Total
4955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0349 | 1 Google | 1 Android | 2021-02-23 | 7.2 HIGH | 6.7 MEDIUM |
| In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11; Patch ID: ALPS05362646. | |||||
| CVE-2020-12361 | 1 Intel | 1 Graphics Drivers | 2021-02-22 | 2.1 LOW | 5.5 MEDIUM |
| Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2019-17582 | 1 Libzip | 1 Libzip | 2021-02-16 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free in the _zip_dirent_read function of zip_dirent.c in libzip 1.2.0 allows attackers to have an unspecified impact by attempting to unzip a malformed ZIP archive. NOTE: the discoverer states "This use-after-free is triggered prior to the double free reported in CVE-2017-12858." | |||||
| CVE-2021-0332 | 1 Google | 1 Android | 2021-02-12 | 7.2 HIGH | 7.8 HIGH |
| In bootFinished of SurfaceFlinger.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-169256435 | |||||
| CVE-2021-0330 | 1 Google | 1 Android | 2021-02-12 | 7.2 HIGH | 7.8 HIGH |
| In add_user_ce and remove_user_ce of storaged.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in storaged with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11Android ID: A-170732441 | |||||
| CVE-2021-0335 | 1 Google | 1 Android | 2021-02-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In process of C2SoftHevcDec.cpp, there is a possible out of bounds write due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-160346309 | |||||
| CVE-2021-21138 | 1 Google | 1 Chrome | 2021-02-11 | 6.8 MEDIUM | 8.6 HIGH |
| Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file. | |||||
| CVE-2021-22304 | 1 Huawei | 2 Taurus-al00a, Taurus-al00a Firmware | 2021-02-10 | 2.1 LOW | 3.3 LOW |
| There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service. | |||||
| CVE-2019-19319 | 3 Linux, Opensuse, Redhat | 3 Linux Kernel, Leap, Enterprise Linux | 2021-02-09 | 4.4 MEDIUM | 6.5 MEDIUM |
| In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30. | |||||
| CVE-2021-26689 | 1 Google | 1 Android | 2021-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021). | |||||
| CVE-2020-36205 | 1 Xcb Project | 1 Xcb | 2021-02-03 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur. | |||||
| CVE-2020-27280 | 1 Deltaww | 1 Ispsoft | 2021-02-02 | 6.8 MEDIUM | 7.8 HIGH |
| A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution. | |||||
| CVE-2020-11148 | 1 Qualcomm | 246 Apq8017, Apq8053, Msm8917 and 243 more | 2021-01-29 | 7.2 HIGH | 6.7 MEDIUM |
| Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is deleted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2020-25220 | 1 Linux | 1 Linux Kernel | 2021-01-20 | 7.2 HIGH | 7.8 HIGH |
| The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature. | |||||
| CVE-2020-16045 | 1 Google | 2 Android, Chrome | 2021-01-19 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-27835 | 1 Linux | 1 Infiniband Hfi1 Driver | 2021-01-14 | 4.9 MEDIUM | 4.4 MEDIUM |
| A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system. | |||||
| CVE-2021-0342 | 1 Google | 1 Android | 2021-01-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. | |||||
| CVE-2021-0318 | 1 Google | 1 Android | 2021-01-13 | 7.2 HIGH | 7.8 HIGH |
| In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-8.1, Android-10, Android-11; Android ID: A-168211968. | |||||
| CVE-2021-0310 | 1 Google | 1 Android | 2021-01-13 | 7.2 HIGH | 7.8 HIGH |
| In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170212632. | |||||
| CVE-2021-0303 | 1 Google | 1 Android | 2021-01-13 | 6.9 MEDIUM | 7.0 HIGH |
| In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170407229. | |||||