Total
5500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32033 | 1 Microsoft | 8 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 5 more | 2024-08-02 | 6.6 Medium |
| Microsoft Failover Cluster Remote Code Execution Vulnerability | ||||
| CVE-2023-32018 | 1 Microsoft | 2 Windows 11 22h2, Windows 11 22h2 | 2024-08-02 | 7.8 High |
| Windows Hello Remote Code Execution Vulnerability | ||||
| CVE-2023-31725 | 1 Yasm Project | 1 Yasm | 2024-08-02 | 5.5 Medium |
| yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c. | ||||
| CVE-2023-31518 | 1 Teeworlds | 1 Teeworlds | 2024-08-02 | 5.5 Medium |
| A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file. | ||||
| CVE-2023-31248 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-08-02 | 7.8 High |
| Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace | ||||
| CVE-2023-31566 | 1 Podofo Project | 1 Podofo | 2024-08-02 | 8.8 High |
| Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). | ||||
| CVE-2023-30772 | 1 Linux | 1 Linux Kernel | 2024-08-02 | 6.4 Medium |
| The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. | ||||
| CVE-2023-30549 | 3 Lfprojects, Redhat, Sylabs | 3 Apptainer, Enterprise Linux, Singularity | 2024-08-02 | 7.1 High |
| Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation. Apptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs. Some workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf. This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts. (Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files. The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed. | ||||
| CVE-2023-30612 | 1 Cloudhypervisor | 1 Cloud Hypervisor | 2024-08-02 | 4 Medium |
| Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily crashed, causing Deny-of-Service (DoS). This can also be a potential Use-After-Free (UAF) vulnerability. Users require to have the write access to the API socket file to trigger this vulnerability. Impacted versions of Cloud Hypervisor include upstream main branch, v31.0, and v30.0. The vulnerability was initially detected by our `http_api_fuzzer` via oss-fuzz. This issue has been addressed in versions 30.1 and 31.1. Users unable to upgrade may mitigate this issue by ensuring the write access to the API socket file is granted to trusted users only. | ||||
| CVE-2023-30470 | 1 Facebook | 1 Hermes | 2024-08-02 | 9.8 Critical |
| A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | ||||
| CVE-2023-29543 | 1 Mozilla | 2 Firefox, Focus | 2024-08-02 | 8.8 High |
| An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | ||||
| CVE-2023-29536 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Focus and 6 more | 2024-08-02 | 8.8 High |
| An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. | ||||
| CVE-2023-29361 | 1 Microsoft | 9 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 6 more | 2024-08-02 | 7 High |
| Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | ||||
| CVE-2023-29325 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2024-08-02 | 8.1 High |
| Windows OLE Remote Code Execution Vulnerability | ||||
| CVE-2023-29365 | 1 Microsoft | 18 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 15 more | 2024-08-02 | 7.8 High |
| Windows Media Remote Code Execution Vulnerability | ||||
| CVE-2023-29328 | 1 Microsoft | 1 Teams | 2024-08-02 | 8.8 High |
| Microsoft Teams Remote Code Execution Vulnerability | ||||
| CVE-2023-29321 | 1 Adobe | 1 Animate | 2024-08-02 | 7.8 High |
| Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-29356 | 1 Microsoft | 7 Odbc Driver 17 For Sql Server, Odbc Driver 18 For Sql Server, Odbc Driver For Sql Server and 4 more | 2024-08-02 | 7.8 High |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
| CVE-2023-29330 | 1 Microsoft | 1 Teams | 2024-08-02 | 8.8 High |
| Microsoft Teams Remote Code Execution Vulnerability | ||||
| CVE-2023-29303 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-02 | 5.5 Medium |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||