CWE-416

High likelihood

Use After Free

Parent: CWE-825 - Expired Pointer Dereference

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

7,662 vulnerabilities with CWE-416
CVE-2020-15683 CRITICAL
Firefox < 82.0 and Firefox ESR < 78.4 - Use-After-Free
CVSS 9.8
CVE-2020-3992 CRITICAL KEV
VMware ESXi < 7.0.1-0.0.16850804, < 6.7 ESXi670-202010401-SG, < 6.5 ESXi650-202010401-SG - Use-After-Free in OpenSLP
CVSS 9.8
CVE-2020-9263 HIGH
HUAWEI Mate 30 and P30 Firmware - Use-After-Free
CVSS 7.8
CVE-2020-16929 HIGH
Microsoft Excel - Remote Code Execution via Memory Corruption
CVSS 7.8
CVE-2020-9951 HIGH
iCloud < 11.5 - Use-After-Free
CVSS 8.8
CVE-2020-9895 CRITICAL
iCloud < 7.20 - Use-After-Free
CVSS 9.8
CVE-2020-9893 HIGH
iCloud < 7.20 - Use-After-Free
CVSS 8.8
CVE-2020-0423 HIGH
Android - Use-After-Free in binder_release_work
CVSS 7.8
CVE-2020-17417 HIGH
Foxit Reader and PhantomPDF < 10.0.1.35811 - Remote Code Execution via Annotation Object Use-After-Free
CVSS 7.8
CVE-2020-17410 HIGH
Foxit PhantomPDF 10.0.0.35798 - RCE
CVSS 7.8
CVE-2020-5984 HIGH
NVIDIA Virtual GPU Manager - Use After Free
CVSS 7.8
CVE-2020-26539 CRITICAL
Foxit Reader & PhantomPDF <10.1 - Use After Free
CVSS 9.8
CVE-2020-26534 CRITICAL
Foxit Reader & PhantomPDF <10.1 - Use After Free
CVSS 9.8
CVE-2020-15678 HIGH
Firefox < 81.0 and Firefox ESR < 78.3 - Use-After-Free in APZCTreeManager
CVSS 8.8
CVE-2020-15675 HIGH
Firefox < 81.0 - Use-After-Free in Surface Processing
CVSS 8.8
CVE-2020-15673 HIGH
Firefox < 81.0 and Firefox ESR < 78.3 - Use-After-Free
CVSS 8.8
CVE-2020-15670 HIGH
Firefox < 80 and Firefox ESR < 78.2 - Memory Corruption
CVSS 8.8
CVE-2020-15669 HIGH
Firefox ESR < 68.12 and Thunderbird < 68.12 - Use-After-Free via Abort Signal Handling
CVSS 8.8
CVE-2020-25084 LOW
QEMU 5.0.0 - Use-After-Free in hw/usb/hcd-xhci.c
CVSS 3.2
CVE-2020-6576 HIGH
Google Chrome < 85.0.4183.102 - Use-After-Free in Offscreen Canvas
CVSS 8.8
CVE-2020-6573 CRITICAL
Google Chrome < 85.0.4183.102 - Use-After-Free in Video Component
CVSS 9.6
CVE-2020-6559 HIGH
Google Chrome < 85.0.4183.83 - Use-After-Free in Presentation API
CVSS 8.8
CVE-2020-6554 HIGH
Google Chrome < 84.0.4147.125 - Use-After-Free in Extensions via Crafted Chrome Extension
CVSS 8.6
CVE-2020-6553 HIGH
Google Chrome < 84.0.4147.125 - Use-After-Free in Offline Mode
CVSS 8.8
CVE-2020-6552 HIGH
Google Chrome < 84.0.4147.125 - Use-After-Free in Blink via Crafted HTML Page
CVSS 8.8
Details
Vulnerabilities 7,662
Exploit Likelihood High