Total
5984 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36313 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel before 5.7. The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c. | ||||
| CVE-2020-36205 | 1 Xcb Project | 1 Xcb | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur. | ||||
| CVE-2020-35980 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c. | ||||
| CVE-2020-35923 | 1 Ordered-float Project | 1 Ordered-float | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the ordered-float crate before 1.1.1 and 2.x before 2.0.1 for Rust. A NotNan value can contain a NaN. | ||||
| CVE-2020-35917 | 1 Pyo3 Project | 1 Pyo3 | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From<Py<T>>. | ||||
| CVE-2020-35906 | 1 Rust-lang | 1 Futures-task | 2024-11-21 | 7.8 High |
| An issue was discovered in the futures-task crate before 0.3.6 for Rust. futures_task::waker may cause a use-after-free in a non-static type situation. | ||||
| CVE-2020-35902 | 1 Actix | 1 Actix-codec | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed. | ||||
| CVE-2020-35901 | 1 Actix | 1 Actix-http | 2024-11-21 | 7.5 High |
| An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream. | ||||
| CVE-2020-35900 | 1 Array-queue Project | 1 Array-queue | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the array-queue crate through 2020-09-26 for Rust. A pop_back() call may lead to a use-after-free. | ||||
| CVE-2020-35899 | 1 Actix | 1 Actix-service | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. | ||||
| CVE-2020-35898 | 1 Actix | 1 Actix-utils | 2024-11-21 | 9.1 Critical |
| An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data. | ||||
| CVE-2020-35876 | 1 Rio Project | 1 Rio | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the rio crate through 2020-05-11 for Rust. A struct can be leaked, allowing attackers to obtain sensitive information, cause a use-after-free, or cause a data race. | ||||
| CVE-2020-35874 | 1 Internment Project | 1 Internment | 2024-11-21 | 8.1 High |
| An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free. | ||||
| CVE-2020-35873 | 1 Rusqlite Project | 1 Rusqlite | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because sessions.rs has a use-after-free. | ||||
| CVE-2020-35870 | 1 Rusqlite Project | 1 Rusqlite | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated via an Auxdata API use-after-free. | ||||
| CVE-2020-35862 | 1 Bitvec Project | 1 Bitvec | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free. | ||||
| CVE-2020-35512 | 2 Freedesktop, Linux | 2 Dbus, Linux Kernel | 2024-11-21 | 7.8 High |
| A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors | ||||
| CVE-2020-35506 | 1 Qemu | 1 Qemu | 2024-11-21 | 6.7 Medium |
| A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process. | ||||
| CVE-2020-2758 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-11-21 | 8.2 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2020-29661 | 7 Broadcom, Debian, Fedoraproject and 4 more | 25 Fabric Operating System, Debian Linux, Fedora and 22 more | 2024-11-21 | 7.8 High |
| A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | ||||