Total
5611 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2318 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | |||||
| CVE-2022-2296 | 2 Fedoraproject, Google | 4 Extra Packages For Enterprise Linux, Fedora, Chrome and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions. | |||||
| CVE-2022-2289 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0. | |||||
| CVE-2022-2163 | 2 Fedoraproject, Google | 3 Extra Packages For Enterprise Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction. | |||||
| CVE-2022-2161 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2158 | 2 Fedoraproject, Google | 3 Extra Packages For Enterprise Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2157 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2156 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2042 | 2 Apple, Vim | 2 Macos, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-2011 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2007 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-29919 | 1 Intel | 1 Virtual Raid On Cpu | 2024-11-21 | N/A | 7.8 HIGH |
| Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-29794 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality. | |||||
| CVE-2022-29692 | 1 Unicorn-engine | 1 Unicorn Engine | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function. | |||||
| CVE-2022-29522 | 1 Fujielectric | 2 V-server, V-sft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2022-29228 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-29227 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. Users unable to upgrade are advised to disable internal redirects if crashes are observed. | |||||
| CVE-2022-28893 | 3 Debian, Linux, Netapp | 22 Debian Linux, Linux Kernel, H300e and 19 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. | |||||
| CVE-2022-28849 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-28842 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||