Total
559 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-0081 | 2 Fedoraproject, Google | 2 Fedora, Android | 2024-08-04 | 7.8 High |
| In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144028297 | ||||
| CVE-2021-46700 | 1 Libsixel Project | 1 Libsixel | 2024-08-04 | 6.5 Medium |
| In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free. | ||||
| CVE-2021-46625 | 1 Bentley | 2 Microstation, View | 2024-08-04 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15455. | ||||
| CVE-2021-46621 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2024-08-04 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15415. | ||||
| CVE-2021-45288 | 1 Gpac | 1 Gpac | 2024-08-04 | 5.5 Medium |
| A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command. | ||||
| CVE-2021-44732 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2024-08-04 | 9.8 Critical |
| Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | ||||
| CVE-2021-43268 | 1 Windriver | 1 Vxworks | 2024-08-04 | 6.5 Medium |
| An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free. | ||||
| CVE-2021-42778 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2024-08-04 | 5.3 Medium |
| A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. | ||||
| CVE-2021-42613 | 2 Fedoraproject, Halibut Project | 2 Fedora, Halibut | 2024-08-04 | 7.8 High |
| A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document. | ||||
| CVE-2021-41688 | 1 Offis | 1 Dcmtk | 2024-08-04 | 7.5 High |
| DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack. | ||||
| CVE-2021-40145 | 1 Libgd | 1 Libgd | 2024-08-04 | 7.5 High |
| gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes. | ||||
| CVE-2021-40873 | 1 Softing | 7 Datafeed Opc Suite, Edgeconnector, Opc and 4 more | 2024-08-04 | 7.5 High |
| An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted. | ||||
| CVE-2021-40573 | 1 Gpac | 1 Gpac | 2024-08-04 | 5.5 Medium |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service. | ||||
| CVE-2021-40569 | 1 Gpac | 1 Gpac | 2024-08-04 | 5.5 Medium |
| The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service. | ||||
| CVE-2021-40571 | 1 Gpac | 1 Gpac | 2024-08-04 | 7.8 High |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||||
| CVE-2021-40574 | 1 Gpac | 1 Gpac | 2024-08-04 | 7.8 High |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||||
| CVE-2021-40570 | 1 Gpac | 1 Gpac | 2024-08-04 | 7.8 High |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||||
| CVE-2021-40572 | 1 Gpac | 1 Gpac | 2024-08-04 | 5.5 Medium |
| The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service. | ||||
| CVE-2021-40038 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-08-04 | 7.5 High |
| There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | ||||
| CVE-2021-39806 | 1 Google | 1 Android | 2024-08-04 | 7.8 High |
| In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420 | ||||