Total
5622 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-24349 | 1 F5 | 1 Njs | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface. | |||||
CVE-2020-24346 | 1 F5 | 1 Njs | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. | |||||
CVE-2020-24343 | 1 Artifex | 1 Mujs | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c. | |||||
CVE-2020-24241 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. | |||||
CVE-2020-24240 | 1 Gnu | 1 Bison | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. | |||||
CVE-2020-23856 | 2 Fedoraproject, Gnu | 2 Fedora, Cflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee. | |||||
CVE-2020-23302 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0 | |||||
CVE-2020-22617 | 1 Ardour | 1 Ardour | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext. | |||||
CVE-2020-21913 | 2 Debian, Unicode | 2 Debian Linux, International Components For Unicode | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp. | |||||
CVE-2020-21896 | 1 Artifex | 1 Mupdf | 2024-11-21 | N/A | 5.5 MEDIUM |
A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file. | |||||
CVE-2020-21722 | 1 Ogg Video Tools Project | 1 Ogg Video Tools | 2024-11-21 | N/A | 7.8 HIGH |
Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file. | |||||
CVE-2020-21697 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file. | |||||
CVE-2020-21688 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code. | |||||
CVE-2020-1983 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 2.1 LOW | 7.5 HIGH |
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. | |||||
CVE-2020-1909 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code execution. This could have happened only if several events occurred together in sequence, including receiving an animated sticker while placing a WhatsApp video call on hold. | |||||
CVE-2020-1900 | 1 Facebook | 1 Hhvm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | |||||
CVE-2020-1897 | 1 Facebook | 1 Proxygen | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00. | |||||
CVE-2020-1799 | 1 Huawei | 2 E6878-370, E6878-370 Firmware | 2024-11-21 | 5.4 MEDIUM | 7.5 HIGH |
E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00), 10.0.3.1(H563SP1C233) has a use after free vulnerability. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could cause a use after free condition which may lead to malicious code execution. | |||||
CVE-2020-1752 | 4 Canonical, Debian, Gnu and 1 more | 9 Ubuntu Linux, Debian Linux, Glibc and 6 more | 2024-11-21 | 3.7 LOW | 7.0 HIGH |
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32. | |||||
CVE-2020-1712 | 3 Debian, Redhat, Systemd Project | 7 Debian Linux, Ceph Storage, Discovery and 4 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. |