Total
523 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29366 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Geolocation Service Remote Code Execution Vulnerability | |||||
| CVE-2023-28583 | 1 Qualcomm | 60 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 57 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address. | |||||
| CVE-2023-28464 | 2 Linux, Netapp | 6 Linux Kernel, H300s Firmware, H410c Firmware and 3 more | 2024-11-21 | N/A | 7.8 HIGH |
| hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. | |||||
| CVE-2023-28411 | 1 Intel | 20 Server System D50tnp1mhcpac, Server System D50tnp1mhcpac Firmware, Server System D50tnp1mhcrac and 17 more | 2024-11-21 | N/A | 6.3 MEDIUM |
| Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. | |||||
| CVE-2023-28296 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2024-11-21 | N/A | 7.8 HIGH |
| Visual Studio Remote Code Execution Vulnerability | |||||
| CVE-2023-27537 | 4 Broadcom, Haxx, Netapp and 1 more | 13 Brocade Fabric Operating System Firmware, Libcurl, Active Iq Unified Manager and 10 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free. | |||||
| CVE-2023-27320 | 2 Fedoraproject, Sudo Project | 2 Fedora, Sudo | 2024-11-21 | N/A | 7.2 HIGH |
| Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | |||||
| CVE-2023-26545 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-11-21 | N/A | 4.7 MEDIUM |
| In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | |||||
| CVE-2023-25801 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 8.0 HIGH |
| TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1. | |||||
| CVE-2023-25136 | 3 Fedoraproject, Netapp, Openbsd | 9 Fedora, 500f, 500f Firmware and 6 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible." | |||||
| CVE-2023-24903 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2024-11-21 | N/A | 8.1 HIGH |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||
| CVE-2023-23402 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
| Windows Media Remote Code Execution Vulnerability | |||||
| CVE-2023-21629 | 1 Qualcomm | 424 205, 205 Firmware, 215 and 421 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. | |||||
| CVE-2023-21500 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 6.0 MEDIUM |
| Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory. | |||||
| CVE-2023-21106 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265016072References: Upstream kernel | |||||
| CVE-2023-21030 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
| In Confirmation of keystore_cli_v2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226234140 | |||||
| CVE-2023-1999 | 1 Webmproject | 1 Libwebp | 2024-11-21 | N/A | 5.3 MEDIUM |
| There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. | |||||
| CVE-2023-1449 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223294 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1032 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | N/A | 4.7 MEDIUM |
| The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067. | |||||
| CVE-2022-4744 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||