Total
4506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35899 | 1 Actix | 1 Actix-service | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. | |||||
| CVE-2020-35900 | 1 Array-queue Project | 1 Array-queue | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may lead to a use-after-free. | |||||
| CVE-2020-35923 | 1 Ordered-float Project | 1 Ordered-float | 2021-01-06 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN. | |||||
| CVE-2020-35917 | 1 Pyo3 Project | 1 Pyo3 | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From<Py<T>>. | |||||
| CVE-2020-35906 | 1 Rust-lang | 1 Futures-task | 2021-01-06 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation. | |||||
| CVE-2018-25001 | 1 Libpulse-binding Project | 1 Libpulse-binding | 2021-01-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a use-after-free. | |||||
| CVE-2020-9093 | 1 Huawei | 2 Taurus-al00a, Taurus-al00a Firmware | 2020-12-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a use after free vulnerability in Taurus-AL00A versions 10.0.0.1(C00E1R1P1). A module does not deal with specific message properly, which makes a function refer to memory after it has been freed. Attackers can exploit this vulnerability by running a crafted application with common privilege. This would compromise normal service. | |||||
| CVE-2020-27067 | 1 Google | 1 Android | 2020-12-17 | 4.4 MEDIUM | 6.4 MEDIUM |
| In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173 | |||||
| CVE-2020-0466 | 1 Google | 1 Android | 2020-12-15 | 7.2 HIGH | 7.8 HIGH |
| In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel | |||||
| CVE-2016-9923 | 1 Qemu | 1 Qemu | 2020-12-14 | 2.1 LOW | 5.5 MEDIUM |
| Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS. | |||||
| CVE-2020-26959 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-26960 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-12-10 | 9.3 HIGH | 8.8 HIGH |
| If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-9950 | 1 Apple | 5 Ipados, Iphone Os, Safari and 2 more | 2020-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, tvOS 14.0, Safari 14.0, iOS 14.0 and iPadOS 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-14381 | 1 Linux | 1 Linux Kernel | 2020-12-08 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-27207 | 1 Zetetic | 1 Sqlcipher | 2020-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read. | |||||
| CVE-2020-4004 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2020-12-03 | 4.6 MEDIUM | 8.2 HIGH |
| VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. | |||||
| CVE-2020-8750 | 1 Intel | 1 Trusted Execution Engine | 2020-11-30 | 4.6 MEDIUM | 7.8 HIGH |
| Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-9958 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2020-11-28 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620. | |||||
| CVE-2020-12303 | 1 Intel | 2 Converged Security And Manageability Engine, Trusted Execution Technology | 2020-11-24 | 4.6 MEDIUM | 7.8 HIGH |
| Use after free in DAL subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access. | |||||
| CVE-2020-11175 | 1 Qualcomm | 62 Apq8009w, Apq8009w Firmware, Msm8909w and 59 more | 2020-11-19 | 7.2 HIGH | 7.8 HIGH |
| u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009W, MSM8909W, QCS605, QM215, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6350, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P | |||||