Total
4955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0270 | 1 Juniper | 13 Junos, Ptx1000, Ptx10001-36mr and 10 more | 2021-04-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service (DoS) condition whereby one or more Flexible PIC Concentrators (FPCs) may restart. As this is a race condition situation this issue become more likely to be hit when network instability occurs, such as but not limited to BGP/IGP reconvergences, and/or further likely to occur when more active "traffic flows" are occurring through the device. When this issue occurs, it will cause one or more FPCs to restart unexpectedly. During FPC restarts core files will be generated. While the core file is generated traffic will be disrupted. Sustained receipt of large traffic flows and reconvergence-like situations may sustain the Denial of Service (DoS) situation. This issue affects: Juniper Networks Junos OS: 18.1 version 18.1R2 and later versions prior to 18.1R3-S10 on PTX Series, QFX10K Series. | |||||
| CVE-2020-36318 | 1 Rust-lang | 1 Rust | 2021-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free. | |||||
| CVE-2019-17541 | 1 Imagemagick | 1 Imagemagick | 2021-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. | |||||
| CVE-2016-3179 | 1 Miniupnp Project | 1 Minissdpd | 2021-04-19 | 2.1 LOW | 5.5 MEDIUM |
| The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 allows local users to cause a denial of service (invalid free and daemon crash) via vectors related to error handling. | |||||
| CVE-2016-7835 | 2 Dena, H2o Project | 2 H2o, H2o | 2021-04-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| Use-after-free vulnerability in H2O allows remote attackers to cause a denial-of-service (DoS) or obtain server certificate private keys and possibly other information. | |||||
| CVE-2021-0429 | 1 Google | 1 Android | 2021-04-16 | 4.6 MEDIUM | 7.8 HIGH |
| In pollOnce of ALooper.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-175074139 | |||||
| CVE-2021-0442 | 1 Google | 1 Android | 2021-04-16 | 4.6 MEDIUM | 7.8 HIGH |
| In updateInfo of android_hardware_input_InputApplicationHandle.cpp, there is a possible control of code flow due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174768985 | |||||
| CVE-2020-11234 | 1 Qualcomm | 674 Apq8009, Apq8009 Firmware, Apq8009w and 671 more | 2021-04-12 | 7.2 HIGH | 7.8 HIGH |
| When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-1764 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service. | |||||
| CVE-2020-9926 | 1 Apple | 6 Icloud, Ipados, Iphone Os and 3 more | 2021-04-08 | 6.8 MEDIUM | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, iCloud for Windows 7.20, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. | |||||
| CVE-2020-9975 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-04-07 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-29935 | 1 Rocket | 1 Rocket | 2021-04-06 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-after-free if a user-provided function panics. | |||||
| CVE-2020-7462 | 1 Freebsd | 1 Freebsd | 2021-04-02 | 4.9 MEDIUM | 5.5 MEDIUM |
| In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic. | |||||
| CVE-2021-27267 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-04-01 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12294. | |||||
| CVE-2021-27268 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-04-01 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 10.1.0.37527. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12295. | |||||
| CVE-2020-11309 | 1 Qualcomm | 802 Apq8009, Apq8009 Firmware, Apq8009w and 799 more | 2021-03-25 | 7.2 HIGH | 7.8 HIGH |
| Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-22321 | 1 Huawei | 28 Nip6300, Nip6300 Firmware, Nip6600 and 25 more | 2021-03-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| There is a use-after-free vulnerability in a Huawei product. A module cannot deal with specific operations in special scenarios. Attackers can exploit this vulnerability by performing malicious operations. This can cause memory use-after-free, compromising normal service. Affected product include some versions of NIP6300, NIP6600, NIP6800, S1700, S2700, S5700, S6700 , S7700, S9700, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500. | |||||
| CVE-2020-11290 | 1 Qualcomm | 656 Apq8009, Apq8009 Firmware, Apq8009w and 653 more | 2021-03-24 | 6.9 MEDIUM | 7.0 HIGH |
| Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2020-1900 | 1 Facebook | 1 Hhvm | 2021-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | |||||
| CVE-2020-0595 | 1 Intel | 2 Active Management Technology Firmware, Service Manager | 2021-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||