| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root. |
| Use after free in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) |
| Use after free in PageInfo in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) |
| Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low) |
| Use after free in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) |
| Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) |
| Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Access of resource using incompatible type ('type confusion') in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network. |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
| Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |