Total
478 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29929 | 1 Endian Trait Project | 1 Endian Trait | 2021-04-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics. | |||||
| CVE-2021-0397 | 1 Google | 1 Android | 2021-03-15 | 7.5 HIGH | 9.8 CRITICAL |
| In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.1 Android-9 Android-10Android ID: A-174052148 | |||||
| CVE-2021-0392 | 1 Google | 1 Android | 2021-03-12 | 4.6 MEDIUM | 7.8 HIGH |
| In main of main.cpp, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-175124730 | |||||
| CVE-2021-28034 | 1 Stack Dst Project | 1 Stack Dst | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic. | |||||
| CVE-2021-28031 | 1 Scratchpad Project | 1 Scratchpad | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function. | |||||
| CVE-2021-28028 | 1 Toodee Project | 1 Toodee | 2021-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic. | |||||
| CVE-2021-26954 | 1 Qwutils Project | 1 Qwutils | 2021-02-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insert_slice_clone can perform a double drop. | |||||
| CVE-2021-22303 | 1 Huawei | 2 Taurus-al00a, Taurus-al00a Firmware | 2021-02-10 | 4.3 MEDIUM | 3.3 LOW |
| There is a pointer double free vulnerability in Taurus-AL00A 10.0.0.1(C00E1R1P1). There is a lack of muti-thread protection when a function is called. Attackers can exploit this vulnerability by performing malicious operation to cause pointer double free. This may lead to module crash, compromising normal service. | |||||
| CVE-2020-36205 | 1 Xcb Project | 1 Xcb | 2021-02-03 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur. | |||||
| CVE-2007-1216 | 3 Canonical, Debian, Mit | 3 Ubuntu Linux, Debian Linux, Kerberos 5 | 2021-02-02 | 9.0 HIGH | N/A |
| Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an "an invalid direction encoding". | |||||
| CVE-2004-0643 | 3 Debian, Mit, Redhat | 5 Debian Linux, Kerberos 5, Enterprise Linux Desktop and 2 more | 2021-02-02 | 4.6 MEDIUM | N/A |
| Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code. | |||||
| CVE-2021-25907 | 1 Containers Project | 1 Containers | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::{mutate,mutate2} double drop can be performed. | |||||
| CVE-2021-25908 | 1 Fil-ocl Project | 1 Fil-ocl | 2021-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the fil-ocl crate through 2021-01-04 for Rust. From<EventList> can lead to a double free. | |||||
| CVE-2020-3685 | 1 Qualcomm | 506 Apq8009, Apq8009w, Apq8017 and 503 more | 2021-01-29 | 7.8 HIGH | 7.5 HIGH |
| Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11217 | 1 Qualcomm | 193 Pm3003a, Pm4125, Pm6125 and 190 more | 2021-01-29 | 4.6 MEDIUM | 7.8 HIGH |
| A possible double free or invalid memory access in audio driver while reading Speaker Protection parameters in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2020-35891 | 1 Ordnung Project | 1 Ordnung | 2021-01-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via a remove() double free. | |||||
| CVE-2020-35862 | 1 Bitvec Project | 1 Bitvec | 2021-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free. | |||||
| CVE-2019-25009 | 1 Hyper | 1 Http | 2021-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness. | |||||
| CVE-2020-15710 | 2 Canonical, Pulseaudio Project | 2 Ubuntu Linux, Pulseaudio | 2020-12-16 | 3.6 LOW | 6.1 MEDIUM |
| Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14. | |||||
| CVE-2019-20633 | 1 Gnu | 1 Patch | 2020-11-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952. | |||||