Total
62 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-31625 | 2 Debian, Php | 2 Debian Linux, Php | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. | |||||
CVE-2022-24958 | 4 Debian, Fedoraproject, Linux and 1 more | 19 Debian Linux, Fedora, Linux Kernel and 16 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. | |||||
CVE-2021-41073 | 4 Debian, Fedoraproject, Linux and 1 more | 21 Debian Linux, Fedora, Linux Kernel and 18 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. | |||||
CVE-2021-40042 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800. | |||||
CVE-2021-42377 | 3 Busybox, Fedoraproject, Netapp | 19 Busybox, Fedora, Cloud Backup and 16 more | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. | |||||
CVE-2021-3939 | 1 Canonical | 2 Accountsservice, Ubuntu Linux | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1. | |||||
CVE-2020-12963 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system. | |||||
CVE-2021-45261 | 1 Gnu | 1 Patch | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. | |||||
CVE-2020-12982 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An invalid object pointer free vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. | |||||
CVE-2021-24028 | 1 Facebook | 1 Thrift | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. | |||||
CVE-2021-28216 | 1 Tianocore | 1 Edk Ii | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. | |||||
CVE-2020-36404 | 2 Keystone-engine, Linux | 2 Keystone, Linux Kernel | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl. | |||||
CVE-2021-30473 | 2 Aomedia, Fedoraproject | 2 Aomedia, Fedora | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap. | |||||
CVE-2021-22760 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A CWE-763: Release of invalid pointer or reference vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to missing checks of user-supplied input data, when a malicious CGF file is imported to IGSS Definition. | |||||
CVE-2021-3682 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2024-02-28 | 6.0 MEDIUM | 8.5 HIGH |
A flaw was found in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. It occurs when dropping packets during a bulk transfer from a SPICE client due to the packet queue being full. A malicious SPICE client could use this flaw to make QEMU call free() with faked heap chunk metadata, resulting in a crash of QEMU or potential code execution with the privileges of the QEMU process on the host. | |||||
CVE-2020-0444 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel | |||||
CVE-2020-36224 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | |||||
CVE-2021-21401 | 1 Nanopb Project | 1 Nanopb | 2024-02-28 | 5.5 MEDIUM | 7.1 HIGH |
Nanopb is a small code-size Protocol Buffers implementation in ansi C. In Nanopb before versions 0.3.9.8 and 0.4.5, decoding a specifically formed message can cause invalid `free()` or `realloc()` calls if the message type contains an `oneof` field, and the `oneof` directly contains both a pointer field and a non-pointer field. If the message data first contains the non-pointer field and then the pointer field, the data of the non-pointer field is incorrectly treated as if it was a pointer value. Such message data rarely occurs in normal messages, but it is a concern when untrusted data is parsed. This has been fixed in versions 0.3.9.8 and 0.4.5. See referenced GitHub Security Advisory for more information including workarounds. | |||||
CVE-2020-5139 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||
CVE-2020-28941 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. |