Vulnerabilities (CVE)

Filtered by CWE-416
Total 4506 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-21124 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-08 6.8 MEDIUM 9.6 CRITICAL
Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21120 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-08 6.8 MEDIUM 8.8 HIGH
Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21121 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-08 6.8 MEDIUM 9.6 CRITICAL
Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21122 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-08 6.8 MEDIUM 8.8 HIGH
Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21119 2 Google, Microsoft 2 Chrome, Edge Chromium 2021-03-08 6.8 MEDIUM 8.8 HIGH
Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-14528 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2021-03-04 4.3 MEDIUM 6.5 MEDIUM
The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file.
CVE-2013-4560 3 Debian, Lighttpd, Opensuse 3 Debian Linux, Lighttpd, Opensuse 2021-03-04 5.0 MEDIUM N/A
Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
CVE-2020-11147 1 Qualcomm 406 Aqt1000, Aqt1000 Firmware, Pm3003a and 403 more 2021-02-26 4.6 MEDIUM 6.7 MEDIUM
Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2021-27377 1 Yottadb 1 Yottadb 2021-02-25 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free.
CVE-2020-2758 2 Opensuse, Oracle 2 Leap, Vm Virtualbox 2021-02-25 4.6 MEDIUM 8.2 HIGH
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
CVE-2021-0365 1 Google 1 Android 2021-02-23 4.6 MEDIUM 6.7 MEDIUM
In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05454782.
CVE-2021-0349 1 Google 1 Android 2021-02-23 7.2 HIGH 6.7 MEDIUM
In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11; Patch ID: ALPS05362646.
CVE-2020-12361 1 Intel 1 Graphics Drivers 2021-02-22 2.1 LOW 5.5 MEDIUM
Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2019-17582 1 Libzip 1 Libzip 2021-02-16 7.5 HIGH 9.8 CRITICAL
A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858."
CVE-2021-0332 1 Google 1 Android 2021-02-12 7.2 HIGH 7.8 HIGH
In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-169256435
CVE-2021-0330 1 Google 1 Android 2021-02-12 7.2 HIGH 7.8 HIGH
In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-170732441
CVE-2021-0335 1 Google 1 Android 2021-02-12 4.3 MEDIUM 6.5 MEDIUM
In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160346309
CVE-2021-21138 1 Google 1 Chrome 2021-02-11 6.8 MEDIUM 8.6 HIGH
Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.
CVE-2021-22304 1 Huawei 2 Taurus-al00a, Taurus-al00a Firmware 2021-02-10 2.1 LOW 3.3 LOW
There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.
CVE-2019-19319 3 Linux, Opensuse, Redhat 3 Linux Kernel, Leap, Enterprise Linux 2021-02-09 4.4 MEDIUM 6.5 MEDIUM
In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30.