Total
6527 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33023 | 1 Qualcomm | 317 Ar8035, Ar8035 Firmware, Csra6620 and 314 more | 2024-11-20 | 8.4 High |
| Memory corruption while creating a fence to wait on timeline events, and simultaneously signal timeline events. | ||||
| CVE-2024-33028 | 1 Qualcomm | 279 Ar8035, Ar8035 Firmware, Csra6620 and 276 more | 2024-11-20 | 8.4 High |
| Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released. | ||||
| CVE-2024-33034 | 1 Qualcomm | 213 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 210 more | 2024-11-20 | 8.4 High |
| Memory corruption can occur if VBOs hold outdated or invalid GPU SMMU mappings, especially when the binding and reclaiming of memory buffers are performed at the same time. | ||||
| CVE-2023-4679 | 1 Gpac | 1 Gpac | 2024-11-19 | 5.9 Medium |
| A use after free vulnerability exists in GPAC version 2.3-DEV-revrelease, specifically in the gf_filterpacket_del function in filter_core/filter.c at line 38. This vulnerability can lead to a double-free condition, which may cause the application to crash. | ||||
| CVE-2023-4134 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-18 | 5.5 Medium |
| A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service. | ||||
| CVE-2024-49526 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2024-11-18 | 7.8 High |
| Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-39388 | 3 Adobe, Apple, Microsoft | 3 Substance 3d Stager, Macos, Windows | 2024-11-16 | 7.8 High |
| Substance3D - Stager versions 3.0.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2024-38424 | 1 Qualcomm | 240 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 237 more | 2024-11-16 | 7.8 High |
| Memory corruption during GNSS HAL process initialization. | ||||
| CVE-2024-8376 | 2 Eclipse, Redhat | 3 Mosquitto, Satellite, Satellite Capsule | 2024-11-15 | 7.5 High |
| In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. | ||||
| CVE-2024-40885 | 1 Intel | 1 M20ntp Firmware | 2024-11-15 | 7.5 High |
| Use after free in the UEFI firmware of some Intel(R) Server M20NTP BIOS may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-33033 | 1 Qualcomm | 56 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 53 more | 2024-11-08 | 6.7 Medium |
| Memory corruption while processing IOCTL calls to unmap the buffers. | ||||
| CVE-2024-33029 | 1 Qualcomm | 6 Qca6584au, Qca6584au Firmware, Qca6698aq and 3 more | 2024-11-08 | 6.7 Medium |
| Memory corruption while handling the PDR in driver for getting the remote heap maps. | ||||
| CVE-2024-33068 | 1 Qualcomm | 246 Ar8035, Ar8035 Firmware, Fastconnect 6900 and 243 more | 2024-11-07 | 7.5 High |
| Transient DOS while parsing fragments of MBSSID IE from beacon frame. | ||||
| CVE-2024-38421 | 1 Qualcomm | 157 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 7800 and 154 more | 2024-11-07 | 7.8 High |
| Memory corruption while processing GPU commands. | ||||
| CVE-2024-38419 | 1 Qualcomm | 299 Ar8035, Ar8035 Firmware, Csra6620 and 296 more | 2024-11-07 | 7.8 High |
| Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node. | ||||
| CVE-2024-38415 | 1 Qualcomm | 360 215 Mobile Platform, 215 Mobile Platform Firmware, Ar8035 and 357 more | 2024-11-07 | 7.8 High |
| Memory corruption while handling session errors from firmware. | ||||
| CVE-2024-47033 | 1 Google | 2 Android, Pixel | 2024-10-28 | 7.4 High |
| In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-47017 | 1 Google | 1 Android | 2024-10-28 | 7.8 High |
| In ufshc_scsi_cmd of ufs.c, there is a possible stack variable use after free due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-9954 | 1 Google | 1 Chrome | 2024-10-22 | 8.8 High |
| Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-7722 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2024-10-18 | 4.3 Medium |
| Foxit PDF Reader Doc Object Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-23702. | ||||