Total
483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14449 | 2 Debian, Libsdl | 2 Debian Linux, Sdl Image | 2022-04-19 | 6.8 MEDIUM | 8.8 HIGH |
| A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability. | |||||
| CVE-2022-25796 | 1 Autodesk | 1 Navisworks | 2022-04-19 | 6.8 MEDIUM | 7.8 HIGH |
| A Double Free vulnerability allows remote malicious actors to execute arbitrary code on DWF file in Autodesk Navisworks 2022 within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2020-27153 | 3 Bluez, Debian, Opensuse | 3 Bluez, Debian Linux, Leap | 2022-04-05 | 7.5 HIGH | 8.6 HIGH |
| In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. | |||||
| CVE-2021-39725 | 1 Google | 1 Android | 2022-03-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151454974References: N/A | |||||
| CVE-2021-23158 | 1 Htmldoc Project | 1 Htmldoc | 2022-03-22 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service. | |||||
| CVE-2015-8880 | 1 Php | 1 Php | 2022-03-01 | 10.0 HIGH | 9.8 CRITICAL |
| Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error. | |||||
| CVE-2021-46700 | 1 Libsixel Project | 1 Libsixel | 2022-03-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free. | |||||
| CVE-2021-46625 | 1 Bentley | 2 Microstation, View | 2022-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15455. | |||||
| CVE-2021-46621 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2022-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JT files. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15415. | |||||
| CVE-2008-2944 | 3 Fedoraproject, Linux, Redhat | 3 Fedora Core, Linux Kernel, Enterprise Linux | 2022-02-07 | 4.9 MEDIUM | N/A |
| Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365. | |||||
| CVE-2022-23012 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2022-02-01 | 7.1 HIGH | 7.5 HIGH |
| On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-37529 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2022-01-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent). | |||||
| CVE-2021-40573 | 1 Gpac | 1 Gpac | 2022-01-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service. | |||||
| CVE-2021-37120 | 1 Huawei | 2 Emui, Magic Ui | 2022-01-13 | 10.0 HIGH | 9.8 CRITICAL |
| There is a Double free vulnerability in Smartphone.Successful exploitation of this vulnerability may cause a kernel crash or privilege escalation. | |||||
| CVE-2021-40038 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Double free vulnerability in the AOD module in smartphones. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2021-45288 | 1 Gpac | 1 Gpac | 2022-01-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command. | |||||
| CVE-2016-1516 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2021-12-16 | 6.8 MEDIUM | 8.8 HIGH |
| OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. | |||||
| CVE-2021-37072 | 1 Huawei | 1 Harmonyos | 2021-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Incorrect Calculation of Buffer Size vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory crash. | |||||
| CVE-2017-6166 | 1 F5 | 11 Big-ip Afm, Big-ip Analytics, Big-ip Apm and 8 more | 2021-12-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device. | |||||
| CVE-2021-22386 | 1 Huawei | 2 Emui, Magic Ui | 2021-12-09 | 6.9 MEDIUM | 7.0 HIGH |
| A component of the Huawei smartphone has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevation of Privileges. | |||||