Total
619 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20127 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221862119 | ||||
| CVE-2022-1973 | 3 Fedoraproject, Linux, Netapp | 12 Fedora, Linux Kernel, H300s and 9 more | 2024-11-21 | 7.1 High |
| A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem. | ||||
| CVE-2021-4091 | 2 Port389, Redhat | 11 389-ds-base, Directory Server, Enterprise Linux and 8 more | 2024-11-21 | 7.5 High |
| A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. | ||||
| CVE-2021-46700 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | 6.5 Medium |
| In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free. | ||||
| CVE-2021-46625 | 1 Bentley | 2 Microstation, View | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15455. | ||||
| CVE-2021-46621 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15415. | ||||
| CVE-2021-45288 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command. | ||||
| CVE-2021-44732 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2024-11-21 | 9.8 Critical |
| Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. | ||||
| CVE-2021-43268 | 1 Windriver | 1 Vxworks | 2024-11-21 | 6.5 Medium |
| An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free. | ||||
| CVE-2021-42778 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2024-11-21 | 5.3 Medium |
| A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. | ||||
| CVE-2021-42613 | 2 Fedoraproject, Halibut Project | 2 Fedora, Halibut | 2024-11-21 | 7.8 High |
| A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document. | ||||
| CVE-2021-41688 | 1 Offis | 1 Dcmtk | 2024-11-21 | 7.5 High |
| DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack. | ||||
| CVE-2021-40873 | 1 Softing | 7 Datafeed Opc Suite, Edgeconnector, Opc and 4 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a client or server. The server process may crash unexpectedly because of a double free, and must be restarted. | ||||
| CVE-2021-40573 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service. | ||||
| CVE-2021-40572 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service. | ||||
| CVE-2021-40571 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||||
| CVE-2021-40570 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | ||||
| CVE-2021-40569 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service. | ||||
| CVE-2021-40145 | 1 Libgd | 1 Libgd | 2024-11-21 | 7.5 High |
| gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes. | ||||
| CVE-2021-40038 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | ||||