Total
560 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28041 | 4 Fedoraproject, Netapp, Openbsd and 1 more | 11 Fedora, Cloud Backup, Hci Compute Node and 8 more | 2023-11-07 | 4.6 MEDIUM | 7.1 HIGH |
| ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host. | |||||
| CVE-2021-1565 | 1 Cisco | 54 Catalyst 9300-24p-a, Catalyst 9300-24p-e, Catalyst 9300-24s-a and 51 more | 2023-11-07 | 5.0 MEDIUM | 8.6 HIGH |
| Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition. | |||||
| CVE-2020-8432 | 2 Denx, Opensuse | 2 U-boot, Leap | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis. | |||||
| CVE-2020-36223 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). | |||||
| CVE-2020-36225 | 3 Apple, Debian, Openldap | 3 Macos, Debian Linux, Openldap | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | |||||
| CVE-2020-17498 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. | |||||
| CVE-2020-16590 | 2 Gnu, Netapp | 2 Binutils, Ontap Select Deploy Administration Utility | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. | |||||
| CVE-2020-14354 | 2 C-ares, Fedoraproject | 2 C-ares, Fedora | 2023-11-07 | 2.1 LOW | 3.3 LOW |
| A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability. | |||||
| CVE-2019-6978 | 3 Canonical, Debian, Libgd | 3 Ubuntu Linux, Debian Linux, Libgd | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected. | |||||
| CVE-2020-0081 | 2 Fedoraproject, Google | 2 Fedora, Android | 2023-11-07 | 7.2 HIGH | 7.8 HIGH |
| In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144028297 | |||||
| CVE-2019-5481 | 6 Debian, Fedoraproject, Haxx and 3 more | 13 Debian Linux, Fedora, Curl and 10 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | |||||
| CVE-2019-3829 | 2 Fedoraproject, Gnu | 2 Fedora, Gnutls | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in gnutls versions from 3.5.8 before 3.6.7. A memory corruption (double free) vulnerability in the certificate verification API. Any client or server application that verifies X.509 certificates with GnuTLS 3.5.8 or later is affected. | |||||
| CVE-2019-2126 | 4 Canonical, Fedoraproject, Google and 1 more | 4 Ubuntu Linux, Fedora, Android and 1 more | 2023-11-07 | 9.3 HIGH | 8.8 HIGH |
| In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368. | |||||
| CVE-2019-19005 | 2 Autotrace Project, Fedoraproject | 2 Autotrace, Fedora | 2023-11-07 | 6.8 MEDIUM | 7.8 HIGH |
| A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182. | |||||
| CVE-2019-18874 | 1 Psutil Project | 1 Psutil | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. | |||||
| CVE-2019-17545 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Backports Sle and 3 more | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | |||||
| CVE-2019-15504 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-11-07 | 10.0 HIGH | 9.8 CRITICAL |
| drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). | |||||
| CVE-2019-15151 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. | |||||
| CVE-2019-12874 | 1 Videolan | 1 Vlc Media Player | 2023-11-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. | |||||
| CVE-2019-12865 | 1 Radare | 1 Radare2 | 2023-11-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. | |||||