Total
5633 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13814 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It has a use-after-free via a document that lacks a dictionary. | |||||
| CVE-2020-13806 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation. | |||||
| CVE-2020-13630 | 9 Apple, Brocade, Canonical and 6 more | 20 Icloud, Ipados, Iphone Os and 17 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. | |||||
| CVE-2020-13584 | 2 Fedoraproject, Webkitgtk | 2 Fedora, Webkitgtk | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. | |||||
| CVE-2020-13570 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2020-13560 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2020-13558 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | |||||
| CVE-2020-13557 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2020-13548 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | |||||
| CVE-2020-13543 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | |||||
| CVE-2020-13531 | 1 Pixar | 1 Openusd | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file. | |||||
| CVE-2020-12901 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure. | |||||
| CVE-2020-12657 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body. | |||||
| CVE-2020-12464 | 2 Linux, Netapp | 10 Linux Kernel, Active Iq Unified Manager, Aff A700s and 7 more | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. | |||||
| CVE-2020-12420 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | |||||
| CVE-2020-12419 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | |||||
| CVE-2020-12416 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A VideoStreamEncoder may have been freed in a race condition with VideoBroadcaster::AddOrUpdateSink, resulting in a use-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78. | |||||
| CVE-2020-12405 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. | |||||
| CVE-2020-12387 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | |||||
| CVE-2020-12361 | 1 Intel | 1 Graphics Drivers | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Use after free in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access. | |||||