Total
483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43268 | 1 Windriver | 1 Vxworks | 2021-12-01 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free. | |||||
| CVE-2019-8044 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-11-22 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2021-40873 | 1 Softing | 7 Datafeed Opc Suite, Edgeconnector, Opc and 4 more | 2021-11-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted. | |||||
| CVE-2021-1119 | 1 Nvidia | 1 Virtual Gpu | 2021-11-02 | 3.6 LOW | 7.1 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability. | |||||
| CVE-2021-25477 | 2 Google, Mediatek | 4 Android, Mt6762, Mt6765 and 1 more | 2021-10-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service. | |||||
| CVE-2021-39528 | 1 Gnu | 1 Libredwg | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MATERIAL_private() in dwg.spec has a double free. | |||||
| CVE-2021-1934 | 1 Qualcomm | 194 Apq8017, Apq8017 Firmware, Apq8053 and 191 more | 2021-09-21 | 7.2 HIGH | 7.8 HIGH |
| Possible memory corruption due to improper check when application loader object is explicitly destructed while application is unloading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT | |||||
| CVE-2021-30703 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-17 | 7.2 HIGH | 7.8 HIGH |
| A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-1875 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2021-09-16 | 6.8 MEDIUM | 7.8 HIGH |
| A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption. | |||||
| CVE-2020-35885 | 1 Alpm-rs Project | 1 Alpm-rs | 2021-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation. | |||||
| CVE-2015-0312 | 4 Adobe, Apple, Linux and 1 more | 8 Flash Player, Flash Player Desktop Runtime, Macos and 5 more | 2021-09-08 | 9.3 HIGH | N/A |
| Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2020-36434 | 1 Sys-info Project | 1 Sys-info | 2021-08-13 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free. | |||||
| CVE-2021-22425 | 1 Huawei | 1 Harmonyos | 2021-08-10 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges. | |||||
| CVE-2021-0271 | 1 Juniper | 10 Ex2200-c, Ex3200, Ex3300 and 7 more | 2021-07-23 | 3.3 LOW | 6.5 MEDIUM |
| A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series. 12.3 versions prior to 12.3R12-S17; 15.1 versions prior to 15.1R7-S8. This issue only affects the listed Marvell-chipset based EX Series devices. No other products or platforms are affected. | |||||
| CVE-2019-9468 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-139683471 | |||||
| CVE-2019-2115 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-19943 | 1 Pablosoftwaresolutions | 1 Quick \'n Easy Web Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free. | |||||
| CVE-2020-5988 | 1 Nvidia | 1 Virtual Gpu Manager | 2021-07-21 | 3.6 LOW | 7.1 HIGH |
| NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | |||||
| CVE-2020-0241 | 1 Google | 1 Android | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-151456667 | |||||
| CVE-2019-14091 | 1 Qualcomm | 18 Mdm9607, Mdm9607 Firmware, Qcs405 and 15 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130 | |||||