Total
5622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30519 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Payments in Google Chrome prior to 90.0.4430.212 allowed an attacker who convinced a user to install a malicious payments app to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30515 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in File API in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30514 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Autofill in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30512 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Notifications in Google Chrome prior to 90.0.4430.212 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30510 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30474 | 1 Aomedia | 1 Aomedia | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use-after-free. | |||||
| CVE-2021-30469 | 3 Fedoraproject, Podofo Project, Redhat | 3 Fedora, Podofo, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. | |||||
| CVE-2021-30337 | 1 Qualcomm | 420 Apq8009, Apq8009 Firmware, Apq8009w and 417 more | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30334 | 1 Qualcomm | 262 Apq8009w, Apq8009w Firmware, Aqt1000 and 259 more | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-30315 | 1 Qualcomm | 30 Mdm9628, Mdm9628 Firmware, Qca6564a and 27 more | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
| Improper handling of sensor HAL structure in absence of sensor can lead to use after free in Snapdragon Auto | |||||
| CVE-2021-30313 | 1 Qualcomm | 360 Apq8096au, Apq8096au Firmware, Ar8031 and 357 more | 2024-11-21 | 4.4 MEDIUM | 6.7 MEDIUM |
| Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30266 | 1 Qualcomm | 408 Apq8009, Apq8009 Firmware, Apq8053 and 405 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30264 | 1 Qualcomm | 388 Apq8009, Apq8009 Firmware, Apq8053 and 385 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-30263 | 1 Qualcomm | 54 Aqt1000, Aqt1000 Firmware, Ar8031 and 51 more | 2024-11-21 | 4.4 MEDIUM | 6.7 MEDIUM |
| Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2021-30262 | 1 Qualcomm | 210 Apq8009w, Apq8009w Firmware, Aqt1000 and 207 more | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
| Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-29985 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. | |||||
| CVE-2021-29972 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90. | |||||
| CVE-2021-29970 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 5.1 MEDIUM | 8.8 HIGH |
| A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. | |||||
| CVE-2021-29935 | 1 Rocket | 1 Rocket | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-after-free if a user-provided function panics. | |||||
| CVE-2021-29657 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 6.9 MEDIUM | 7.4 HIGH |
| arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun. | |||||