Search
Total
3203 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30980 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2022-01-03 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-0002 | 1 Google | 1 Android | 2022-01-01 | 9.3 HIGH | 8.8 HIGH |
| In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711 | |||||
| CVE-2020-6379 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2022-01-01 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-0674 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2022-01-01 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. | |||||
| CVE-2020-16119 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2022-01-01 | 4.6 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196. | |||||
| CVE-2019-14586 | 2 Debian, Tianocore | 2 Debian Linux, Edk2 | 2022-01-01 | 5.2 MEDIUM | 8.0 HIGH |
| Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. | |||||
| CVE-2020-25656 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2022-01-01 | 1.9 LOW | 4.1 MEDIUM |
| A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2020-23856 | 2 Fedoraproject, Gnu | 2 Fedora, Cflow | 2022-01-01 | 2.1 LOW | 5.5 MEDIUM |
| Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee. | |||||
| CVE-2021-45291 | 1 Gpac | 1 Gpac | 2021-12-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. | |||||
| CVE-2020-8647 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2021-12-30 | 3.6 LOW | 6.1 MEDIUM |
| There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | |||||
| CVE-2020-8649 | 3 Debian, Linux, Opensuse | 3 Debian Linux, Linux Kernel, Leap | 2021-12-30 | 3.6 LOW | 5.9 MEDIUM |
| There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c. | |||||
| CVE-2020-6378 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-30 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in speech in Google Chrome prior to 79.0.3945.130 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30927 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-12-28 | 6.9 MEDIUM | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-45263 | 1 Gpac | 1 Gpac | 2021-12-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash. | |||||
| CVE-2021-45262 | 1 Gpac | 1 Gpac | 2021-12-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash. | |||||
| CVE-2021-0893 | 2 Google, Mediatek | 12 Android, Mt6873, Mt6875 and 9 more | 2021-12-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05687474. | |||||
| CVE-2021-0899 | 2 Google, Mediatek | 12 Android, Mt6873, Mt6875 and 9 more | 2021-12-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672059. | |||||
| CVE-2021-0898 | 2 Google, Mediatek | 12 Android, Mt6873, Mt6875 and 9 more | 2021-12-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05672107; Issue ID: ALPS05672071. | |||||
| CVE-2021-30809 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2021-12-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2021-39216 | 2 Bytecodealliance, Fedoraproject | 2 Wasmtime, Fedora | 2021-12-21 | 3.3 LOW | 6.3 MEDIUM |
| Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple `externref`s from the host to a Wasm instance at the same time, either by passing multiple `externref`s as arguments from host code to a Wasm function, or returning multiple `externref`s to Wasm from a multi-value return function defined in the host. If you do not have host code that matches one of these shapes, then you are not impacted. If Wasmtime's `VMExternRefActivationsTable` became filled to capacity after passing the first `externref` in, then passing in the second `externref` could trigger a garbage collection. However the first `externref` is not rooted until we pass control to Wasm, and therefore could be reclaimed by the collector if nothing else was holding a reference to it or otherwise keeping it alive. Then, when control was passed to Wasm after the garbage collection, Wasm could use the first `externref`, which at this point has already been freed. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. The bug has been fixed, and users should upgrade to Wasmtime 0.30.0. If you cannot upgrade Wasmtime yet, you can avoid the bug by disabling reference types support in Wasmtime by passing `false` to `wasmtime::Config::wasm_reference_types`. | |||||
| CVE-2020-10690 | 6 Canonical, Debian, Linux and 3 more | 33 Ubuntu Linux, Debian Linux, Linux Kernel and 30 more | 2021-12-20 | 4.4 MEDIUM | 6.4 MEDIUM |
| There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. | |||||
| CVE-2021-39656 | 1 Google | 1 Android | 2021-12-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel | |||||
| CVE-2021-39638 | 1 Google | 1 Android | 2021-12-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| In periodic_io_work_func of lwis_periodic_io.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195607566References: N/A | |||||
| CVE-2021-1048 | 1 Google | 1 Android | 2021-12-20 | 7.2 HIGH | 7.8 HIGH |
| In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204573007References: Upstream kernel | |||||
| CVE-2021-1042 | 1 Google | 1 Android | 2021-12-20 | 2.1 LOW | 4.4 MEDIUM |
| In dsi_panel_debugfs_read_cmdset of dsi_panel.c, there is a possible disclosure of freed kernel heap memory due to a use after free. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187851056References: N/A | |||||
| CVE-2021-1029 | 1 Google | 1 Android | 2021-12-17 | 4.6 MEDIUM | 7.8 HIGH |
| In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034677 | |||||
| CVE-2021-1028 | 1 Google | 1 Android | 2021-12-17 | 4.6 MEDIUM | 7.8 HIGH |
| In setClientStateLocked of SurfaceFlinger.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193034683 | |||||
| CVE-2021-0929 | 1 Google | 1 Android | 2021-12-17 | 7.2 HIGH | 7.8 HIGH |
| In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187527909References: Upstream kernel | |||||
| CVE-2021-37322 | 1 Gnu | 2 Binutils, Gcc | 2021-12-16 | 6.8 MEDIUM | 7.8 HIGH |
| GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. | |||||
| CVE-2016-0746 | 5 Apple, Canonical, Debian and 2 more | 5 Xcode, Ubuntu Linux, Debian Linux and 2 more | 2021-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. | |||||
| CVE-2021-37179 | 1 Siemens | 2 Solid Edge Se2021, Solid Edge Se2021 Firmware | 2021-12-16 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in Solid Edge SE2021 (All Versions < SE2021MP7). The PSKERNEL.dll library in affected application lacks proper validation while parsing user-supplied OBJ files that could lead to a use-after-free condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13777) | |||||
| CVE-2020-1752 | 3 Canonical, Gnu, Netapp | 8 Ubuntu Linux, Glibc, Active Iq Unified Manager and 5 more | 2021-12-15 | 3.7 LOW | 7.0 HIGH |
| A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. | |||||
| CVE-2020-12387 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-12-14 | 6.8 MEDIUM | 8.1 HIGH |
| A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | |||||
| CVE-2021-44433 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2021-12-14 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14900) | |||||
| CVE-2021-44447 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2021-12-14 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14911) | |||||
| CVE-2021-21157 | 4 Fedoraproject, Google, Linux and 1 more | 5 Fedora, Chrome, Linux Kernel and 2 more | 2021-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-21151 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-21150 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2021-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-30569 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30567 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture. | |||||
| CVE-2021-30574 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30573 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30572 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-20227 | 2 Oracle, Sqlite | 7 Communications Network Charging And Control, Enterprise Manager For Oracle Database, Jd Edwards Enterpriseone Tools and 4 more | 2021-12-10 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-30625 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30576 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30579 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30581 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30585 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30586 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2021-12-08 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||