Total
6713 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-42365 | 1 Busybox | 1 Busybox | 2025-11-03 | N/A | 5.5 MEDIUM |
| A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. | |||||
| CVE-2023-42364 | 1 Busybox | 1 Busybox | 2025-11-03 | N/A | 5.5 MEDIUM |
| A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. | |||||
| CVE-2022-49043 | 1 Xmlsoft | 1 Libxml2 | 2025-11-03 | N/A | 8.1 HIGH |
| xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. | |||||
| CVE-2022-3134 | 2 Debian, Vim | 2 Debian Linux, Vim | 2025-11-03 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0389. | |||||
| CVE-2022-3099 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2025-11-03 | N/A | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 9.0.0360. | |||||
| CVE-2022-1616 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
| Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | |||||
| CVE-2021-4187 | 3 Apple, Fedoraproject, Vim | 4 Mac Os X, Macos, Fedora and 1 more | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Use After Free | |||||
| CVE-2021-4173 | 3 Apple, Fedoraproject, Vim | 4 Mac Os X, Macos, Fedora and 1 more | 2025-11-03 | 6.8 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Use After Free | |||||
| CVE-2021-42386 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function | |||||
| CVE-2021-42385 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function | |||||
| CVE-2021-42384 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function | |||||
| CVE-2021-42382 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function | |||||
| CVE-2021-42381 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function | |||||
| CVE-2021-42380 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function | |||||
| CVE-2021-42379 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | |||||
| CVE-2021-42378 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2025-11-03 | 6.5 MEDIUM | 7.2 HIGH |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function | |||||
| CVE-2025-5283 | 1 Google | 1 Chrome | 2025-11-03 | N/A | 5.4 MEDIUM |
| Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2025-47917 | 1 Arm | 1 Mbed Tls | 2025-11-03 | N/A | 8.9 HIGH |
| Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the function will free that pointer; however, the function does call mbedtls_asn1_free_named_data_list() on that argument, which performs a deep free(). As a result, application code that uses this function (relying only on documented behavior) is likely to still hold pointers to the memory blocks that were freed, resulting in a high risk of use-after-free or double-free. In particular, the two sample programs x509/cert_write and x509/cert_req are affected (use-after-free if the san string contains more than one DN). | |||||
| CVE-2025-37838 | 1 Linux | 1 Linux Kernel | 2025-11-03 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition In the ssi_protocol_probe() function, &ssi->work is bound with ssip_xmit_work(), In ssip_pn_setup(), the ssip_pn_xmit() function within the ssip_pn_ops structure is capable of starting the work. If we remove the module which will call ssi_protocol_remove() to make a cleanup, it will free ssi through kfree(ssi), while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | ssip_xmit_work ssi_protocol_remove | kfree(ssi); | | struct hsi_client *cl = ssi->cl; | // use ssi Fix it by ensuring that the work is canceled before proceeding with the cleanup in ssi_protocol_remove(). | |||||
| CVE-2025-37796 | 1 Linux | 1 Linux Kernel | 2025-11-03 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: wifi: at76c50x: fix use after free access in at76_disconnect The memory pointed to by priv is freed at the end of at76_delete_device function (using ieee80211_free_hw). But the code then accesses the udev field of the freed object to put the USB device. This may also lead to a memory leak of the usb device. Fix this by using udev from interface. | |||||