Total
478 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11730 | 1 Libfsntfs Project | 1 Libfsntfs | 2024-05-17 | 1.9 LOW | 5.5 MEDIUM |
| The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub | |||||
| CVE-2024-30027 | 2024-05-14 | N/A | 7.8 HIGH | ||
| NTFS Elevation of Privilege Vulnerability | |||||
| CVE-2023-52383 | 2024-05-14 | N/A | 4.7 MEDIUM | ||
| Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2023-52384 | 2024-05-14 | N/A | 4.7 MEDIUM | ||
| Double-free vulnerability in the RSMC module Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2021-34981 | 2024-05-08 | N/A | 7.5 HIGH | ||
| Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11977. | |||||
| CVE-2024-2002 | 2024-04-19 | N/A | 7.5 HIGH | ||
| A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results. | |||||
| CVE-2024-3446 | 2024-04-18 | N/A | 8.2 HIGH | ||
| A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host. | |||||
| CVE-2023-21629 | 1 Qualcomm | 424 205, 205 Firmware, 215 and 421 more | 2024-04-12 | N/A | 6.8 MEDIUM |
| Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. | |||||
| CVE-2022-40522 | 1 Qualcomm | 108 Csr8811, Csr8811 Firmware, Ipq6000 and 105 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption in Linux Networking due to double free while handling a hyp-assign. | |||||
| CVE-2022-40515 | 1 Qualcomm | 318 Apq8009, Apq8009 Firmware, Apq8009w and 315 more | 2024-04-12 | N/A | 9.8 CRITICAL |
| Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms. | |||||
| CVE-2022-40507 | 1 Qualcomm | 484 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 481 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption due to double free in Core while mapping HLOS address to the list. | |||||
| CVE-2022-33307 | 1 Qualcomm | 220 Aqt1000, Aqt1000 Firmware, Qam8255p and 217 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed. | |||||
| CVE-2022-33231 | 1 Qualcomm | 438 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 435 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption due to double free in core while initializing the encryption key. | |||||
| CVE-2022-33227 | 1 Qualcomm | 142 Aqt1000, Aqt1000 Firmware, Csrb31024 and 139 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption in Linux android due to double free while calling unregister provider after register call. | |||||
| CVE-2023-28583 | 1 Qualcomm | 60 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 57 more | 2024-04-12 | N/A | 7.8 HIGH |
| Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. | |||||
| CVE-2024-21445 | 2024-04-11 | N/A | 7.0 HIGH | ||
| Windows USB Print Driver Elevation of Privilege Vulnerability | |||||
| CVE-2021-46938 | 1 Linux | 1 Linux Kernel | 2024-04-10 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blk_mq_tag_set for the device fails, a following device remove will cause a double free. E.g. (dmesg): device-mapper: core: Cannot initialize queue for request-based dm-mq mapped device device-mapper: ioctl: unable to set up device queue for new table. Unable to handle kernel pointer dereference in virtual kernel address space Failing address: 0305e098835de000 TEID: 0305e098835de803 Fault in home space mode while using kernel ASCE. AS:000000025efe0007 R3:0000000000000024 Oops: 0038 ilc:3 [#1] SMP Modules linked in: ... lots of modules ... Supported: Yes, External CPU: 0 PID: 7348 Comm: multipathd Kdump: loaded Tainted: G W X 5.3.18-53-default #1 SLE15-SP3 Hardware name: IBM 8561 T01 7I2 (LPAR) Krnl PSW : 0704e00180000000 000000025e368eca (kfree+0x42/0x330) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3 Krnl GPRS: 000000000000004a 000000025efe5230 c1773200d779968d 0000000000000000 000000025e520270 000000025e8d1b40 0000000000000003 00000007aae10000 000000025e5202a2 0000000000000001 c1773200d779968d 0305e098835de640 00000007a8170000 000003ff80138650 000000025e5202a2 000003e00396faa8 Krnl Code: 000000025e368eb8: c4180041e100 lgrl %r1,25eba50b8 000000025e368ebe: ecba06b93a55 risbg %r11,%r10,6,185,58 #000000025e368ec4: e3b010000008 ag %r11,0(%r1) >000000025e368eca: e310b0080004 lg %r1,8(%r11) 000000025e368ed0: a7110001 tmll %r1,1 000000025e368ed4: a7740129 brc 7,25e369126 000000025e368ed8: e320b0080004 lg %r2,8(%r11) 000000025e368ede: b904001b lgr %r1,%r11 Call Trace: [<000000025e368eca>] kfree+0x42/0x330 [<000000025e5202a2>] blk_mq_free_tag_set+0x72/0xb8 [<000003ff801316a8>] dm_mq_cleanup_mapped_device+0x38/0x50 [dm_mod] [<000003ff80120082>] free_dev+0x52/0xd0 [dm_mod] [<000003ff801233f0>] __dm_destroy+0x150/0x1d0 [dm_mod] [<000003ff8012bb9a>] dev_remove+0x162/0x1c0 [dm_mod] [<000003ff8012a988>] ctl_ioctl+0x198/0x478 [dm_mod] [<000003ff8012ac8a>] dm_ctl_ioctl+0x22/0x38 [dm_mod] [<000000025e3b11ee>] ksys_ioctl+0xbe/0xe0 [<000000025e3b127a>] __s390x_sys_ioctl+0x2a/0x40 [<000000025e8c15ac>] system_call+0xd8/0x2c8 Last Breaking-Event-Address: [<000000025e52029c>] blk_mq_free_tag_set+0x6c/0xb8 Kernel panic - not syncing: Fatal exception: panic_on_oops When allocation/initialization of the blk_mq_tag_set fails in dm_mq_init_request_queue(), it is uninitialized/freed, but the pointer is not reset to NULL; so when dev_remove() later gets into dm_mq_cleanup_mapped_device() it sees the pointer and tries to uninitialize and free it again. Fix this by setting the pointer to NULL in dm_mq_init_request_queue() error-handling. Also set it to NULL in dm_mq_cleanup_mapped_device(). | |||||
| CVE-2024-26257 | 2024-04-10 | N/A | 7.8 HIGH | ||
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2024-23809 | 2024-04-02 | N/A | 9.8 CRITICAL | ||
| A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2024-22097 | 2024-04-02 | N/A | 9.8 CRITICAL | ||
| A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||