Total
523 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20014 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GNU LibreDWG before 0.93. There is a double-free in dwg_free in free.c. | |||||
| CVE-2019-1999 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196. | |||||
| CVE-2019-1144 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. There are multiple ways an attacker could exploit the vulnerability: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to click a link in an email or instant message that takes users to the attacker's website, or by opening an attachment sent through email. In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability and then convince users to open the document file. The security update addresses the vulnerability by correcting how the Windows font library handles embedded fonts. | |||||
| CVE-2019-19943 | 1 Pablosoftwaresolutions | 1 Quick \'n Easy Web Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free. | |||||
| CVE-2019-19725 | 3 Canonical, Debian, Sysstat Project | 3 Ubuntu Linux, Debian Linux, Sysstat | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. | |||||
| CVE-2019-19005 | 2 Autotrace Project, Fedoraproject | 2 Autotrace, Fedora | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A bitmap double free in main.c in autotrace 0.31.1 allows attackers to cause an unspecified impact via a malformed bitmap image. This may occur after the use-after-free in CVE-2017-9182. | |||||
| CVE-2019-18874 | 1 Psutil Project | 1 Psutil | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. | |||||
| CVE-2019-17545 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Backports Sle and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | |||||
| CVE-2019-16880 | 1 Linea Project | 1 Linea | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method. | |||||
| CVE-2019-15551 | 1 Servo | 1 Smallvec | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity. | |||||
| CVE-2019-15504 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir). | |||||
| CVE-2019-15212 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-11-21 | 4.9 MEDIUM | 4.6 MEDIUM |
| An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver. | |||||
| CVE-2019-15151 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. | |||||
| CVE-2019-14091 | 1 Qualcomm | 18 Mdm9607, Mdm9607 Firmware, Qcs405 and 15 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Double free issue in NPU due to lack of resource locking mechanism to avoid race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, QCS405, Rennell, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130 | |||||
| CVE-2019-14065 | 1 Qualcomm | 74 Apq8009, Apq8009 Firmware, Apq8098 and 71 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| u'Pointer double free in HavenSvc due to not setting the pointer to NULL after freeing it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8998, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-14055 | 1 Qualcomm | 76 Apq8009, Apq8009 Firmware, Apq8017 and 73 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Possibility of use-after-free and double free because of not marking buffer as NULL after freeing can lead to dangling pointer access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8939, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-13105 | 1 Denx | 1 U-boot | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem. | |||||
| CVE-2019-12874 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free. | |||||
| CVE-2019-12865 | 1 Radare | 1 Radare2 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In radare2 through 3.5.1, cmd_mount in libr/core/cmd_mount.c has a double free for the ms command. | |||||
| CVE-2019-12219 | 1 Libsdl | 2 Sdl2 Image, Simple Directmedia Layer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c. | |||||