Total
3445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6572 | 1 Google | 1 Chrome | 2021-01-21 | 9.3 HIGH | 8.8 HIGH |
| Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2020-25220 | 1 Linux | 1 Linux Kernel | 2021-01-20 | 7.2 HIGH | 7.8 HIGH |
| The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after-free because skcd->no_refcnt was not considered during a backport of a CVE-2020-14356 patch. This is related to the cgroups feature. | |||||
| CVE-2020-16045 | 1 Google | 2 Android, Chrome | 2021-01-19 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-27835 | 1 Linux | 1 Infiniband Hfi1 Driver | 2021-01-14 | 4.9 MEDIUM | 4.4 MEDIUM |
| A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system. | |||||
| CVE-2021-0342 | 1 Google | 1 Android | 2021-01-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. | |||||
| CVE-2021-0318 | 1 Google | 1 Android | 2021-01-13 | 7.2 HIGH | 7.8 HIGH |
| In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-8.1, Android-10, Android-11; Android ID: A-168211968. | |||||
| CVE-2021-0310 | 1 Google | 1 Android | 2021-01-13 | 7.2 HIGH | 7.8 HIGH |
| In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170212632. | |||||
| CVE-2021-0303 | 1 Google | 1 Android | 2021-01-13 | 6.9 MEDIUM | 7.0 HIGH |
| In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-11; Android ID: A-170407229. | |||||
| CVE-2019-20934 | 1 Linux | 1 Linux Kernel | 2021-01-12 | 5.4 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. | |||||
| CVE-2020-26972 | 1 Mozilla | 1 Firefox | 2021-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. This vulnerability affects Firefox < 84. | |||||
| CVE-2020-16018 | 1 Google | 1 Chrome | 2021-01-11 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in payments in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-16017 | 1 Google | 1 Chrome | 2021-01-11 | 6.8 MEDIUM | 9.6 CRITICAL |
| Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-35898 | 1 Actix | 1 Actix-utils | 2021-01-07 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. | |||||
| CVE-2020-35901 | 1 Actix | 1 Actix-http | 2021-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream. | |||||
| CVE-2020-35902 | 1 Actix | 1 Actix-codec | 2021-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed. | |||||
| CVE-2020-35862 | 1 Bitvec Project | 1 Bitvec | 2021-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free. | |||||
| CVE-2020-35899 | 1 Actix | 1 Actix-service | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. | |||||
| CVE-2020-35900 | 1 Array-queue Project | 1 Array-queue | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may lead to a use-after-free. | |||||
| CVE-2020-35923 | 1 Ordered-float Project | 1 Ordered-float | 2021-01-06 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN. | |||||
| CVE-2020-35917 | 1 Pyo3 Project | 1 Pyo3 | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From<Py<T>>. | |||||