Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,455)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-21188 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Mar 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Blink in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21180 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Mar 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in tab search in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21179 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Mar 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Network Internals in Google Chrome on Linux prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21167 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Mar 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in bookmarks in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21162 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Mar 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebRTC in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21159 3Debian FedoraprojectGoogle 3Chrome Debian LinuxFedora Nov 21, 2024 Mar 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Heap buffer overflow in TabStrip in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3403 3Fedoraproject RedhatYtnef Project 3Enterprise Linux FedoraYtnef Nov 21, 2024 Mar 4, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
CVE-2020-13558 1Webkitgtk 1Webkitgtk Nov 21, 2024 Mar 3, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free.
CVE-2021-22662 1Fatek 1Fvdesigner Nov 21, 2024 Mar 3, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary c...Show more A use after free issue has been identified in Fatek FvDesigner Version 1.5.76 and prior in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.Show less
CVE-2020-25632 4Fedoraproject GnuNetapp+1 more 8Enterprise Linux Enterprise Linux Server AusEnterprise Linux Server Eus+5 more Nov 21, 2024 Mar 3, 2021 N/A· v4 8.2 HIGH· v3 7.2 HIGH· v2 A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-fr...Show more A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.Show less
CVE-2021-24070 1Microsoft 5365 Apps ExcelOffice+2 more Nov 21, 2024 Feb 25, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-24067 1Microsoft 5365 Apps ExcelOffice+2 more Nov 21, 2024 Feb 25, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-20226 2Linux Netapp 2Cloud Backup Linux Kernel Nov 21, 2024 Feb 23, 2021 N/A· v4 7.8 HIGH· v3 6.1 MEDIUM· v2 A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existe...Show more A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.Show less
CVE-2021-21157 3Fedoraproject GoogleMicrosoft 4Chrome EdgeEdge Chromium+1 more Nov 21, 2024 Feb 22, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21151 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Feb 22, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21150 2Fedoraproject Google 2Chrome Fedora Nov 21, 2024 Feb 22, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in Downloads in Google Chrome on Windows prior to 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-11277 1Qualcomm 161Pm3003a Firmware Pm4250 FirmwarePm6125 Firmware+158 more Nov 21, 2024 Feb 22, 2021 N/A· v4 7.4 HIGH· v3 6.9 MEDIUM· v2 Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2020-11272 1Qualcomm 348Apq8009 Firmware Apq8009w FirmwareApq8017 Firmware+345 more Nov 21, 2024 Feb 22, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdr...Show more Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesShow less
CVE-2020-11147 1Qualcomm 203Aqt1000 Firmware Pm3003a FirmwarePm456 Firmware+200 more Nov 21, 2024 Feb 22, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2021-27377 1Yottadb 1Yottadb Nov 21, 2024 Feb 18, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in the yottadb crate before 1.2.0 for Rust. For some memory-allocation patterns, ydb_subscript_next_st and ydb_subscript_prev_st have a use-after-free.

Previous 1...262263264...373 Next