Total
523 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31996 | 1 Algorithmica Project | 1 Algorithmica | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the algorithmica crate through 2021-03-07 for Rust. There is a double free in merge_sort::merge(). | |||||
| CVE-2021-31449 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in PDF files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13280. | |||||
| CVE-2021-31162 | 2 Fedoraproject, Rust-lang | 2 Fedora, Rust | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics. | |||||
| CVE-2021-30703 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-30535 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-30457 | 1 Id-map Project | 1 Id-map | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in remove_set upon a panic in a Drop impl. | |||||
| CVE-2021-30456 | 1 Id-map Project | 1 Id-map | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in get_or_insert upon a panic of a user-provided f function. | |||||
| CVE-2021-30455 | 1 Id-map Project | 1 Id-map | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the id-map crate through 2021-02-26 for Rust. A double free can occur in IdMap::clone_from upon a .clone panic. | |||||
| CVE-2021-29940 | 1 Through Project | 1 Through | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in through and through_and) upon a panic of the map function. | |||||
| CVE-2021-29938 | 1 Slice-deque Project | 1 Slice-deque | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function. | |||||
| CVE-2021-29933 | 1 Insert Many Project | 1 Insert Many | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics. | |||||
| CVE-2021-29931 | 1 Arenavec Project | 1 Arenavec | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop(). | |||||
| CVE-2021-29929 | 1 Endian Trait Project | 1 Endian Trait | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the endian_trait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics. | |||||
| CVE-2021-29627 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free. | |||||
| CVE-2021-28041 | 4 Fedoraproject, Netapp, Openbsd and 1 more | 11 Fedora, Cloud Backup, Hci Compute Node and 8 more | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
| ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. | |||||
| CVE-2021-28034 | 1 Stack Dst Project | 1 Stack Dst | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the stack_dst crate before 0.6.1 for Rust. Because of the push_inner behavior, a double free can occur upon a val.clone() panic. | |||||
| CVE-2021-28031 | 1 Scratchpad Project | 1 Scratchpad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the scratchpad crate before 1.3.1 for Rust. The move_elements function can have a double-free upon a panic in a user-provided f function. | |||||
| CVE-2021-28028 | 1 Toodee Project | 1 Toodee | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the toodee crate before 0.3.0 for Rust. Row insertion can cause a double free upon an iterator panic. | |||||
| CVE-2021-27645 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Glibc | 2024-11-21 | 1.9 LOW | 2.5 LOW |
| The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. | |||||
| CVE-2021-27033 | 1 Autodesk | 1 Design Review | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||