Total
4506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5984 | 1 Nvidia | 1 Virtual Gpu Manager | 2020-10-14 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | |||||
| CVE-2019-1741 | 1 Cisco | 1 Ios Xe | 2020-10-08 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Cisco Encrypted Traffic Analytics (ETA) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a logic error that exists when handling a malformed incoming packet, leading to access to an internal data structure after it has been freed. An attacker could exploit this vulnerability by sending crafted, malformed IP packets to an affected device. A successful exploit could allow the attacker to cause an affected device to reload, resulting in a DoS condition. | |||||
| CVE-2015-6673 | 1 Libpgf | 1 Libpgf | 2020-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. | |||||
| CVE-2020-26534 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2020-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution. | |||||
| CVE-2020-26539 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2020-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak). | |||||
| CVE-2020-15669 | 1 Mozilla | 2 Firefox Esr, Thunderbird | 2020-10-02 | 6.8 MEDIUM | 8.8 HIGH |
| When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12. | |||||
| CVE-2020-9084 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2020-09-29 | 4.6 MEDIUM | 6.5 MEDIUM |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use-after-free (UAF) vulnerability. An authenticated, local attacker may perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege and compromise the service. | |||||
| CVE-2018-8625 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2020-09-28 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | |||||
| CVE-2020-0268 | 1 Google | 1 Android | 2020-09-24 | 4.4 MEDIUM | 6.4 MEDIUM |
| In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643 | |||||
| CVE-2019-19543 | 1 Linux | 1 Linux Kernel | 2020-09-24 | 4.6 MEDIUM | 7.8 HIGH |
| In the Linux kernel before 5.1.6, there is a use-after-free in serial_ir_init_module() in drivers/media/rc/serial_ir.c. | |||||
| CVE-2019-20918 | 1 Inspircd | 1 Inspircd | 2020-09-15 | 6.8 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in InspIRCd 3 before 3.1.0. The silence module contains a use after free vulnerability. This vulnerability can be used for remote crashing of an InspIRCd server by any user able to fully connect to a server. | |||||
| CVE-2016-9401 | 3 Debian, Gnu, Redhat | 8 Debian Linux, Bash, Enterprise Linux Desktop and 5 more | 2020-09-14 | 2.1 LOW | 5.5 MEDIUM |
| popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address. | |||||
| CVE-2020-11120 | 1 Qualcomm | 44 Apq8096au, Apq8096au Firmware, Apq8098 and 41 more | 2020-09-14 | 4.6 MEDIUM | 7.8 HIGH |
| u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will lead to use after free scenario' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, APQ8098, Bitra, Kamorta, MSM8917, MSM8953, MSM8998, QCM2150, QCS405, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM632, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2020-5378 | 1 Dell | 2 G7 17 7790, G7 17 7790 Bios | 2020-09-14 | 7.2 HIGH | 6.8 MEDIUM |
| Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM). | |||||
| CVE-2020-5376 | 1 Dell | 2 Inspiron 7347, Inspiron 7347 Bios | 2020-09-14 | 7.2 HIGH | 6.8 MEDIUM |
| Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM). | |||||
| CVE-2020-11129 | 1 Qualcomm | 14 Bitra, Bitra Firmware, Kamorta and 11 more | 2020-09-14 | 7.2 HIGH | 7.8 HIGH |
| u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free' in Snapdragon Consumer IOT, Snapdragon Mobile in Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR2130 | |||||
| CVE-2020-11124 | 1 Qualcomm | 34 Mdm9607, Mdm9607 Firmware, Nicobar and 31 more | 2020-09-14 | 7.2 HIGH | 7.8 HIGH |
| u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2019-14117 | 1 Qualcomm | 22 Bitra, Bitra Firmware, Mdm9607 and 19 more | 2020-09-11 | 7.2 HIGH | 7.8 HIGH |
| u'Whenever the page list is updated via privileged user, the previous list elements are freed but are not deleted from the list which results in a use after free causing an unhandled page fault exception in rmnet driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MDM9607, QCS405, Saipan, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2019-20795 | 2 Canonical, Iproute2 Project | 2 Ubuntu Linux, Iproute2 | 2020-09-10 | 2.1 LOW | 4.4 MEDIUM |
| iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. | |||||
| CVE-2020-10720 | 1 Linux | 1 Linux Kernel | 2020-09-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. | |||||