Total
716 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30456 | 1 Id-map Project | 1 Id-map | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in get_or_insert upon a panic of a user-provided f function.
|
|||||
| CVE-2021-30455 | 1 Id-map Project | 1 Id-map | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clone_from upon a .clone panic.
|
|||||
| CVE-2021-29940 | 1 Through Project | 1 Through | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in through and through_and) upon a panic of the map function.
|
|||||
| CVE-2021-29938 | 1 Slice-deque Project | 1 Slice-deque | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function.
|
|||||
| CVE-2021-29933 | 1 Insert Many Project | 1 Insert Many | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics.
|
|||||
| CVE-2021-29931 | 1 Arenavec Project | 1 Arenavec | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop().
|
|||||
| CVE-2021-29929 | 1 Endian Trait Project | 1 Endian Trait | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics.
|
|||||
| CVE-2021-29627 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free.
|
|||||
| CVE-2021-28041 | 4 Fedoraproject, Netapp, Openbsd and 1 more | 11 Fedora, Cloud Backup, Hci Compute Node and 8 more | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
|
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
|
|||||
| CVE-2021-28034 | 1 Stack Dst Project | 1 Stack Dst | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic.
|
|||||
| CVE-2021-28031 | 1 Scratchpad Project | 1 Scratchpad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function.
|
|||||
| CVE-2021-28028 | 1 Toodee Project | 1 Toodee | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic.
|
|||||
| CVE-2021-27033 | 1 Autodesk | 1 Design Review | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
|
|||||
| CVE-2021-26954 | 1 Qwutils Project | 1 Qwutils | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insert_slice_clone can perform a double drop.
|
|||||
| CVE-2021-25908 | 1 Fil-ocl Project | 1 Fil-ocl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From<EventList> can lead to a double free.
|
|||||
| CVE-2021-25907 | 1 Containers Project | 1 Containers | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed.
|
|||||
| CVE-2021-25477 | 2 Google, Mediatek | 4 Android, Mt6762, Mt6765 and 1 more | 2024-11-21 | 4.0 MEDIUM | 4.4 MEDIUM |
|
An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.
|
|||||
| CVE-2021-23158 | 1 Htmldoc Project | 1 Htmldoc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service.
|
|||||
| CVE-2021-22425 | 1 Huawei | 1 Harmonyos | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges.
|
|||||
| CVE-2021-22386 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
A component of the Huawei smartphone has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevation of Privileges.
|
|||||
| CVE-2021-22332 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service.
|
|||||
| CVE-2021-22303 | 1 Huawei | 2 Taurus-al00a, Taurus-al00a Firmware | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service.
|
|||||
| CVE-2021-21797 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability.
|
|||||
| CVE-2021-1934 | 1 Qualcomm | 194 Apq8017, Apq8017 Firmware, Apq8053 and 191 more | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
|
Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
|
|||||
| CVE-2021-1910 | 1 Qualcomm | 746 Apq8009, Apq8009 Firmware, Apq8009w and 743 more | 2024-11-21 | 10.0 HIGH | 7.3 HIGH |
|
Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
|
|||||
| CVE-2021-1888 | 1 Qualcomm | 310 Apq8017, Apq8017 Firmware, Apq8037 and 307 more | 2024-11-21 | 7.2 HIGH | 8.4 HIGH |
|
Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
|
|||||
| CVE-2021-1875 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption.
|
|||||
| CVE-2021-1565 | 1 Cisco | 54 Catalyst 9300-24p-a, Catalyst 9300-24p-e, Catalyst 9300-24s-a and 51 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful ...
Show More |
|||||
| CVE-2021-1119 | 1 Nvidia | 1 Virtual Gpu | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability.
|
|||||
| CVE-2021-0601 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-180643802
|
|||||
| CVE-2021-0528 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195266
|
|||||
| CVE-2021-0498 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461321
|
|||||
| CVE-2021-0437 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330
|
|||||
| CVE-2021-0397 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148
|
|||||
| CVE-2021-0392 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-175124730
|
|||||
| CVE-2021-0271 | 1 Juniper | 10 Ex2200-c, Ex3200, Ex3300 and 7 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX ...
Show More |
|||||
| CVE-2020-9844 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
|
|||||
| CVE-2020-9747 | 2 Adobe, Microsoft | 2 Animate, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
|
|||||
| CVE-2020-8432 | 2 Denx, Opensuse | 2 U-boot, Leap | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.
|
|||||
| CVE-2020-8003 | 2 Debian, Virglrenderer Project | 2 Debian Linux, Virglrenderer | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.
|
|||||