Search
Total
3203 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26972 | 1 Mozilla | 1 Firefox | 2021-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 84. | |||||
| CVE-2020-16018 | 1 Google | 1 Chrome | 2021-01-11 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-16017 | 1 Google | 1 Chrome | 2021-01-11 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-35898 | 1 Actix | 1 Actix-utils | 2021-01-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. | |||||
| CVE-2020-35901 | 1 Actix | 1 Actix-http | 2021-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream. | |||||
| CVE-2020-35902 | 1 Actix | 1 Actix-codec | 2021-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed. | |||||
| CVE-2020-35862 | 1 Bitvec Project | 1 Bitvec | 2021-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free. | |||||
| CVE-2020-35899 | 1 Actix | 1 Actix-service | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. | |||||
| CVE-2020-35900 | 1 Array-queue Project | 1 Array-queue | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may lead to a use-after-free. | |||||
| CVE-2020-35923 | 1 Ordered-float Project | 1 Ordered-float | 2021-01-06 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN. | |||||
| CVE-2020-35917 | 1 Pyo3 Project | 1 Pyo3 | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From<Py<T>>. | |||||
| CVE-2020-35906 | 1 Rust-lang | 1 Futures-task | 2021-01-06 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation. | |||||
| CVE-2018-25001 | 1 Libpulse-binding Project | 1 Libpulse-binding | 2021-01-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a use-after-free. | |||||
| CVE-2020-13904 | 1 Ffmpeg | 1 Ffmpeg | 2021-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. | |||||
| CVE-2020-9093 | 1 Huawei | 2 Taurus-al00a, Taurus-al00a Firmware | 2020-12-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would compromise normal service. | |||||
| CVE-2020-13584 | 2 Fedoraproject, Webkitgtk | 2 Fedora, Webkitgtk | 2020-12-23 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. | |||||
| CVE-2020-15436 | 1 Linux | 1 Linux Kernel | 2020-12-18 | 7.2 HIGH | 6.7 MEDIUM |
| Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | |||||
| CVE-2020-27067 | 1 Google | 1 Android | 2020-12-17 | 4.4 MEDIUM | 6.4 MEDIUM |
| In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173 | |||||
| CVE-2020-0466 | 1 Google | 1 Android | 2020-12-15 | 7.2 HIGH | 7.8 HIGH |
| In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel | |||||
| CVE-2016-9923 | 1 Qemu | 1 Qemu | 2020-12-14 | 2.1 LOW | 5.5 MEDIUM |
| Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS. | |||||
| CVE-2020-16600 | 1 Artifex | 1 Mupdf | 2020-12-14 | 6.8 MEDIUM | 7.8 HIGH |
| A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer. | |||||
| CVE-2019-19377 | 1 Linux | 1 Linux Kernel | 2020-12-11 | 6.8 MEDIUM | 7.8 HIGH |
| In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. | |||||
| CVE-2019-19770 | 1 Linux | 1 Linux Kernel | 2020-12-11 | 6.4 MEDIUM | 8.2 HIGH |
| ** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace. | |||||
| CVE-2020-26959 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-26960 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-12-10 | 9.3 HIGH | 8.8 HIGH |
| If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-9950 | 1 Apple | 5 Ipados, Iphone Os, Safari and 2 more | 2020-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-26950 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-12-09 | 9.3 HIGH | 8.8 HIGH |
| In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2. | |||||
| CVE-2020-9981 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-12-09 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted file may lead to arbitrary code execution. | |||||
| CVE-2020-14381 | 1 Linux | 1 Linux Kernel | 2020-12-08 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-27207 | 1 Zetetic | 1 Sqlcipher | 2020-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read. | |||||
| CVE-2020-4004 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2020-12-03 | 4.6 MEDIUM | 8.2 HIGH |
| VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | |||||
| CVE-2020-28951 | 1 Openwrt | 1 Openwrt | 2020-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names. This is related to uci_parse_package in file.c and uci_strdup in util.c. | |||||
| CVE-2020-8750 | 1 Intel | 1 Trusted Execution Engine | 2020-11-30 | 4.6 MEDIUM | 7.8 HIGH |
| Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-2393 | 1 Mongodb | 1 Mongodb | 2020-11-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations. This issue affects: MongoDB Inc. MongoDB Server v4.2 versions prior to 4.2.1; v4.0 versions prior to 4.0.13; v3.6 versions prior to 3.6.15. | |||||
| CVE-2018-9958 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2020-11-28 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620. | |||||
| CVE-2020-12303 | 1 Intel | 2 Converged Security And Manageability Engine, Trusted Execution Technology | 2020-11-24 | 4.6 MEDIUM | 7.8 HIGH |
| Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. | |||||
| CVE-2020-10760 | 4 Canonical, Fedoraproject, Opensuse and 1 more | 4 Ubuntu Linux, Fedora, Leap and 1 more | 2020-11-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. | |||||
| CVE-2020-11175 | 1 Qualcomm | 62 Apq8009w, Apq8009w Firmware, Msm8909w and 59 more | 2020-11-19 | 7.2 HIGH | 7.8 HIGH |
| u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009W, MSM8909W, QCS605, QM215, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6350, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P | |||||
| CVE-2016-10051 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2020-11-16 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in the ReadPWPImage function in coders/pwp.c in ImageMagick 6.9.5-5 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file. | |||||
| CVE-2017-8246 | 1 Google | 1 Android | 2020-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used. | |||||
| CVE-2020-1909 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2020-11-06 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold. | |||||
| CVE-2020-3696 | 1 Qualcomm | 46 Apq8009, Apq8009 Firmware, Apq8017 and 43 more | 2020-11-06 | 4.6 MEDIUM | 7.8 HIGH |
| u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8996AU, QCA4531, QCA6574AU, QCA9531, QCM2150, QCS605, SDM429W, SDX20, SDX24 | |||||
| CVE-2020-15993 | 1 Google | 2 Android, Chrome | 2020-11-04 | 6.8 MEDIUM | 9.8 CRITICAL |
| Use after free in printing in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-15994 | 1 Google | 2 Android, Chrome | 2020-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-15996 | 1 Google | 2 Android, Chrome | 2020-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-15997 | 1 Google | 2 Android, Chrome | 2020-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-15998 | 1 Google | 2 Android, Chrome | 2020-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-3851 | 1 Apple | 1 Mac Os X | 2020-11-03 | 6.8 MEDIUM | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to gain elevated privileges. | |||||
| CVE-2020-15678 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-11-02 | 6.8 MEDIUM | 8.8 HIGH |
| When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | |||||
| CVE-2019-19448 | 1 Linux | 1 Linux Kernel | 2020-11-02 | 6.8 MEDIUM | 7.8 HIGH |
| In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. | |||||