Total
5654 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44433 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14900) | |||||
| CVE-2021-44189 | 3 Adobe, Apple, Microsoft | 3 After Effects, Macos, Windows | 2024-11-21 | N/A | 3.3 LOW |
| Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-44047 | 1 Opendesign | 1 Drawings Sdk | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-44014 | 1 Siemens | 5 Jt2go, Jt Open Toolkit, Jt Utilities and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081) | |||||
| CVE-2021-43826 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions of Envoy a crash occurs when configured for :ref:`upstream tunneling <envoy_v3_api_field_extensions.filters.network.tcp_proxy.v3.TcpProxy.tunneling_config>` and the downstream connection disconnects while the the upstream connection or http/2 stream is still being established. There are no workarounds for this issue. Users are advised to upgrade. | |||||
| CVE-2021-43825 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 5.0 MEDIUM | 6.1 MEDIUM |
| Envoy is an open source edge and service proxy, designed for cloud-native applications. Sending a locally generated response must stop further processing of request or response data. Envoy tracks the amount of buffered request and response data and aborts the request if the amount of buffered data is over the limit by sending 413 or 500 responses. However when the buffer overflows while response is processed by the filter chain the operation may not be aborted correctly and result in accessing a freed memory block. If this happens Envoy will crash resulting in a denial of service. | |||||
| CVE-2021-43790 | 1 Bytecodealliance | 1 Lucet | 2024-11-21 | 6.8 MEDIUM | 8.5 HIGH |
| Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present in all releases. As a result of this bug, and dependent on the memory backing for the Instance objects, it is possible to trigger a use-after-free when the Instance is dropped. Users should upgrade to the main branch of the Lucet repository. Lucet no longer provides versioned releases on crates.io. There is no way to remediate this vulnerability without upgrading. | |||||
| CVE-2021-43753 | 2 Adobe, Microsoft | 2 Lightroom, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| Adobe Lightroom versions 4.4 (and earlier) are affected by a use-after-free vulnerability in the processing of parsing TIF files that could result in privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-43582 | 1 Opendesign | 1 Drawings Sdk | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-43539 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2021-43535 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. | |||||
| CVE-2021-43412 | 1 Gnu | 1 Hurd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access. | |||||
| CVE-2021-43400 | 2 Bluez, Debian | 2 Bluez, Debian Linux | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call. | |||||
| CVE-2021-43275 | 1 Opendesign | 1 Drawings Software Development Kit | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-43274 | 1 Opendesign | 1 Drawings Software Development Kit | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. | |||||
| CVE-2021-43057 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task. | |||||
| CVE-2021-42779 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. | |||||
| CVE-2021-42721 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-42706 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| This vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of WebAccess/MHI Designer | |||||
| CVE-2021-42614 | 2 Fedoraproject, Halibut Project | 2 Fedora, Halibut | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document. | |||||