Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-4004

Summary
Assigner-vmware
Assigner Org ID-dcf2e128-44bd-42ed-91e8-88f912c1401d
Published At-20 Nov, 2020 | 19:06
Updated At-04 Aug, 2024 | 07:52
Rejected At-
Credits

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:vmware
Assigner Org ID:dcf2e128-44bd-42ed-91e8-88f912c1401d
Published At:20 Nov, 2020 | 19:06
Updated At:04 Aug, 2024 | 07:52
Rejected At:
▼CVE Numbering Authority (CNA)

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Affected Products
Vendor
n/a
Product
VMware ESXi
Versions
Affected
  • 7.0 before ESXi70U1b-17168206
  • 6.7 before ESXi670-202011101-SG
  • 6.5 before ESXi650-202011301-SG
Vendor
n/a
Product
Workstation
Versions
Affected
  • 15.x before 15.5.7
Vendor
n/a
Product
Fusion
Versions
Affected
  • 11.x before 11.5.7
Problem Types
TypeCWE IDDescription
textN/AUse-after-free vulnerability
Type: text
CWE ID: N/A
Description: Use-after-free vulnerability
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.vmware.com/security/advisories/VMSA-2020-0026.html
x_refsource_CONFIRM
Hyperlink: https://www.vmware.com/security/advisories/VMSA-2020-0026.html
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.vmware.com/security/advisories/VMSA-2020-0026.html
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.vmware.com/security/advisories/VMSA-2020-0026.html
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@vmware.com
Published At:20 Nov, 2020 | 20:15
Updated At:03 Dec, 2020 | 18:36

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.2HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Apple Inc.
apple
>>mac_os_x>>-
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>fusion>>Versions from 11.0(inclusive) to 11.5.7(exclusive)
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>cloud_foundation>>Versions from 3.0(inclusive) to 3.10.1.2(exclusive)
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>workstation>>Versions from 15.0.0(inclusive) to 15.5.7(exclusive)
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>cloud_foundation>>Versions from 4.0(inclusive) to 4.1.0.1(exclusive)
cpe:2.3:o:vmware:cloud_foundation:*:*:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201803001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201806001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201808001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201810001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201810002:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201811002:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201811301:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201901001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201903001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201905001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201908001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-201910001:*:*:*:*:*:*
VMware (Broadcom Inc.)
vmware
>>esxi>>6.5
cpe:2.3:o:vmware:esxi:6.5:650-20191004001:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.vmware.com/security/advisories/VMSA-2020-0026.htmlsecurity@vmware.com
Patch
Vendor Advisory
Hyperlink: https://www.vmware.com/security/advisories/VMSA-2020-0026.html
Source: security@vmware.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

1257Records found
CVE-2019-7031
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.20% / 94.76%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:02
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2023-44361
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.64%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 09:52
Updated-02 Aug, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-22041: Adobe Acrobat Reader DC AcroForm Doc Object Use-After-Free Information Disclosure Vulnerability

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2019-7025
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.20% / 94.76%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 17:59
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-7070
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-10.68% / 93.03%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:54
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-5759
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-9.6||CRITICAL
EPSS-1.65% / 81.30%
||
7 Day CHG~0.00%
Published-19 Feb, 2019 | 17:00
Updated-04 Aug, 2024 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLCRed Hat, Inc.Apple Inc.Fedora ProjectDebian GNU/Linux
Product-enterprise_linux_serverdebian_linuxchromeandroidenterprise_linux_workstationfedoramacosenterprise_linux_desktopChrome
CWE ID-CWE-416
Use After Free
CVE-2019-7040
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-10.74% / 93.05%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:13
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-7029
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.20% / 94.76%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:01
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcmacoswindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-7048
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-13.42% / 93.93%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:22
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2021-4187
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.8||MEDIUM
EPSS-0.35% / 57.00%
||
7 Day CHG+0.07%
Published-29 Dec, 2021 | 17:10
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in vim/vim

