Vulnerabilities (CVE)

Filtered by CWE-416
Total 6030 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22628 1 Apple 6 Ipad Os, Iphone Os, Macos and 3 more 2025-05-22 N/A 8.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to arbitrary code execution.
CVE-2022-2852 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-22 N/A 8.8 HIGH
Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30337 1 Qualcomm 420 Apq8009, Apq8009 Firmware, Apq8009w and 417 more 2025-05-22 7.2 HIGH 8.4 HIGH
Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CVE-2022-3046 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-22 N/A 8.8 HIGH
Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2855 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-22 N/A 8.8 HIGH
Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-49168 1 Linux 1 Linux Kernel 2025-05-22 N/A 7.8 HIGH
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clean up repair bio if submit fails The submit helper will always run bio_endio() on the bio if it fails to submit, so cleaning up the bio just leads to a variety of use-after-free and NULL pointer dereference bugs because we race with the endio function that is cleaning up the bio. Instead just return BLK_STS_OK as the repair function has to continue to process the rest of the pages, and the endio for the repair bio will do the appropriate cleanup for the page that it was given.
CVE-2022-3196 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-21 N/A 8.8 HIGH
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2022-3197 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-21 N/A 8.8 HIGH
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2022-2859 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-21 N/A 8.8 HIGH
Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions.
CVE-2022-2858 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-21 N/A 8.8 HIGH
Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction.
CVE-2022-3055 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-21 N/A 8.8 HIGH
Use after free in Passwords in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3041 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-21 N/A 8.8 HIGH
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3039 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-21 N/A 8.8 HIGH
Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2998 1 Google 1 Chrome 2025-05-21 N/A 8.8 HIGH
Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-3199 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-21 N/A 8.8 HIGH
Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-3198 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-21 N/A 8.8 HIGH
Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
CVE-2022-3058 2 Fedoraproject, Google 2 Fedora, Chrome 2025-05-21 N/A 8.8 HIGH
Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interaction.
CVE-2022-22058 1 Qualcomm 158 Apq8009, Apq8009 Firmware, Apq8009w and 155 more 2025-05-21 N/A 8.4 HIGH
Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2022-41848 1 Linux 1 Linux Kernel 2025-05-20 N/A 4.2 MEDIUM
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.
CVE-2023-27348 1 Pdf-xchange 2 Pdf-tools, Pdf-xchange Editor 2025-05-20 N/A 7.8 HIGH
PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19108.