Total
6576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27035 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking. This could lead to local information disclosure in the media codec with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152239213
|
|||||
| CVE-2020-26972 | 1 Mozilla | 1 Firefox | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 84.
|
|||||
| CVE-2020-26960 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
If the Compact() method was called on an nsTArray, the array could have been reallocated without updating other pointers, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
|
|||||
| CVE-2020-26959 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
During browser shutdown, reference decrementing could have occured on a previously freed object, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
|
|||||
| CVE-2020-26950 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
|
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.
|
|||||
| CVE-2020-26539 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. When there is a multiple interpretation error for /V (in the Additional Action and Field dictionaries), a use-after-free can occur with resultant remote code execution (or an information leak).
|
|||||
| CVE-2020-26534 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is an Opt object use-after-free related to Field::ClearItems and Field::DeleteOptions, during AcroForm JavaScript execution.
|
|||||
| CVE-2020-25725 | 2 Fedoraproject, Xpdfreader | 2 Fedora, Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
|
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.
|
|||||
| CVE-2020-25671 | 4 Debian, Fedoraproject, Linux and 1 more | 23 Debian Linux, Fedora, Linux Kernel and 20 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-free which might lead to privilege escalations.
|
|||||
| CVE-2020-25670 | 4 Debian, Fedoraproject, Linux and 1 more | 23 Debian Linux, Fedora, Linux Kernel and 20 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations.
|
|||||
| CVE-2020-25669 | 3 Debian, Linux, Netapp | 21 Debian Linux, Linux Kernel, Cloud Backup and 18 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit causing Use After Free.
|
|||||
| CVE-2020-25663 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a subsequent heap-use-after-free or heap-buffer-overflow READ when GetPixelRed() or GetPixelBlue() was called. This could occur if an attacker is able to submit a malicious image file to be processed by ImageMagick and could lead to denial of service. It likely would not lead to anything further because the memory is used as pixel data and not e.g. a function pointer. This flaw affects ImageMagick ...
Show More |
|||||
| CVE-2020-25656 | 4 Debian, Linux, Redhat and 1 more | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
|
A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.
|
|||||
| CVE-2020-25632 | 4 Fedoraproject, Gnu, Netapp and 1 more | 8 Fedora, Grub2, Ontap Select Deploy Administration Utility and 5 more | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
|||||
| CVE-2020-25269 | 2 Debian, Inspircd | 2 Debian Linux, Inspircd | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server.
|
|||||
| CVE-2020-25220 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature.
|
|||||
| CVE-2020-25084 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 2.1 LOW | 3.2 LOW |
|
QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.
|
|||||
| CVE-2020-24438 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability that could result in a memory address leak. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2020-24437 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2020-24430 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a use-after-free vulnerability when handling malicious JavaScript. This vulnerability could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2020-24349 | 1 F5 | 1 Njs | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
|
|||||
| CVE-2020-24346 | 1 F5 | 1 Njs | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
|
|||||
| CVE-2020-24343 | 1 Artifex | 1 Mujs | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c.
|
|||||
| CVE-2020-24241 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.
|
|||||
| CVE-2020-24240 | 1 Gnu | 1 Bison | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.
|
|||||
| CVE-2020-23856 | 2 Fedoraproject, Gnu | 2 Fedora, Cflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.
|
|||||
| CVE-2020-23302 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0
|
|||||
| CVE-2020-22617 | 1 Ardour | 1 Ardour | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.
|
|||||
| CVE-2020-21913 | 2 Debian, Unicode | 2 Debian Linux, International Components For Unicode | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.
|
|||||
| CVE-2020-21722 | 1 Ogg Video Tools Project | 1 Ogg Video Tools | 2024-11-21 | N/A | 7.8 HIGH |
|
Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file.
|
|||||
| CVE-2020-21697 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
|
|||||
| CVE-2020-21688 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
|
|||||
| CVE-2020-1983 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 2.1 LOW | 7.5 HIGH |
|
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
|
|||||
| CVE-2020-1909 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold.
|
|||||
| CVE-2020-1900 | 1 Facebook | 1 Hhvm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0.
|
|||||
| CVE-2020-1897 | 1 Facebook | 1 Proxygen | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00.
|
|||||
| CVE-2020-1799 | 1 Huawei | 2 E6878-370, E6878-370 Firmware | 2024-11-21 | 5.4 MEDIUM | 7.5 HIGH |
|
E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00), 10.0.3.1(H563SP1C233) has a use after free vulnerability. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could cause a use after free condition which may lead to malicious code execution.
|
|||||
| CVE-2020-1752 | 4 Canonical, Debian, Gnu and 1 more | 9 Ubuntu Linux, Debian Linux, Glibc and 6 more | 2024-11-21 | 3.7 LOW | 7.0 HIGH |
|
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.
|
|||||
| CVE-2020-1712 | 3 Debian, Redhat, Systemd Project | 7 Debian Linux, Ceph Storage, Discovery and 4 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages.
|
|||||
| CVE-2020-1602 | 1 Juniper | 1 Junos | 2024-11-21 | 8.3 HIGH | 7.1 HIGH |
|
When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 ver ...
Show More |
|||||