-9959 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
| CVE-2024-9957 | 2 Apple, Google | 2 Iphone Os, Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-9955 | 1 Google | 1 Chrome | 2025-01-02 | N/A | 8.8 HIGH |
| Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-36041 | 1 Microsoft | 4 365 Apps, Excel, Office and 1 more | 2025-01-01 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2023-36034 | 1 Microsoft | 1 Edge Chromium | 2025-01-01 | N/A | 7.3 HIGH |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||||
| CVE-2023-35618 | 1 Microsoft | 1 Edge Chromium | 2025-01-01 | N/A | 9.6 CRITICAL |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2023-36787 | 1 Microsoft | 1 Edge Chromium | 2025-01-01 | N/A | 8.8 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2023-36741 | 1 Microsoft | 1 Edge Chromium | 2025-01-01 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2023-36735 | 1 Microsoft | 1 Edge Chromium | 2025-01-01 | N/A | 9.6 CRITICAL |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2023-36562 | 1 Microsoft | 1 Edge Chromium | 2025-01-01 | N/A | 7.1 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2023-35382 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2025-01-01 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2023-28285 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-01-01 | N/A | 7.8 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2021-47427 | 1 Linux | 1 Linux Kernel | 2024-12-31 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix iscsi_task use after free Commit d39df158518c ("scsi: iscsi: Have abort handler get ref to conn") added iscsi_get_conn()/iscsi_put_conn() calls during abort handling but then also changed the handling of the case where we detect an already completed task where we now end up doing a goto to the common put/cleanup code. This results in a iscsi_task use after free, because the common cleanup code will do a put on the iscsi_task. This reverts the goto and moves the iscsi_get_conn() to after we've checked if the iscsi_task is valid. | |||||
| CVE-2023-52846 | 1 Linux | 1 Linux Kernel | 2024-12-31 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: hsr: Prevent use after free in prp_create_tagged_frame() The prp_fill_rct() function can fail. In that situation, it frees the skb and returns NULL. Meanwhile on the success path, it returns the original skb. So it's straight forward to fix bug by using the returned value. | |||||
| CVE-2023-52840 | 1 Linux | 1 Linux Kernel | 2024-12-31 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees "fn" so the dereference on the next line "fn->num_of_irqs" is a use after free. Move the put_device() to the end to fix this. | |||||