Search
Total
199 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2588 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-01-12 | N/A | 7.8 HIGH |
| It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | |||||
| CVE-2023-28583 | 1 Qualcomm | 60 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 57 more | 2024-01-08 | N/A | 7.8 HIGH |
| Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. | |||||
| CVE-2020-17019 | 1 Microsoft | 1 Office | 2023-12-31 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2020-16970 | 1 Microsoft | 1 Azure Sphere | 2023-12-31 | 7.2 HIGH | 8.1 HIGH |
| Azure Sphere Unsigned Code Execution Vulnerability | |||||
| CVE-2023-28464 | 2 Linux, Netapp | 6 Linux Kernel, H300s Firmware, H410c Firmware and 3 more | 2023-12-22 | N/A | 7.8 HIGH |
| hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. | |||||
| CVE-2023-4389 | 1 Linux | 1 Linux Kernel | 2023-12-22 | N/A | 7.1 HIGH |
| A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. | |||||
| CVE-2023-40103 | 1 Google | 1 Android | 2023-12-22 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-41678 | 1 Fortinet | 2 Fortios, Fortipam | 2023-12-15 | N/A | 8.8 HIGH |
| A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request. | |||||
| CVE-2023-42459 | 1 Eprosima | 1 Fast Dds | 2023-11-28 | N/A | 7.5 HIGH |
| Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48013 | 1 Gpac | 1 Gpac | 2023-11-22 | N/A | 7.8 HIGH |
| GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c. | |||||
| CVE-2023-1449 | 1 Gpac | 1 Gpac | 2023-11-15 | N/A | 7.8 HIGH |
| A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223294 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-39975 | 1 Mit | 1 Kerberos 5 | 2023-08-22 | N/A | 8.8 HIGH |
| kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another. | |||||
| CVE-2022-40304 | 3 Apple, Netapp, Xmlsoft | 22 Ipados, Iphone Os, Macos and 19 more | 2023-08-08 | N/A | 7.8 HIGH |
| An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. | |||||
| CVE-2023-3312 | 1 Linux | 1 Linux Kernel | 2023-07-31 | N/A | 7.5 HIGH |
| A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service. | |||||
| CVE-2023-38434 | 2 Linux, Xhttp Project | 2 Linux Kernel, Xhttp | 2023-07-27 | N/A | 7.5 HIGH |
| xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method. | |||||
| CVE-2022-2327 | 1 Linux | 1 Linux Kernel | 2022-07-29 | N/A | 7.8 HIGH |
| io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859 | |||||
| CVE-2020-9859 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2017-9078 | 3 Debian, Dropbear Ssh Project, Netapp | 4 Debian Linux, Dropbear Ssh, H410c and 1 more | 2022-07-11 | 8.5 HIGH | 8.8 HIGH |
| The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. | |||||
| CVE-2021-41688 | 1 Offis | 1 Dcmtk | 2022-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack. | |||||
| CVE-2022-28388 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2022-07-04 | 4.6 MEDIUM | 7.8 HIGH |
| usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | |||||
| CVE-2022-28389 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2022-07-04 | 4.6 MEDIUM | 7.8 HIGH |
| mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | |||||
| CVE-2022-28390 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2022-07-04 | 4.6 MEDIUM | 7.8 HIGH |
| ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | |||||
| CVE-2021-27033 | 1 Autodesk | 1 Design Review | 2022-07-01 | 6.8 MEDIUM | 7.8 HIGH |
| A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2022-33033 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c. | |||||
| CVE-2022-31291 | 1 Genivi | 1 Diagnostic Log And Trace | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. | |||||
| CVE-2021-39806 | 1 Google | 1 Android | 2022-06-24 | 4.6 MEDIUM | 7.8 HIGH |
| In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420 | |||||
| CVE-2022-22103 | 1 Qualcomm | 4 Sa8540p, Sa8540p Firmware, Sa9000p and 1 more | 2022-06-22 | 7.2 HIGH | 7.8 HIGH |
| Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto | |||||
| CVE-2021-42613 | 1 Halibut Project | 1 Halibut | 2022-06-16 | 6.8 MEDIUM | 7.8 HIGH |
| A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document. | |||||
| CVE-2022-29156 | 1 Linux | 1 Linux Kernel | 2022-06-02 | 7.2 HIGH | 7.8 HIGH |
| drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. | |||||
| CVE-2020-9844 | 1 Apple | 3 Ipad Os, Iphone Os, Mac Os X | 2022-06-02 | 7.8 HIGH | 7.5 HIGH |
| A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2021-29627 | 1 Freebsd | 1 Freebsd | 2022-05-27 | 7.2 HIGH | 7.8 HIGH |
| In FreeBSD 13.0-STABLE before n245050, 12.2-STABLE before r369525, 13.0-RC4 before p0, and 12.2-RELEASE before p6, listening socket accept filters implementing the accf_create callback incorrectly freed a process supplied argument string. Additional operations on the socket can lead to a double free or use after free. | |||||
| CVE-2022-29032 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2022-05-26 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
| CVE-2021-22600 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-05-26 | 7.2 HIGH | 7.8 HIGH |
| A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 | |||||
| CVE-2021-28041 | 4 Fedoraproject, Netapp, Openbsd and 1 more | 11 Fedora, Cloud Backup, Hci Compute Node and 8 more | 2022-05-20 | 4.6 MEDIUM | 7.1 HIGH |
| ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. | |||||
| CVE-2021-21797 | 1 Gonitro | 1 Nitro Pro | 2022-05-13 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lead to code execution under the context of the application. An attacker can convince a user to open a document to trigger this vulnerability. | |||||
| CVE-2020-14123 | 1 Mi | 1 Miui | 2022-05-03 | 5.0 MEDIUM | 7.5 HIGH |
| There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges. | |||||
| CVE-2020-0081 | 2 Fedoraproject, Google | 2 Fedora, Android | 2022-05-03 | 7.2 HIGH | 7.8 HIGH |
| In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144028297 | |||||
| CVE-2021-3403 | 3 Fedoraproject, Redhat, Ytnef Project | 3 Fedora, Enterprise Linux, Ytnef | 2022-04-25 | 6.8 MEDIUM | 7.8 HIGH |
| In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. | |||||
| CVE-2021-4091 | 2 Port389, Redhat | 8 389-ds-base, Enterprise Linux Desktop, Enterprise Linux For Ibm Z Systems and 5 more | 2022-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. | |||||
| CVE-2021-46625 | 1 Bentley | 2 Microstation, View | 2022-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15455. | |||||
| CVE-2021-46621 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15415. | |||||
| CVE-2022-23012 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2022-02-01 | 7.1 HIGH | 7.5 HIGH |
| On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2016-5384 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2022-01-31 | 4.6 MEDIUM | 7.8 HIGH |
| fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. | |||||
| CVE-2021-40574 | 1 Gpac | 1 Gpac | 2022-01-14 | 6.8 MEDIUM | 7.8 HIGH |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | |||||
| CVE-2021-40570 | 1 Gpac | 1 Gpac | 2022-01-14 | 6.8 MEDIUM | 7.8 HIGH |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | |||||
| CVE-2021-40571 | 1 Gpac | 1 Gpac | 2022-01-14 | 6.8 MEDIUM | 7.8 HIGH |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges. | |||||
| CVE-2021-40038 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2019-19005 | 2 Autotrace Project, Fedoraproject | 2 Autotrace, Fedora | 2022-01-01 | 6.8 MEDIUM | 7.8 HIGH |
| A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182. | |||||
| CVE-2016-1516 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2021-12-16 | 6.8 MEDIUM | 8.8 HIGH |
| OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. | |||||
| CVE-2021-37072 | 1 Huawei | 1 Harmonyos | 2021-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Incorrect Calculation of Buffer Size vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory crash. | |||||