Vulnerabilities (CVE)

Filtered by CWE-416
Total 5555 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6347 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2025-06-05 N/A 8.8 HIGH
Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-5068 1 Google 1 Chrome 2025-06-05 N/A 8.8 HIGH
Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-23090 1 Freebsd 1 Freebsd 2025-06-04 N/A 7.7 HIGH
The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case. An attacker may cause the reference count to overflow, leading to a use after free (UAF).
CVE-2025-27038 1 Qualcomm 88 Ar8031, Ar8031 Firmware, Csra6620 and 85 more 2025-06-04 N/A 7.5 HIGH
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
CVE-2022-34707 1 Microsoft 10 Windows 10, Windows 11, Windows 7 and 7 more 2025-06-04 N/A 7.8 HIGH
Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-34705 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2025-06-04 N/A 7.8 HIGH
Windows Defender Credential Guard Elevation of Privilege Vulnerability
CVE-2024-53015 2025-06-04 N/A 6.6 MEDIUM
Memory corruption while processing IOCTL command to handle buffers associated with a session.
CVE-2025-27031 2025-06-04 N/A 7.8 HIGH
memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
CVE-2024-26739 1 Linux 1 Linux Kernel 2025-06-04 N/A 7.8 HIGH
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcode to SHOT. If we have called tcf_mirred_forward(), however, the skb is out of our hands and returning SHOT will lead to UaF. Move the retval override to the error path which actually need it.
CVE-2022-49063 1 Linux 1 Linux Kernel 2025-06-04 N/A 7.8 HIGH
In the Linux kernel, the following vulnerability has been resolved: ice: arfs: fix use-after-free when freeing @rx_cpu_rmap The CI testing bots triggered the following splat: [ 718.203054] BUG: KASAN: use-after-free in free_irq_cpu_rmap+0x53/0x80 [ 718.206349] Read of size 4 at addr ffff8881bd127e00 by task sh/20834 [ 718.212852] CPU: 28 PID: 20834 Comm: sh Kdump: loaded Tainted: G S W IOE 5.17.0-rc8_nextqueue-devqueue-02643-g23f3121aca93 #1 [ 718.219695] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0012.070720200218 07/07/2020 [ 718.223418] Call Trace: [ 718.227139] [ 718.230783] dump_stack_lvl+0x33/0x42 [ 718.234431] print_address_description.constprop.9+0x21/0x170 [ 718.238177] ? free_irq_cpu_rmap+0x53/0x80 [ 718.241885] ? free_irq_cpu_rmap+0x53/0x80 [ 718.245539] kasan_report.cold.18+0x7f/0x11b [ 718.249197] ? free_irq_cpu_rmap+0x53/0x80 [ 718.252852] free_irq_cpu_rmap+0x53/0x80 [ 718.256471] ice_free_cpu_rx_rmap.part.11+0x37/0x50 [ice] [ 718.260174] ice_remove_arfs+0x5f/0x70 [ice] [ 718.263810] ice_rebuild_arfs+0x3b/0x70 [ice] [ 718.267419] ice_rebuild+0x39c/0xb60 [ice] [ 718.270974] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 718.274472] ? ice_init_phy_user_cfg+0x360/0x360 [ice] [ 718.278033] ? delay_tsc+0x4a/0xb0 [ 718.281513] ? preempt_count_sub+0x14/0xc0 [ 718.284984] ? delay_tsc+0x8f/0xb0 [ 718.288463] ice_do_reset+0x92/0xf0 [ice] [ 718.292014] ice_pci_err_resume+0x91/0xf0 [ice] [ 718.295561] pci_reset_function+0x53/0x80 <...> [ 718.393035] Allocated by task 690: [ 718.433497] Freed by task 20834: [ 718.495688] Last potentially related work creation: [ 718.568966] The buggy address belongs to the object at ffff8881bd127e00 which belongs to the cache kmalloc-96 of size 96 [ 718.574085] The buggy address is located 0 bytes inside of 96-byte region [ffff8881bd127e00, ffff8881bd127e60) [ 718.579265] The buggy address belongs to the page: [ 718.598905] Memory state around the buggy address: [ 718.601809] ffff8881bd127d00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 718.604796] ffff8881bd127d80: 00 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc [ 718.607794] >ffff8881bd127e00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 718.610811] ^ [ 718.613819] ffff8881bd127e80: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 718.617107] ffff8881bd127f00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc This is due to that free_irq_cpu_rmap() is always being called *after* (devm_)free_irq() and thus it tries to work with IRQ descs already freed. For example, on device reset the driver frees the rmap right before allocating a new one (the splat above). Make rmap creation and freeing function symmetrical with {request,free}_irq() calls i.e. do that on ifup/ifdown instead of device probe/remove/resume. These operations can be performed independently from the actual device aRFS configuration. Also, make sure ice_vsi_free_irq() clears IRQ affinity notifiers only when aRFS is disabled -- otherwise, CPU rmap sets and clears its own and they must not be touched manually.
CVE-2024-1077 2 Fedoraproject, Google 2 Fedora, Chrome 2025-06-03 N/A 8.8 HIGH
Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
CVE-2024-31578 2 Fedoraproject, Ffmpeg 2 Fedora, Ffmpeg 2025-06-03 N/A 7.5 HIGH
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
CVE-2023-43842 1 Aten 2 Pe6208, Pe6208 Firmware 2025-06-03 N/A 7.3 HIGH
Incorrect access control in the account management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter user and administrator accounts credentials via HTTP POST request.
CVE-2025-4516 2025-06-03 N/A N/A
There is an issue in CPython when using `bytes.decode("unicode_escape", error="ignore|replace")`. If you are not using the "unicode_escape" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.
CVE-2023-4387 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-06-03 N/A 7.1 HIGH
A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.
CVE-2025-5036 2025-06-02 N/A 7.8 HIGH
A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVE-2023-26226 2025-06-02 N/A N/A
A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682
CVE-2025-5283 1 Google 1 Chrome 2025-05-31 N/A 5.4 MEDIUM
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-43680 4 Debian, Fedoraproject, Libexpat Project and 1 more 18 Debian Linux, Fedora, Libexpat and 15 more 2025-05-30 N/A 7.5 HIGH
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVE-2022-40674 2 Debian, Libexpat Project 2 Debian Linux, Libexpat 2025-05-30 N/A 8.1 HIGH
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.