Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,456)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-37993 2Debian Google 2Chrome Debian Linux Nov 21, 2024 Nov 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in PDF Accessibility in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37988 2Debian Google 2Chrome Debian Linux Nov 21, 2024 Nov 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37987 2Debian Google 2Chrome Debian Linux Nov 21, 2024 Nov 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37985 2Debian Google 2Chrome Debian Linux Nov 21, 2024 Nov 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had convinced a user to allow for connection to debugger to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37983 2Debian Google 2Chrome Debian Linux Nov 21, 2024 Nov 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37982 2Debian Google 2Chrome Debian Linux Nov 21, 2024 Nov 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Incognito in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-37977 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Nov 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Garbage Collection in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-30809 1Apple 6Ipados Iphone OsMacos+3 more Nov 21, 2024 Oct 28, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code exec...Show more A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution.Show less
CVE-2021-22466 1Huawei 1Harmonyos Nov 21, 2024 Oct 28, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.
CVE-2021-22463 1Huawei 1Harmonyos Nov 21, 2024 Oct 28, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this vulnerability to cause Kernel Information disclosure.
CVE-2021-43057 2Linux Netapp 9H300e Firmware H300s FirmwareH410c Firmware+6 more Nov 21, 2024 Oct 28, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate...Show more An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task.Show less
CVE-2021-40125 1Cisco 10Adaptive Security Appliance Software Asa 5505 FirmwareAsa 5512 X Firmware+7 more Nov 21, 2024 Oct 27, 2021 N/A· v4 6.5 MEDIUM· v3 6.3 MEDIUM· v2 A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote att...Show more A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. This vulnerability is due to improper control of a resource. An attacker with the ability to spoof a trusted IKEv2 site-to-site VPN peer and in possession of valid IKEv2 credentials for that peer could exploit this vulnerability by sending malformed, authenticated IKEv2 messages to an affected device. A successful exploit could allow the attacker to trigger a reload of the device.Show less
CVE-2021-37122 1Huawei 4Cloudengine 12800 Firmware Cloudengine 5800 FirmwareCloudengine 6800 Firmware+1 more Nov 21, 2024 Oct 27, 2021 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions in...Show more There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800.Show less
CVE-2021-0941 1Google 1Android Nov 21, 2024 Oct 25, 2021 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed...Show more In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References: Upstream kernelShow less
CVE-2021-0936 1Google 1Android Nov 21, 2024 Oct 25, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...Show more In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-173789633References: Upstream kernelShow less
CVE-2021-0935 1Google 1Android Nov 21, 2024 Oct 25, 2021 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for e...Show more In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References: Upstream kernelShow less
CVE-2021-0703 1Google 1Android Nov 21, 2024 Oct 22, 2021 N/A· v4 6.8 MEDIUM· v3 7.2 HIGH· v2 In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional...Show more In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329Show less
CVE-2021-0483 1Google 1Android Nov 21, 2024 Oct 22, 2021 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for...Show more In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-153358911Show less
CVE-2021-38467 1Auvesy 1Versiondog Nov 21, 2024 Oct 22, 2021 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 A specific function code receives a raw pointer supplied by the user and deallocates this pointer. The user can then control what memory regions will be freed and cause use-after-free condition.
CVE-2021-30315 1Qualcomm 15Mdm9628 Firmware Qca6564a FirmwareQca6564au Firmware+12 more Nov 21, 2024 Oct 20, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Improper handling of sensor HAL structure in absence of sensor can lead to use after free in Snapdragon Auto

Previous 1...243244245...373 Next