Total
483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3238 | 1 Linux | 1 Linux Kernel | 2022-11-17 | N/A | 7.8 HIGH |
| A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
| CVE-2022-32614 | 2 Google, Mediatek | 10 Android, M6789, Mt6855 and 7 more | 2022-11-10 | N/A | 6.7 MEDIUM |
| In audio, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310571; Issue ID: ALPS07310571. | |||||
| CVE-2021-39432 | 1 Diplib | 1 Diplib | 2022-11-07 | N/A | 6.5 MEDIUM |
| diplib v3.0.0 is vulnerable to Double Free. | |||||
| CVE-2022-39002 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-11-03 | N/A | 9.8 CRITICAL |
| Double free vulnerability in the storage module. Successful exploitation of this vulnerability will cause the memory to be freed twice. | |||||
| CVE-2022-27416 | 1 Broadcom | 1 Tcpreplay | 2022-10-28 | 5.1 MEDIUM | 7.8 HIGH |
| Tcpreplay v4.4.1 was discovered to contain a double-free via __interceptor_free. | |||||
| CVE-2022-32574 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2022-10-26 | N/A | 6.5 MEDIUM |
| A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2021-37652 | 1 Google | 1 Tensorflow | 2022-10-25 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55) uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent `free`-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed. We have patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. | |||||
| CVE-2022-25750 | 1 Qualcomm | 30 Kailua, Kailua Firmware, Sg8275 and 27 more | 2022-10-20 | N/A | 8.8 HIGH |
| Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile | |||||
| CVE-2020-1686 | 1 Juniper | 1 Junos | 2022-10-19 | 7.8 HIGH | 7.5 HIGH |
| On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1. | |||||
| CVE-2020-16217 | 1 Advantech | 1 Webaccess\/hmi Designer | 2022-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
| CVE-2019-5797 | 1 Google | 1 Chrome | 2022-09-30 | N/A | 7.5 HIGH |
| Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-42778 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2022-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. | |||||
| CVE-2020-24978 | 1 Nasm | 1 Netwide Assembler | 2022-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7. | |||||
| CVE-2019-20892 | 2 Net-snmp, Oracle | 2 Net-snmp, Zfs Storage Appliance Kit | 2022-09-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. | |||||
| CVE-2018-16841 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2022-08-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process. | |||||
| CVE-2020-27794 | 1 Radare | 1 Radare2 | 2022-08-22 | N/A | 9.1 CRITICAL |
| A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash. | |||||
| CVE-2022-31614 | 1 Nvidia | 1 Virtual Gpu | 2022-08-10 | N/A | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure. | |||||
| CVE-2022-27864 | 1 Autodesk | 1 Design Review | 2022-08-08 | N/A | 8.8 HIGH |
| A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2022-36234 | 1 Simplenetwork Project | 1 Simplenetwork | 2022-08-04 | N/A | 7.5 HIGH |
| SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets. | |||||
| CVE-2022-32962 | 1 Hinet | 1 Hicos Natural Person Credential Component Client | 2022-08-02 | N/A | 6.8 MEDIUM |
| HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service. | |||||