vim is vulnerable to Use After Free

Action-Not Available
Vendor-Fedora ProjectVimApple Inc.
Product-vimfedoramacosmac_os_xvim/vim
CWE ID-CWE-416
Use After Free
CVE-2019-7043
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-13.42% / 93.93%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:15
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2021-4192
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.5||MEDIUM
EPSS-0.33% / 55.24%
||
7 Day CHG~0.00%
Published-31 Dec, 2021 | 00:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free in vim/vim

vim is vulnerable to Use After Free

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/LinuxApple Inc.
Product-debian_linuxvimfedoramac_os_xmacosvim/vim
CWE ID-CWE-416
Use After Free
CVE-2023-44372
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.41% / 60.72%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 09:52
Updated-13 Feb, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TALOS-2023-1842 - Adobe Acrobat Reader U3D page event use-after-free vulnerability

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2023-44367
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.09% / 77.06%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 09:52
Updated-07 Jan, 2025 | 18:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21929: Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-4128
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.12%
||
7 Day CHG~0.00%
Published-22 Dec, 2022 | 00:00
Updated-16 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When transitioning in and out of fullscreen mode, a graphics object was not correctly protected; resulting in memory corruption and a potentially exploitable crash.<br>*This bug only affects Firefox on MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95.

Action-Not Available
Vendor-Apple Inc.Mozilla Corporation
Product-firefoxmacosFirefox
CWE ID-CWE-416
Use After Free
CVE-2019-7018
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.20% / 94.76%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 17:51
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsacrobat_reader_dcmac_os_xAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-7078
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-13.42% / 93.93%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 19:00
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-7044
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-13.42% / 93.93%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:15
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-7088
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-1.86% / 82.31%
||
7 Day CHG~0.00%
Published-23 May, 2019 | 16:59
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20098 and earlier, 2019.010.20098 and earlier, 2017.011.30127 and earlier version, and 2015.006.30482 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2022-0796
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.53% / 66.09%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2019-7050
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.20% / 94.76%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:23
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2021-40790
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.10%
||
7 Day CHG~0.00%
Published-07 Sep, 2023 | 12:54
Updated-27 Feb, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Pro MOV File Parsing Use-After-Free Information Disclosure Vulnerability

Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowspremiere_promacosPremiere Pro
CWE ID-CWE-416
Use After Free
CVE-2019-7072
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-10.68% / 93.03%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:58
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2019-7075
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-13.77% / 94.03%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:59
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2022-1481
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.12% / 77.38%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:31
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Apple Inc.Google LLC
Product-chromemacosChrome
CWE ID-CWE-416
Use After Free
CVE-2019-7026
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-17.20% / 94.76%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 18:00
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-mac_os_xacrobat_dcwindowsacrobat_reader_dcAdobe Acrobat and Reader
CWE ID-CWE-416
Use After Free
CVE-2021-40726
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-20.85% / 95.39%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:07
Updated-17 Sep, 2024 | 01:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm field that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-40725
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-20.85% / 95.39%
||
7 Day CHG~0.00%
Published-07 Oct, 2021 | 15:07
Updated-16 Sep, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC AcroForm listbox Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForm listbox that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcwindowsmacosacrobat_reader_dcAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-40730
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-1.23% / 78.33%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 14:21
Updated-23 Apr, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability

Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free that allow a remote attacker to disclose sensitive information on affected installations of of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG2000 images.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2023-42950
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.23% / 45.67%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 15:39
Updated-13 Feb, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchosipadostvossafarimacosiOS and iPadOStvOSmacOSSafariwatchOSsafarimacostvosiphone_oswatchosipad_os
CWE ID-CWE-416
Use After Free
CVE-2021-40728
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-12.12% / 93.55%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 14:22
Updated-23 Apr, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC Use After Free Arbitrary Code Execution

Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.20096 (and earlier), 20.004.30015 (and earlier), and 17.011.30202 (and earlier) is affected by a use-after-free vulnerability in the processing of the GetURL function on a global object window that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2024-30324
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.40% / 88.57%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 16:21
Updated-11 Aug, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22576.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorpdf_readerwindowsmacosPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2024-30354
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.32%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:15
Updated-08 Aug, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22808.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30302
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.50%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 21:04
Updated-02 Dec, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-23077: Adobe Acrobat Reader DC AcroForm Use-After-Free Information Disclosure Vulnerability

Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_reader
CWE ID-CWE-416
Use After Free
CVE-2021-39840
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-56.99% / 98.05%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:37
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC AcroForm Field Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability when processing AcroForms that could result in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2024-30328
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.40% / 88.57%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 16:22
Updated-11 Aug, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22633.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorpdf_readerwindowsmacosPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2024-30336
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.32%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:10
Updated-07 Aug, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22642.

Action-Not Available
Vendor-Foxit Software IncorporatedApple Inc.Microsoft Corporation
Product-macoswindowspdf_editorpdf_readerPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30284
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.95% / 75.48%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 10:00
Updated-02 Dec, 2024 | 21:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-23466: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Readeracrobat_dcacrobat_readeracrobat_reader_dcacrobat
CWE ID-CWE-416
Use After Free
CVE-2022-0805
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.69% / 70.92%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 00:25
Updated-02 Aug, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Browser Switcher in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2024-30331
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.23% / 88.32%
||
7 Day CHG~0.00%
Published-03 Apr, 2024 | 16:23
Updated-11 Aug, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects in AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22637.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationFoxit Software Incorporated
Product-pdf_editorpdf_readerwindowsmacosPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2024-30275
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.54%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 08:44
Updated-04 Dec, 2024 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Aero Beta has an arbitrary code execution vulnerability when parsing svg files

Adobe Aero Desktop versions 23.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosaeroAdobe Aero Desktopaero
CWE ID-CWE-416
Use After Free
CVE-2021-39836
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-56.99% / 98.05%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:37
Updated-16 Sep, 2024 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC AcroForm buttonGetIcon Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetIcon action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2022-0971
Matching Score-6
Assigner-Chrome
ShareView Details
Matching Score-6
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.38%
||
7 Day CHG~0.00%
Published-21 Jul, 2022 | 21:05
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCApple Inc.
Product-chromeandroidmacoslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2023-42970
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.22%
||
7 Day CHG~0.00%
Published-11 Apr, 2025 | 14:53
Updated-29 Apr, 2025 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17, Safari 17. Processing web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-ipadossafarimacostvoswatchosiphone_osSafarimacOSwatchOSiOS and iPadOStvOS
CWE ID-CWE-416
Use After Free
CVE-2021-39838
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-56.99% / 98.05%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:37
Updated-16 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC AcroForm buttonGetCaption Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm buttonGetCaption action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-39839
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-56.99% / 98.05%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:37
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC AcroForm getItemAt Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm getItem action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2021-39842
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-56.99% / 98.05%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:38
Updated-17 Sep, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC messageHandler.OnMessage Use-After-Free Vulnerability

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2024-30342
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-4.40% / 88.57%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:12
Updated-08 Aug, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22720.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_reader
CWE ID-CWE-416
Use After Free
CVE-2021-39859
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.92%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 13:08
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use After Free Adobe Acrobat Pro DC [HB-21-0339]

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2024-30362
Matching Score-6
Assigner-Zero Day Initiative
ShareView Details
Matching Score-6
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-2.53% / 84.84%
||
7 Day CHG~0.00%
Published-02 Apr, 2024 | 20:18
Updated-08 Aug, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22798.

Action-Not Available
Vendor-Microsoft CorporationApple Inc.Foxit Software Incorporated
Product-macoswindowspdf_readerpdf_editorPDF Readerpdf_readerpdf_editor
CWE ID-CWE-416
Use After Free
CVE-2021-39837
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-56.99% / 98.05%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:37
Updated-16 Sep, 2024 | 22:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader DC AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnerability

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a use-after-free vulnerability in the processing of the AcroForm deleteItemAt action that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • ...
  • 25
  • 26
  • Next
Details not found