Total
3445 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34886 | 1 Bentley | 2 Bentley View, Microstation | 2022-01-14 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14839. | |||||
| CVE-2021-34884 | 1 Bentley | 2 Bentley View, Microstation | 2022-01-14 | 4.3 MEDIUM | 3.3 LOW |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-14837. | |||||
| CVE-2021-34879 | 1 Bentley | 2 Bentley View, Microstation | 2022-01-14 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14832. | |||||
| CVE-2021-34872 | 1 Bentley | 2 Bentley View, Microstation | 2022-01-14 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14737. | |||||
| CVE-2021-40566 | 1 Gpac | 1 Gpac | 2022-01-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service. | |||||
| CVE-2021-41043 | 1 Tcpdump | 1 Tcpslice | 2022-01-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact. | |||||
| CVE-2021-30337 | 1 Qualcomm | 420 Apq8009, Apq8009 Firmware, Apq8009w and 417 more | 2022-01-12 | 7.2 HIGH | 7.8 HIGH |
| Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-45701 | 1 Linuxfoundation | 1 Tremor-script | 2022-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A patch operation may result in a use-after-free. | |||||
| CVE-2021-45702 | 1 Linuxfoundation | 1 Tremor-script | 2022-01-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the tremor-script crate before 0.11.6 for Rust. A merge operation may result in a use-after-free. | |||||
| CVE-2021-45716 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_collation has a use-after-free. | |||||
| CVE-2021-45715 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_window_function has a use-after-free. | |||||
| CVE-2021-45714 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_aggregate_function has a use-after-free. | |||||
| CVE-2021-45713 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-06 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. create_scalar_function has a use-after-free. | |||||
| CVE-2021-45717 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. commit_hook has a use-after-free. | |||||
| CVE-2021-45718 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. rollback_hook has a use-after-free. | |||||
| CVE-2021-45719 | 1 Rusqlite Project | 1 Rusqlite | 2022-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and 0.26.x before 0.26.2 for Rust. update_hook has a use-after-free. | |||||
| CVE-2018-25027 | 1 Libpulse-binding Project | 1 Libpulse-binding | 2022-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_format_info can cause a use-after-free. | |||||
| CVE-2018-25028 | 1 Libpulse-binding Project | 1 Libpulse-binding | 2022-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the libpulse-binding crate before 1.2.1 for Rust. get_context can cause a use-after-free. | |||||
| CVE-2020-3886 | 1 Apple | 1 Mac Os X | 2022-01-04 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-42379 | 2 Busybox, Fedoraproject | 2 Busybox, Fedora | 2022-01-04 | 6.5 MEDIUM | 7.2 HIGH |
| A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function | |||||