Total
396 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-1934 | 1 Qualcomm | 194 Apq8017, Apq8017 Firmware, Apq8053 and 191 more | 2021-09-21 | 7.2 HIGH | 7.8 HIGH |
| Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT | |||||
| CVE-2021-30703 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-17 | 7.2 HIGH | 7.8 HIGH |
| A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-1875 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption. | |||||
| CVE-2020-35885 | 1 Alpm-rs Project | 1 Alpm-rs | 2021-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation. | |||||
| CVE-2015-0312 | 4 Adobe, Apple, Linux and 1 more | 8 Flash Player, Flash Player Desktop Runtime, Macos and 5 more | 2021-09-08 | 9.3 HIGH | N/A |
| Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2021-40145 | 1 Libgd | 1 Libgd | 2021-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes." | |||||
| CVE-2021-34734 | 1 Cisco | 1 Video Surveillance 7000 Ip Camera Firmware | 2021-08-26 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Link Layer Discovery Protocol (LLDP) implementation for the Cisco Video Surveillance 7000 Series IP Cameras firmware could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper management of memory resources, referred to as a double free. An attacker could exploit this vulnerability by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2020-36434 | 1 Sys-info Project | 1 Sys-info | 2021-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free. | |||||
| CVE-2021-22425 | 1 Huawei | 1 Harmonyos | 2021-08-10 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges. | |||||
| CVE-2021-0271 | 1 Juniper | 10 Ex2200-c, Ex3200, Ex3300 and 7 more | 2021-07-23 | 3.3 LOW | 6.5 MEDIUM |
| A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series. 12.3 versions prior to 12.3R12-S17; 15.1 versions prior to 15.1R7-S8. This issue only affects the listed Marvell-chipset based EX Series devices. No other products or platforms are affected. | |||||
| CVE-2019-8635 | 1 Apple | 1 Mac Os X | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5. An application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2019-9468 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-139683471 | |||||
| CVE-2020-5988 | 1 Nvidia | 1 Virtual Gpu Manager | 2021-07-21 | 3.6 LOW | 7.1 HIGH |
| NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | |||||
| CVE-2020-0241 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667 | |||||
| CVE-2020-8432 | 2 Denx, Opensuse | 2 U-boot, Leap | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis. | |||||
| CVE-2019-2115 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-19943 | 1 Pablosoftwaresolutions | 1 Quick \'n Easy Web Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free. | |||||
| CVE-2019-14091 | 1 Qualcomm | 18 Mdm9607, Mdm9607 Firmware, Qcs405 and 15 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130 | |||||
| CVE-2021-1888 | 1 Qualcomm | 310 Apq8017, Apq8017 Firmware, Apq8037 and 307 more | 2021-07-15 | 7.2 HIGH | 7.8 HIGH |
| Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-34333 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-07-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. A malformed input file could result in double free of an allocated buffer that leads to a crash. An attacker could leverage this vulnerability to cause denial of service condition. (CNVD-C-2021-79295) | |||||