Total
6576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3390 | 2 Linux, Netapp | 6 Linux Kernel, H300s, H410c and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
|
A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.
Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.
We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.
|
|||||
| CVE-2023-3297 | 2 Canonical, Linux | 3 Accountsservice, Ubuntu Linux, Linux Kernel | 2024-11-21 | N/A | 8.1 HIGH |
|
In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.
|
|||||
| CVE-2023-3269 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.
|
|||||
| CVE-2023-39562 | 1 Gpac | 1 Gpac | 2024-11-21 | N/A | 5.5 MEDIUM |
|
GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.
|
|||||
| CVE-2023-39549 | 1 Siemens | 1 Solid Edge | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted DWG file. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19562)
|
|||||
| CVE-2023-39355 | 2 Debian, Freerdp | 2 Debian Linux, Freerdp | 2024-11-21 | N/A | 7.0 HIGH |
|
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `context->planesBuffer`, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addr ...
Show More |
|||||
| CVE-2023-39129 | 1 Gnu | 1 Gdb | 2024-11-21 | N/A | 5.5 MEDIUM |
|
GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.
|
|||||
| CVE-2023-39070 | 1 Cppchecksolutions | 1 Cppcheck | 2024-11-21 | N/A | 7.8 HIGH |
|
An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934.
|
|||||
| CVE-2023-38748 | 1 Omron | 1 Cx-programmer | 2024-11-21 | N/A | 7.8 HIGH |
|
Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.
|
|||||
| CVE-2023-38669 | 1 Paddlepaddle | 1 Paddlepaddle | 2024-11-21 | N/A | 8.3 HIGH |
|
Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.
|
|||||
| CVE-2023-38598 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2023-38243 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-38238 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-38230 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-38228 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-38227 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-38225 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-38224 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-38222 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-38216 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-38211 | 3 Adobe, Apple, Microsoft | 3 Dimension, Macos, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2023-38184 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
|
|||||
| CVE-2023-38169 | 1 Microsoft | 3 Odbc Driver For Sql Server, Ole Db Driver For Sql Server, Sql Server | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft SQL OLE DB Remote Code Execution Vulnerability
|
|||||
| CVE-2023-38166 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.1 HIGH |
|
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
|
|||||
| CVE-2023-38161 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows GDI Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-38075 | 1 Siemens | 3 Jt2go, Teamcenter Visualization, Tecnomatix Plant Simulation | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1), Tecnomatix Plant Simulation V2201 (All versions < V2201.0010), Tecnomatix Plant Simulation V2302 (All versions < V2302.0004). The affected app ...
Show More |
|||||
| CVE-2023-37454 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this.
|
|||||
| CVE-2023-37209 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 8.8 HIGH |
|
A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox < 115.
|
|||||
| CVE-2023-37202 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
|
|||||
| CVE-2023-37201 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
|
An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
|
|||||
| CVE-2023-37117 | 1 Live555 | 1 Live555 | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.
|
|||||
| CVE-2023-36902 | 1 Microsoft | 9 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 6 more | 2024-11-21 | N/A | 7.0 HIGH |
|
Windows Runtime Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36895 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Outlook Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36882 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36833 | 1 Juniper | 5 Junos Os Evolved, Ptx10001-36mr, Ptx10004 and 2 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).
The process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.
An indication ...
Show More |
|||||
| CVE-2023-36804 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows GDI Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36776 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.0 HIGH |
|
Win32k Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36760 | 1 Microsoft | 1 3d Viewer | 2024-11-21 | N/A | 7.8 HIGH |
|
3D Viewer Remote Code Execution Vulnerability
|
|||||
| CVE-2023-36743 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Win32k Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36726 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability
|
|||||