Vulnerabilities > Use After Free
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-24260 | Use After Free vulnerability in Ireader Media-Server 1.0.0 media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c. | 7.5 |
| 2024-02-05 | CVE-2024-24262 | Use After Free vulnerability in Ireader Media-Server 1.0.0 media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c. | 7.5 |
| 2024-02-05 | CVE-2024-24263 | Use After Free vulnerability in Chendotjs Lotos Webserver 0.1.1 Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c. | 7.5 |
| 2024-02-05 | CVE-2024-24266 | Use After Free vulnerability in Gpac 2.2.1 gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c. | 7.5 |
| 2024-02-05 | CVE-2023-5249 | Use After Free vulnerability in ARM products Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper memory processing operations to exploit a software race condition. | 7.0 |
| 2024-02-04 | CVE-2020-36773 | Use After Free vulnerability in Artifex Ghostscript Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). | 9.8 |
| 2024-02-04 | CVE-2024-25062 | Use After Free vulnerability in Xmlsoft Libxml2 An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. | 7.5 |
| 2024-02-02 | CVE-2024-21860 | Use After Free vulnerability in Openatom Openharmony in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. | 8.8 |
| 2024-01-31 | CVE-2024-1085 | Use After Free vulnerability in Linux Kernel A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7. | 7.8 |
| 2024-01-31 | CVE-2024-1086 | Use After Free vulnerability in multiple products A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. | 7.8 |