Search Results (820 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-12858 1 Libzip 1 Libzip 2025-04-20 9.8 Critical
Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.
CVE-2017-15316 1 Huawei 4 Mate 9, Mate 9 Firmware, Mate 9 Pro and 1 more 2025-04-20 N/A
The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution.
CVE-2017-15364 1 Ccsv Project 1 Ccsv 2025-04-20 N/A
The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this is not present in version 1.1.0.
CVE-2017-16820 2 Collectd, Redhat 5 Collectd, Enterprise Linux, Openstack-optools and 2 more 2025-04-20 N/A
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).
CVE-2017-5334 3 Gnu, Opensuse, Redhat 3 Gnutls, Leap, Enterprise Linux 2025-04-20 N/A
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
CVE-2017-6074 3 Debian, Linux, Redhat 9 Debian Linux, Linux Kernel, Enterprise Linux and 6 more 2025-04-20 7.8 High
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
CVE-2017-6166 1 F5 11 Big-ip Afm, Big-ip Analytics, Big-ip Apm and 8 more 2025-04-20 5.9 Medium
In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.
CVE-2017-9078 3 Debian, Dropbear Ssh Project, Netapp 4 Debian Linux, Dropbear Ssh, H410c and 1 more 2025-04-20 8.8 High
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
CVE-2017-9686 1 Google 1 Android 2025-04-20 N/A
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used.
CVE-2017-9687 1 Google 1 Android 2025-04-20 N/A
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two concurrent threads/processes can write the value of "0" to the debugfs file that controls ipa ipc log which will lead to the double-free in ipc_log_context_destroy(). Another issue is the Use-After-Free which can happen due to the race condition when the ipc log is deallocated via the debugfs call during a log print.
CVE-2022-32574 1 Goabode 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware 2025-04-15 6.5 Medium
A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2022-44640 2 Heimdal Project, Samba 2 Heimdal, Samba 2025-04-15 9.8 Critical
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
CVE-2022-3595 1 Linux 1 Linux Kernel 2025-04-15 3.5 Low
A vulnerability was found in Linux Kernel. It has been rated as problematic. Affected by this issue is the function sess_free_buffer of the file fs/cifs/sess.c of the component CIFS Handler. The manipulation leads to double free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211364.
CVE-2023-36418 1 Microsoft 1 Azure Rtos Guix Studio 2025-04-14 7.8 High
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
CVE-2023-36420 1 Microsoft 2 Odbc Driver For Sql Server, Sql Server 2025-04-14 7.8 High
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2015-0312 5 Adobe, Apple, Linux and 2 more 9 Flash Player, Flash Player Desktop Runtime, Macos and 6 more 2025-04-12 N/A
Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.
CVE-2016-5768 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Software Collections 2025-04-12 N/A
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.
CVE-2016-5772 5 Debian, Opensuse, Php and 2 more 8 Debian Linux, Leap, Opensuse and 5 more 2025-04-12 9.8 Critical
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.
CVE-2016-9806 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-12 7.8 High
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.
CVE-2014-1767 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2025-04-12 N/A
Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."