Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CVEs (7,455)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-21122 2Google Microsoft 2Chrome Edge Chromium Nov 21, 2024 Feb 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21121 2Google Microsoft 2Chrome Edge Chromium Nov 21, 2024 Feb 9, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-21120 2Google Microsoft 2Chrome Edge Chromium Nov 21, 2024 Feb 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21119 2Google Microsoft 2Chrome Edge Chromium Nov 21, 2024 Feb 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16044 1Google 1Chrome Nov 21, 2024 Feb 9, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
CVE-2021-22304 1Huawei 1Taurus Al00a Firmware Nov 21, 2024 Feb 6, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending...Show more There is a use after free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). A module may refer to some memory after it has been freed while dealing with some messages. Attackers can exploit this vulnerability by sending specific message to the affected module. This may lead to module crash, compromising normal service.Show less
CVE-2021-0349 1Google 1Android Nov 21, 2024 Feb 4, 2021 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation....Show more In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-10, Android-11; Patch ID: ALPS05362646.Show less
CVE-2021-26689 1Google 1Android Nov 21, 2024 Feb 4, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. The USB laf gadget has a use-after-free. The LG ID is LVE-SMP-200031 (February 2021).
CVE-2021-0365 1Google 1Android Nov 21, 2024 Feb 3, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation....Show more In display driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, Android-11; Patch ID: ALPS05454782.Show less
CVE-2021-3348 2Debian Linux 2Debian Linux Linux Kernel Nov 21, 2024 Feb 1, 2021 N/A· v4 7.0 HIGH· v3 4.4 MEDIUM· v2 nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain poin...Show more nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71.Show less
CVE-2021-3347 3Debian FedoraprojectLinux 3Debian Linux FedoraLinux Kernel Feb 25, 2026 Jan 29, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
CVE-2020-36205 1Xcb Project 1Xcb Nov 21, 2024 Jan 26, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.
CVE-2020-27280 1Deltaww 1Ispsoft Nov 21, 2024 Jan 26, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 A use after free issue has been identified in the way ISPSoft(v3.12 and prior) processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution.
CVE-2020-11151 1Qualcomm 165Pm3003a Pm6125Pm6150+162 more Nov 21, 2024 Jan 21, 2021 N/A· v4 6.4 MEDIUM· v3 6.9 MEDIUM· v2 Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Sna...Show more Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon WearablesShow less
CVE-2020-11148 1Qualcomm 246Apq8017 Apq8053Msm8917+243 more Nov 21, 2024 Jan 21, 2021 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is deleted in Snapdragon Auto, Snapdragon Compute, Sn...Show more Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is deleted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon WearablesShow less
CVE-2020-6572 1Google 1Chrome Jan 13, 2026 Jan 14, 2021 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2020-16045 1Google 1Chrome Nov 21, 2024 Jan 14, 2021 N/A· v4 9.6 CRITICAL· v3 6.8 MEDIUM· v2 Use after Free in Payments in Google Chrome on Android prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-16119 3Canonical DebianLinux 3Debian Linux Linux KernelUbuntu Linux Nov 21, 2024 Jan 14, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4...Show more Use-after-free vulnerability in the Linux kernel exploitable by a local attacker due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released. Fixed in Ubuntu Linux kernel 5.4.0-51.56, 5.3.0-68.63, 4.15.0-121.123, 4.4.0-193.224, 3.13.0.182.191 and 3.2.0-149.196.Show less
CVE-2020-27267 4Ge PtcRockwellautomation+1 more 7Industrial Gateway Server Kepserver EnterpriseKepware Kepserverex+4 more Nov 21, 2024 Jan 14, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway S...Show more KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, ThingWorx Industrial Connectivity (all versions), OPC-Aggregator (all versions), Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server v7.68.804 and v7.66, and Software Toolbox TOP Server all 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.Show less
CVE-2021-0318 1Google 1Android Nov 21, 2024 Jan 11, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed....Show more In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-8.1, Android-10, Android-11; Android ID: A-168211968.Show less

Previous 1...264265266...373 Next