| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| the apipe driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed. |
| Memory corruption in Audio during a playback or a recording due to race condition between allocation and deallocation of graph object. |
| Memory corruption when IPC callback handle is used after it has been released during register callback by another thread. |
| Use after free in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). |
| Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through use after free. |
| A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution. |
| in OpenHarmony v4.0.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through use after free. |
| Windows DNS Server Remote Code Execution Vulnerability |
| Windows DNS Server Remote Code Execution Vulnerability |
| Windows DNS Server Remote Code Execution Vulnerability |
| Windows Domain Name Service Remote Code Execution Vulnerability |
| Windows DNS Server Remote Code Execution Vulnerability |
| Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability |
| Win32k Elevation of Privilege Vulnerability |
| A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. |
| yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c. |
| A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. |
| A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. |
