Total
4955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38498 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-11-04 | 5.0 MEDIUM | 7.5 HIGH |
| During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2. | |||||
| CVE-2020-14351 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2021-11-04 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2021-28562 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability when executing search queries through Javascript. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-6492 | 1 Google | 1 Chrome | 2021-11-03 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2021-22463 | 1 Huawei | 1 Harmonyos | 2021-11-01 | 2.1 LOW | 5.5 MEDIUM |
| A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this vulnerability to cause Kernel Information disclosure. | |||||
| CVE-2021-22466 | 1 Huawei | 1 Harmonyos | 2021-11-01 | 2.1 LOW | 5.5 MEDIUM |
| A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash. | |||||
| CVE-2021-37122 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2021-10-28 | 3.3 LOW | 6.5 MEDIUM |
| There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800. | |||||
| CVE-2021-38467 | 1 Auvesy | 1 Versiondog | 2021-10-27 | 5.5 MEDIUM | 8.1 HIGH |
| A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory regions will be freed and cause use-after-free condition. | |||||
| CVE-2021-0703 | 1 Google | 1 Android | 2021-10-26 | 7.2 HIGH | 6.8 MEDIUM |
| In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329 | |||||
| CVE-2021-30315 | 1 Qualcomm | 30 Mdm9628, Mdm9628 Firmware, Qca6564a and 27 more | 2021-10-26 | 7.2 HIGH | 7.8 HIGH |
| Improper handling of sensor HAL structure in absence of sensor can lead to use after free in Snapdragon Auto | |||||
| CVE-2021-0483 | 1 Google | 1 Android | 2021-10-26 | 4.4 MEDIUM | 7.8 HIGH |
| In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-153358911 | |||||
| CVE-2021-3455 | 1 Zephyrproject | 1 Zephyr | 2021-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp | |||||
| CVE-2021-0936 | 1 Google | 1 Android | 2021-10-26 | 4.6 MEDIUM | 7.8 HIGH |
| In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173789633References: Upstream kernel | |||||
| CVE-2021-0935 | 1 Google | 1 Android | 2021-10-26 | 7.2 HIGH | 6.7 MEDIUM |
| In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernel | |||||
| CVE-2021-0941 | 1 Google | 1 Android | 2021-10-26 | 7.2 HIGH | 6.7 MEDIUM |
| In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernel | |||||
| CVE-2021-40728 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-10-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-38438 | 1 Fatek | 1 Winproladder | 2021-10-21 | 6.8 MEDIUM | 7.8 HIGH |
| A use after free vulnerability in FATEK Automation WinProladder versions 3.30 and prior may be exploited when a valid user opens a malformed project file, which may allow arbitrary code execution. | |||||
| CVE-2020-22617 | 1 Ardour | 1 Ardour | 2021-10-15 | 7.5 HIGH | 9.8 CRITICAL |
| Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext. | |||||
| CVE-2021-0695 | 1 Google | 1 Android | 2021-10-08 | 2.1 LOW | 5.5 MEDIUM |
| In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-184018316References: Upstream kernel | |||||
| CVE-2021-0684 | 1 Google | 1 Android | 2021-10-08 | 4.6 MEDIUM | 7.8 HIGH |
| In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-179839665 | |||||