| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption while encoding JPEG format. |
| Memory corruption while handling multiple IOCTL calls from userspace to operate DMA operations. |
| Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. |
| In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution. |
| Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures occur. |
| Memory corruption while processing multiple IOCTL calls from HLOS to DSP. |
| Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
| Memory corruption may occur while initiating two IOCTL calls simultaneously to create processes from two different threads. |
| Memory corruption while processing memory map or unmap IOCTL operations simultaneously. |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination. |
| Animate versions 24.0.7, 23.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Use after free in Windows DWM allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally. |
| Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
| Processing web content may lead to arbitrary code execution. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. The issue was addressed with improved memory handling. |
