Total
5984 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-21822 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 8.8 High |
| A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.3.37598. A specially crafted PDF document can trigger the reuse of previously free memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening a malicious file or site to trigger this vulnerability if the browser plugin extension is enabled. | ||||
| CVE-2021-21806 | 2 Redhat, Webkitgtk | 2 Enterprise Linux, Webkitgtk | 2024-11-21 | 8.8 High |
| An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability. | ||||
| CVE-2021-21796 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 7.8 High |
| An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed and then later reused, resulting in a use-after-free vulnerability, which can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability. | ||||
| CVE-2021-21779 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 8.8 High |
| A use-after-free vulnerability exists in the way Webkit’s GraphicsContext handles certain events in WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability. | ||||
| CVE-2021-21775 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 8.0 High |
| A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage. | ||||
| CVE-2021-21772 | 3 3mf, Debian, Fedoraproject | 3 Lib3mf, Debian Linux, Fedora | 2024-11-21 | 8.1 High |
| A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2021-21708 | 2 Php, Redhat | 5 Php, Enterprise Linux, Rhel Aus and 2 more | 2024-11-21 | 8.2 High |
| In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits. | ||||
| CVE-2021-21417 | 2 Debian, Fluidsynth | 2 Debian Linux, Fluidsynth | 2024-11-21 | 7.2 High |
| fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file. | ||||
| CVE-2021-21232 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 8.8 High |
| Use after free in Dev Tools in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-21226 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 9.6 Critical |
| Use after free in navigation in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2021-21214 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 8.8 High |
| Use after free in Network API in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. | ||||
| CVE-2021-21213 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 8.8 High |
| Use after free in WebMIDI in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-21207 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 8.6 High |
| Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | ||||
| CVE-2021-21204 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Mac Os X, Debian Linux, Fedora and 1 more | 2024-11-21 | 8.8 High |
| Use after free in Blink in Google Chrome on OS X prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-21203 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 8.8 High |
| Use after free in Blink in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-21202 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 8.6 High |
| Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | ||||
| CVE-2021-21201 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 9.6 Critical |
| Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2021-21199 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 8.8 High |
| Use after free in Aura in Google Chrome on Linux prior to 89.0.4389.114 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-21195 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 8.8 High |
| Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2021-21194 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 8.8 High |
| Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||