Total
5622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15436 | 3 Broadcom, Linux, Netapp | 34 Brocade Fabric Operating System Firmware, Linux Kernel, A250 and 31 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | |||||
| CVE-2020-15389 | 3 Debian, Oracle, Uclouvain | 3 Debian Linux, Outside In Technology, Openjpeg | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice. | |||||
| CVE-2020-15305 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. | |||||
| CVE-2020-14416 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2024-11-21 | 4.7 MEDIUM | 4.2 MEDIUM |
| In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c. | |||||
| CVE-2020-14381 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-14373 | 2 Artifex, Redhat | 2 Ghostscript, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service. | |||||
| CVE-2020-14363 | 2 Fedoraproject, X.org | 2 Fedora, Libx11 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability. | |||||
| CVE-2020-14354 | 2 C-ares, Fedoraproject | 2 C-ares, Fedora | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability. | |||||
| CVE-2020-14351 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-13904 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duration in an m3u8 file because parse_playlist in libavformat/hls.c frees a pointer, and later that pointer is accessed in av_probe_input_format3 in libavformat/format.c. | |||||
| CVE-2020-13871 | 6 Debian, Fedoraproject, Netapp and 3 more | 12 Debian Linux, Fedora, Cloud Backup and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. | |||||
| CVE-2020-13814 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary. | |||||
| CVE-2020-13806 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation. | |||||
| CVE-2020-13630 | 9 Apple, Brocade, Canonical and 6 more | 20 Icloud, Ipados, Iphone Os and 17 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | |||||
| CVE-2020-13584 | 2 Fedoraproject, Webkitgtk | 2 Fedora, Webkitgtk | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. | |||||
| CVE-2020-13570 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2020-13560 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2020-13558 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | |||||
| CVE-2020-13557 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2020-13548 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||