Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-416
Total 2516 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6354 1 Sap 1 3d Visual Enterprise Viewer 2021-12-03 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-6353 1 Sap 1 3d Visual Enterprise Viewer 2021-12-03 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2021-29093 1 Esri 1 Arcgis 2021-12-03 6.0 MEDIUM 6.8 MEDIUM
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
CVE-2021-21193 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-12-03 6.8 MEDIUM 8.8 HIGH
Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21167 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-12-03 6.8 MEDIUM 8.8 HIGH
Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21179 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2021-12-03 6.8 MEDIUM 8.8 HIGH
Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21180 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-12-03 6.8 MEDIUM 8.8 HIGH
Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21162 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-12-03 6.8 MEDIUM 8.8 HIGH
Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21191 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-12-03 6.8 MEDIUM 8.8 HIGH
Use after free in WebRTC in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21188 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2021-12-03 6.8 MEDIUM 8.8 HIGH
Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21900 1 Librecad 1 Libdxfrw 2021-12-03 6.8 MEDIUM 8.8 HIGH
A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2021-22930 2 Netapp, Nodejs 2 Nextgen Api, Node.js 2021-12-02 7.5 HIGH 9.8 CRITICAL
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
CVE-2021-30858 3 Apple, Debian, Fedoraproject 5 Ipados, Iphone Os, Macos and 2 more 2021-12-02 6.8 MEDIUM 8.8 HIGH
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2021-27037 1 Autodesk 1 Design Review 2021-12-02 6.8 MEDIUM 7.8 HIGH
A maliciously crafted PNG, PDF or DWF file in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be used to attempt to free an object that has already been freed while parsing them. This vulnerability can be exploited by remote attackers to execute arbitrary code.
CVE-2021-30512 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30510 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30515 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30514 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-02 6.8 MEDIUM 8.8 HIGH
Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6334 1 Sap 1 3d Visual Enterprise Viewer 2021-12-01 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2021-30525 2 Fedoraproject, Google 2 Fedora, Chrome 2021-12-01 6.8 MEDIUM 8.8 HIGH
Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.