Total
478 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37652 | 1 Google | 1 Tensorflow | 2022-10-25 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.BoostedTreesCreateEnsemble` can result in a use after free error if an attacker supplies specially crafted arguments. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/boosted_trees/resource_ops.cc#L55) uses a reference counted resource and decrements the refcount if the initialization fails, as it should. However, when the code was written, the resource was represented as a naked pointer but later refactoring has changed it to be a smart pointer. Thus, when the pointer leaves the scope, a subsequent `free`-ing of the resource occurs, but this fails to take into account that the refcount has already reached 0, thus the resource has been already freed. During this double-free process, members of the resource object are accessed for cleanup but they are invalid as the entire resource has been freed. We have patched the issue in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. | |||||
| CVE-2022-25750 | 1 Qualcomm | 30 Kailua, Kailua Firmware, Sg8275 and 27 more | 2022-10-20 | N/A | 8.8 HIGH |
| Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile | |||||
| CVE-2020-1686 | 1 Juniper | 1 Junos | 2022-10-19 | 7.8 HIGH | 7.5 HIGH |
| On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1. | |||||
| CVE-2020-16217 | 1 Advantech | 1 Webaccess\/hmi Designer | 2022-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
| CVE-2019-5797 | 1 Google | 1 Chrome | 2022-09-30 | N/A | 7.5 HIGH |
| Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-42778 | 3 Fedoraproject, Opensc Project, Redhat | 3 Fedora, Opensc, Enterprise Linux | 2022-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. | |||||
| CVE-2020-24978 | 1 Nasm | 1 Netwide Assembler | 2022-09-02 | 7.5 HIGH | 9.8 CRITICAL |
| In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7. | |||||
| CVE-2019-20892 | 2 Net-snmp, Oracle | 2 Net-snmp, Zfs Storage Appliance Kit | 2022-09-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream release. | |||||
| CVE-2018-16841 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2022-08-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process. | |||||
| CVE-2020-27794 | 1 Radare | 1 Radare2 | 2022-08-22 | N/A | 9.1 CRITICAL |
| A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash. | |||||
| CVE-2022-31614 | 1 Nvidia | 1 Virtual Gpu | 2022-08-10 | N/A | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure. | |||||
| CVE-2022-27864 | 1 Autodesk | 1 Design Review | 2022-08-08 | N/A | 8.8 HIGH |
| A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2022-36234 | 1 Simplenetwork Project | 1 Simplenetwork | 2022-08-04 | N/A | 7.5 HIGH |
| SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets. | |||||
| CVE-2022-32962 | 1 Hinet | 1 Hicos Natural Person Credential Component Client | 2022-08-02 | N/A | 6.8 MEDIUM |
| HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service. | |||||
| CVE-2016-5772 | 4 Debian, Opensuse, Php and 1 more | 7 Debian Linux, Leap, Opensuse and 4 more | 2022-07-20 | 7.5 HIGH | 9.8 CRITICAL |
| Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call. | |||||
| CVE-2017-9078 | 3 Debian, Dropbear Ssh Project, Netapp | 4 Debian Linux, Dropbear Ssh, H410c and 1 more | 2022-07-11 | 8.5 HIGH | 8.8 HIGH |
| The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. | |||||
| CVE-2022-34494 | 1 Linux | 1 Linux Kernel | 2022-07-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | |||||
| CVE-2022-34495 | 1 Linux | 1 Linux Kernel | 2022-07-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | |||||
| CVE-2021-41688 | 1 Offis | 1 Dcmtk | 2022-07-06 | 5.0 MEDIUM | 7.5 HIGH |
| DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack. | |||||
| CVE-2021-27033 | 1 Autodesk | 1 Design Review | 2022-07-01 | 6.8 MEDIUM | 7.8 HIGH |
| A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||