Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-415
Total 396 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-0601 1 Google 1 Android 2021-07-15 4.9 MEDIUM 5.5 MEDIUM
In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-180643802
CVE-2021-36088 1 Treasuredata 1 Fluent Bit 2021-07-08 7.5 HIGH 9.8 CRITICAL
Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do).
CVE-2021-36080 1 Gnu 1 Libredwg 2021-07-08 6.8 MEDIUM 8.8 HIGH
GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object).
CVE-2020-36401 2 Linux, Mruby 2 Linux Kernel, Mruby 2021-07-06 6.8 MEDIUM 7.8 HIGH
mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free).
CVE-2021-34184 1 Miniaudio Project 1 Miniaudio 2021-07-01 7.5 HIGH 9.8 CRITICAL
Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h.
CVE-2021-0528 1 Google 1 Android 2021-06-23 4.6 MEDIUM 7.8 HIGH
In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195266
CVE-2021-0498 1 Google 1 Android 2021-06-15 7.2 HIGH 7.8 HIGH
In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461321
CVE-2021-0473 1 Google 1 Android 2021-06-14 8.3 HIGH 8.8 HIGH
In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208
CVE-2021-3492 1 Canonical 1 Ubuntu Linux 2021-05-21 7.2 HIGH 7.8 HIGH
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562.
CVE-2021-1910 1 Qualcomm 746 Apq8009, Apq8009 Firmware, Apq8009w and 743 more 2021-05-12 10.0 HIGH 9.8 CRITICAL
Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2021-31449 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2021-05-11 6.8 MEDIUM 7.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13280.
CVE-2021-31996 1 Algorithmica Project 1 Algorithmica 2021-05-11 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. There is a double free in merge_sort::merge().
CVE-2021-22332 1 Huawei 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more 2021-05-07 5.0 MEDIUM 7.5 HIGH
There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service.
CVE-2020-36318 1 Rust-lang 1 Rust 2021-04-26 7.5 HIGH 9.8 CRITICAL
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
CVE-2021-0437 1 Google 1 Android 2021-04-16 4.6 MEDIUM 7.8 HIGH
In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330
CVE-2020-11246 1 Qualcomm 634 Apq8017, Apq8017 Firmware, Apq8037 and 631 more 2021-04-12 7.2 HIGH 7.8 HIGH
A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2020-11231 1 Qualcomm 430 Apq8017, Apq8017 Firmware, Apq8053 and 427 more 2021-04-12 4.6 MEDIUM 6.7 MEDIUM
Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2021-30455 1 Id-map Project 1 Id-map 2021-04-12 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clone_from upon a .clone panic.
CVE-2021-30456 1 Id-map Project 1 Id-map 2021-04-12 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in get_or_insert upon a panic of a user-provided f function.
CVE-2021-30457 1 Id-map Project 1 Id-map 2021-04-12 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in remove_set upon a panic in a Drop impl.