Total
396 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-9806 | 1 Linux | 1 Linux Kernel | 2023-01-17 | 7.2 HIGH | 7.8 HIGH |
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated. | |||||
CVE-2022-25717 | 1 Qualcomm | 90 Apq8096au, Apq8096au Firmware, Aqt1000 and 87 more | 2023-01-12 | N/A | 7.8 HIGH |
Memory corruption in display due to double free while allocating frame buffer memory | |||||
CVE-2020-9844 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2023-01-09 | 7.8 HIGH | 7.5 HIGH |
A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | |||||
CVE-2020-9859 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2023-01-09 | 7.2 HIGH | 7.8 HIGH |
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges. | |||||
CVE-2022-28389 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2023-01-03 | 2.1 LOW | 5.5 MEDIUM |
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. | |||||
CVE-2022-28388 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2023-01-03 | 2.1 LOW | 5.5 MEDIUM |
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | |||||
CVE-2021-22945 | 7 Apple, Debian, Fedoraproject and 4 more | 24 Macos, Debian Linux, Fedora and 21 more | 2022-12-22 | 5.8 MEDIUM | 9.1 CRITICAL |
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. | |||||
CVE-2019-11049 | 5 Debian, Fedoraproject, Microsoft and 2 more | 5 Debian Linux, Fedora, Windows and 2 more | 2022-12-20 | 7.5 HIGH | 9.8 CRITICAL |
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations. | |||||
CVE-2019-19725 | 3 Canonical, Debian, Sysstat Project | 3 Ubuntu Linux, Debian Linux, Sysstat | 2022-12-08 | 7.5 HIGH | 9.8 CRITICAL |
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. | |||||
CVE-2021-4091 | 2 Port389, Redhat | 8 389-ds-base, Enterprise Linux Desktop, Enterprise Linux For Ibm Z Systems and 5 more | 2022-12-02 | 5.0 MEDIUM | 7.5 HIGH |
A double-free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash. | |||||
CVE-2022-28738 | 1 Ruby-lang | 1 Ruby | 2022-11-29 | 7.5 HIGH | 9.8 CRITICAL |
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations. | |||||
CVE-2018-3855 | 1 Hyland | 1 Perceptive Document Filters | 2022-11-28 | 6.8 MEDIUM | 7.8 HIGH |
In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution. | |||||
CVE-2022-3238 | 1 Linux | 1 Linux Kernel | 2022-11-17 | N/A | 7.8 HIGH |
A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
CVE-2022-32614 | 2 Google, Mediatek | 10 Android, M6789, Mt6855 and 7 more | 2022-11-10 | N/A | 6.7 MEDIUM |
In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310571; Issue ID: ALPS07310571. | |||||
CVE-2020-25637 | 2 Opensuse, Redhat | 2 Leap, Libvirt | 2022-11-07 | 7.2 HIGH | 6.7 MEDIUM |
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2021-39432 | 1 Diplib | 1 Diplib | 2022-11-06 | N/A | 6.5 MEDIUM |
diplib v3.0.0 is vulnerable to Double Free. | |||||
CVE-2022-31117 | 2 Fedoraproject, Ultrajson Project | 2 Fedora, Ultrajson | 2022-11-04 | 4.3 MEDIUM | 5.9 MEDIUM |
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue. | |||||
CVE-2021-27645 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Glibc | 2022-11-04 | 1.9 LOW | 2.5 LOW |
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. | |||||
CVE-2021-42613 | 2 Fedoraproject, Halibut Project | 2 Fedora, Halibut | 2022-11-04 | 6.8 MEDIUM | 7.8 HIGH |
A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document. | |||||
CVE-2022-39002 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-11-03 | N/A | 9.8 CRITICAL |
Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice. |