Filtered by CWE-416
Total 5984 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-15968 5 Debian, Fedoraproject, Google and 2 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-11-21 8.8 High
Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15967 5 Debian, Fedoraproject, Google and 2 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-11-21 8.8 High
Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2020-15888 1 Lua 1 Lua 2024-11-21 8.8 High
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
CVE-2020-15859 3 Debian, Qemu, Redhat 3 Debian Linux, Qemu, Enterprise Linux 2024-11-21 3.3 Low
QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address.
CVE-2020-15706 7 Canonical, Debian, Gnu and 4 more 18 Ubuntu Linux, Debian Linux, Grub2 and 15 more 2024-11-21 6.4 Medium
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability which can be triggered by redefining a function whilst the same function is already executing, leading to arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and prior versions.
CVE-2020-15684 1 Mozilla 1 Firefox 2024-11-21 9.8 Critical
Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82.
CVE-2020-15683 4 Debian, Mozilla, Opensuse and 1 more 8 Debian Linux, Firefox, Firefox Esr and 5 more 2024-11-21 9.8 Critical
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
CVE-2020-15678 4 Debian, Mozilla, Opensuse and 1 more 8 Debian Linux, Firefox, Firefox Esr and 5 more 2024-11-21 8.8 High
When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
CVE-2020-15675 1 Mozilla 1 Firefox 2024-11-21 8.8 High
When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81.
CVE-2020-15673 4 Debian, Mozilla, Opensuse and 1 more 8 Debian Linux, Firefox, Firefox Esr and 5 more 2024-11-21 8.8 High
Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
CVE-2020-15670 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2024-11-21 8.8 High
Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80.
CVE-2020-15669 2 Mozilla, Redhat 5 Firefox Esr, Thunderbird, Enterprise Linux and 2 more 2024-11-21 8.8 High
When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.12 and Thunderbird < 68.12.
CVE-2020-15637 2 Foxitsoftware, Microsoft 3 Phantompdf, Reader, Windows 2024-11-21 3.3 Low
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SetLocalDescription method. By performing actions in JavaScript, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10972.
CVE-2020-15569 2 Debian, Milkytracker Project 2 Debian Linux, Milkytracker 2024-11-21 5.5 Medium
PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free in the PlayerGeneric destructor.
CVE-2020-15475 1 Ntop 1 Ndpi 2024-11-21 9.8 Critical
In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free.
CVE-2020-15436 4 Broadcom, Linux, Netapp and 1 more 37 Brocade Fabric Operating System Firmware, Linux Kernel, A250 and 34 more 2024-11-21 6.7 Medium
Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
CVE-2020-15389 4 Debian, Oracle, Redhat and 1 more 4 Debian Linux, Outside In Technology, Enterprise Linux and 1 more 2024-11-21 6.5 Medium
jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free that can be triggered if there is a mix of valid and invalid files in a directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.
CVE-2020-15305 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2024-11-21 5.5 Medium
An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp.
CVE-2020-14416 2 Linux, Opensuse 2 Linux Kernel, Leap 2024-11-21 4.2 Medium
In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.
CVE-2020-14381 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 7.8 High
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.