Total
685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52384 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | N/A | 4.7 MEDIUM |
| Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2020-36785 | 1 Linux | 1 Linux Kernel | 2024-12-06 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs() The "s3a_buf" is freed along with all the other items on the "asd->s3a_stats" list. It leads to a double free and a use after free. | |||||
| CVE-2024-26257 | 1 Microsoft | 2 365 Apps, Office | 2024-12-05 | N/A | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2024-42123 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 4.4 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix double free err_addr pointer warnings In amdgpu_umc_bad_page_polling_timeout, the amdgpu_umc_handle_bad_pages will be run many times so that double free err_addr in some special case. So set the err_addr to NULL to avoid the warnings. | |||||
| CVE-2024-41965 | 1 Vim | 1 Vim | 2024-11-21 | N/A | 4.2 MEDIUM |
| Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648. | |||||
| CVE-2024-38087 | 1 Microsoft | 4 Sql Server 2016, Sql Server 2017, Sql Server 2019 and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
| SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | |||||
| CVE-2024-30097 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.8 HIGH |
| Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | |||||
| CVE-2024-30013 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2024-11-21 | N/A | 8.8 HIGH |
| Windows MultiPoint Services Remote Code Execution Vulnerability | |||||
| CVE-2024-27127 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | N/A | 7.2 HIGH |
| A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute arbitrary code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later | |||||
| CVE-2024-26930 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha->vp_map pointer Coverity scan reported potential risk of double free of the pointer ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed in function qla2x00_mem_free(ha). Assign NULL to vp_map and kfree take care of NULL. | |||||
| CVE-2024-21606 | 1 Juniper | 33 Junos, Srx100, Srx110 and 30 more | 2024-11-21 | N/A | 7.5 HIGH |
| A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed. This issue affects Juniper Networks Junos OS on SRX Series: * All versions earlier than 20.4R3-S8; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3. | |||||
| CVE-2024-21461 | 1 Qualcomm | 626 215 Mobile Platform, 215 Mobile Platform Firmware, 315 5g Iot Modem and 623 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption while performing finish HMAC operation when context is freed by keymaster. | |||||
| CVE-2023-52284 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2024-11-21 | N/A | 5.5 MEDIUM |
| Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled. | |||||
| CVE-2023-4389 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.0 HIGH |
| A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. | |||||
| CVE-2023-4256 | 2 Broadcom, Fedoraproject | 3 Tcpreplay, Extra Packages For Enterprise Linux, Fedora | 2024-11-21 | N/A | 5.5 MEDIUM |
| Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack. | |||||
| CVE-2023-48013 | 1 Gpac | 1 Gpac | 2024-11-21 | N/A | 7.8 HIGH |
| GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c. | |||||
| CVE-2023-45679 | 1 Nothings | 1 Stb Vorbis.c | 2024-11-21 | N/A | 7.3 HIGH |
| stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution. | |||||
| CVE-2023-45666 | 1 Nothings | 1 Stb Image.h | 2024-11-21 | N/A | 7.3 HIGH |
| stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed | |||||
| CVE-2023-45664 | 1 Nothings | 1 Stb Image.h | 2024-11-21 | N/A | 7.3 HIGH |
| stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution. | |||||
| CVE-2023-44247 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 6.6 MEDIUM |
| A double free vulnerability [CWE-415] in Fortinet FortiOS before 7.0.0 may allow a privileged attacker to execute code or commands via crafted HTTP or HTTPs requests. | |||||