Total
5500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33063 | 1 Qualcomm | 595 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 592 more | 2024-08-02 | 7.8 High |
| Memory corruption in DSP Services during a remote call from HLOS to DSP. | ||||
| CVE-2023-33074 | 1 Qualcomm | 120 Qam8255p, Qam8255p Firmware, Qam8295p and 117 more | 2024-08-02 | 8.4 High |
| Memory corruption in Audio when SSR event is triggered after music playback is stopped. | ||||
| CVE-2023-33094 | 1 Qualcomm | 250 Ar8035, Ar8035 Firmware, Csra6620 and 247 more | 2024-08-02 | 8.4 High |
| Memory corruption while running VK synchronization with KASAN enabled. | ||||
| CVE-2023-33029 | 1 Qualcomm | 264 Apq8009, Apq8009 Firmware, Ar8035 and 261 more | 2024-08-02 | 8.4 High |
| Memory corruption in DSP Service during a remote call from HLOS to DSP. | ||||
| CVE-2023-33039 | 1 Qualcomm | 42 Qam8295p, Qam8295p Firmware, Qam8650p and 39 more | 2024-08-02 | 8.4 High |
| Memory corruption in Automotive Display while destroying the image handle created using connected display driver. | ||||
| CVE-2023-33021 | 1 Qualcomm | 336 Apq8064au, Apq8064au Firmware, Aqt1000 and 333 more | 2024-08-02 | 8.4 High |
| Memory corruption in Graphics while processing user packets for command submission. | ||||
| CVE-2023-32616 | 1 Foxitsoftware | 1 Foxit Reader | 2024-08-02 | 8.8 High |
| A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | ||||
| CVE-2023-32398 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-08-02 | 7.8 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2023-32412 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-08-02 | 9.8 Critical |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. | ||||
| CVE-2023-32387 | 1 Apple | 1 Macos | 2024-08-02 | 9.8 Critical |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution. | ||||
| CVE-2023-31974 | 1 Tortall | 1 Yasm | 2024-08-02 | 5.5 Medium |
| yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. | ||||
| CVE-2023-31972 | 1 Tortall | 1 Yasm | 2024-08-02 | 5.5 Medium |
| yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. | ||||
| CVE-2023-29824 | 2 Redhat, Scipy | 2 Openshift, Scipy | 2024-08-02 | 9.8 Critical |
| A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue. | ||||
| CVE-2023-32373 | 3 Apple, Redhat, Webkitgtk | 8 Ipados, Iphone Os, Macos and 5 more | 2024-08-02 | 8.8 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | ||||
| CVE-2023-32378 | 1 Apple | 1 Macos | 2024-08-02 | 7.8 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2023-32269 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 6.7 Medium |
| An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability. | ||||
| CVE-2023-32233 | 3 Linux, Netapp, Redhat | 9 Linux Kernel, Hci Baseboard Management Controller, Enterprise Linux and 6 more | 2024-08-02 | 7.8 High |
| In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. | ||||
| CVE-2023-32172 | 2024-08-02 | N/A | ||
| Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the ImportXML function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20497. | ||||
| CVE-2023-32135 | 1 Santesoft | 1 Dicom Viewer Pro | 2024-08-02 | N/A |
| Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18863. | ||||
| CVE-2023-32038 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2024-08-02 | 8.8 High |
| Microsoft ODBC Driver Remote Code Execution Vulnerability | ||||