Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-46587 1Bentley 3Microstation Microstation ConnectView Jun 17, 2026 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15381.Show less
CVE-2021-46582 1Bentley 3Microstation Microstation ConnectView Jun 17, 2026 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15376.Show less
CVE-2021-46580 1Bentley 3Microstation Microstation ConnectView Jun 17, 2026 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15374.Show less
CVE-2021-46579 1Bentley 3Microstation Microstation ConnectView Jun 17, 2026 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15373.Show less
CVE-2021-46578 1Bentley 3Microstation Microstation ConnectView Jun 17, 2026 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15372.Show less
CVE-2021-46575 1Bentley 3Microstation Microstation ConnectView Jun 17, 2026 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15369.Show less
CVE-2021-46573 1Bentley 3Microstation Microstation ConnectView Jun 17, 2026 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15367.Show less
CVE-2021-46571 1Bentley 3Microstation Microstation ConnectView Jun 17, 2026 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malici...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15365.Show less
CVE-2021-46567 1Bentley 3Microstation Microstation ConnectView Jun 17, 2026 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target mus...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15028.Show less
CVE-2022-0646 2Linux Netapp 9H300e Firmware H300s FirmwareH410c Firmware+6 more Jun 17, 2026 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user coul...Show more A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.Show less
CVE-2021-44968 1Iobit 1Advanced Systemcare Jun 17, 2026 Feb 18, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service...Show more A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 pro via requests sent in sequential order using the IOCTL driver codes, which could let a malicious user execute arbitrary code or a Denial of Service (system crash). IOCTL list: iobit_ioctl = [0x8001e01c, 0x8001e020, 0x8001e024, 0x8001e040,0x8001e044, 0x8001e048, 0x8001e04c, 0x8001e000, 0x8001e004, 0x8001e008, 0x8001e00c, 0x8001e010, 0x8001e014, 0x8001e018]Show less
CVE-2021-3760 4Debian FedoraprojectLinux+1 more 11Debian Linux FedoraH300e Firmware+8 more Jun 17, 2026 Feb 16, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.
CVE-2021-3752 6Debian FedoraprojectLinux+3 more 193scale Communications Cloud Native Core Binding Support FunctionCommunications Cloud Native Core Network Exposure Function+16 more Jun 17, 2026 Feb 16, 2022 N/A· v4 7.1 HIGH· v3 7.9 HIGH· v2 A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or...Show more A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.Show less
CVE-2021-22040 1Vmware 5Cloud Foundation EsxiFusion+2 more Jun 17, 2026 Feb 16, 2022 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code a...Show more VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.Show less
CVE-2022-0559 2Fedoraproject Radare 2Fedora Radare2 Jun 17, 2026 Feb 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
CVE-2022-25139 1F5 1Njs Jun 17, 2026 Feb 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njs_await_fulfilled.
CVE-2022-0581 3Debian FedoraprojectWireshark 3Debian Linux FedoraWireshark Jun 17, 2026 Feb 14, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
CVE-2022-0308 1Google 1Chrome Jun 17, 2026 Feb 12, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a craft...Show more Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.Show less
CVE-2022-0307 1Google 1Chrome Jun 17, 2026 Feb 12, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML...Show more Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.Show less
CVE-2022-0304 1Google 1Chrome Jun 17, 2026 Feb 12, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.

Previous 1...232233234...373 Next