Total
396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0601 | 1 Google | 1 Android | 2021-07-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| In encodeFrames of avc_enc_fuzzer.cpp, there is a possible out of bounds write due to a double free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-180643802 | |||||
| CVE-2021-36088 | 1 Treasuredata | 1 Fluent Bit | 2021-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do). | |||||
| CVE-2021-36080 | 1 Gnu | 1 Libredwg | 2021-07-08 | 6.8 MEDIUM | 8.8 HIGH |
| GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_chain_free (called from dwg_encode_MTEXT and dwg_encode_add_object). | |||||
| CVE-2020-36401 | 2 Linux, Mruby | 2 Linux Kernel, Mruby | 2021-07-06 | 6.8 MEDIUM | 7.8 HIGH |
| mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free). | |||||
| CVE-2021-34184 | 1 Miniaudio Project | 1 Miniaudio | 2021-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| Miniaudio 0.10.35 has a Double free vulnerability that could cause a buffer overflow in ma_default_vfs_close__stdio in miniaudio.h. | |||||
| CVE-2021-0528 | 1 Google | 1 Android | 2021-06-23 | 4.6 MEDIUM | 7.8 HIGH |
| In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-185195266 | |||||
| CVE-2021-0498 | 1 Google | 1 Android | 2021-06-15 | 7.2 HIGH | 7.8 HIGH |
| In memory management driver, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-183461321 | |||||
| CVE-2021-0473 | 1 Google | 1 Android | 2021-06-14 | 8.3 HIGH | 8.8 HIGH |
| In rw_t3t_process_error of rw_t3t.cc, there is a possible double free due to uninitialized data. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-179687208 | |||||
| CVE-2021-3492 | 1 Canonical | 1 Ubuntu Linux | 2021-05-21 | 7.2 HIGH | 7.8 HIGH |
| Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. | |||||
| CVE-2021-1910 | 1 Qualcomm | 746 Apq8009, Apq8009 Firmware, Apq8009w and 743 more | 2021-05-12 | 10.0 HIGH | 9.8 CRITICAL |
| Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-31449 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2021-05-11 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13280. | |||||
| CVE-2021-31996 | 1 Algorithmica Project | 1 Algorithmica | 2021-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. There is a double free in merge_sort::merge(). | |||||
| CVE-2021-22332 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2021-05-07 | 5.0 MEDIUM | 7.5 HIGH |
| There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copied to two functional modules. Attackers can exploit this vulnerability by performing a malicious operation to cause the pointer double free. This may lead to module crash, compromising normal service. | |||||
| CVE-2020-36318 | 1 Rust-lang | 1 Rust | 2021-04-26 | 7.5 HIGH | 9.8 CRITICAL |
| In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free. | |||||
| CVE-2021-0437 | 1 Google | 1 Android | 2021-04-16 | 4.6 MEDIUM | 7.8 HIGH |
| In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-176168330 | |||||
| CVE-2020-11246 | 1 Qualcomm | 634 Apq8017, Apq8017 Firmware, Apq8037 and 631 more | 2021-04-12 | 7.2 HIGH | 7.8 HIGH |
| A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2020-11231 | 1 Qualcomm | 430 Apq8017, Apq8017 Firmware, Apq8053 and 427 more | 2021-04-12 | 4.6 MEDIUM | 6.7 MEDIUM |
| Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-30455 | 1 Id-map Project | 1 Id-map | 2021-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clone_from upon a .clone panic. | |||||
| CVE-2021-30456 | 1 Id-map Project | 1 Id-map | 2021-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in get_or_insert upon a panic of a user-provided f function. | |||||
| CVE-2021-30457 | 1 Id-map Project | 1 Id-map | 2021-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in remove_set upon a panic in a Drop impl. | |||||