Total
456 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2425 | 1 Apple | 1 Mac Os X | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "SecurityFoundation" component. A double free vulnerability allows remote attackers to execute arbitrary code via a crafted certificate. | |||||
CVE-2017-5506 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file. | |||||
CVE-2017-5334 | 2 Gnu, Opensuse | 2 Gnutls, Leap | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension. | |||||
CVE-2015-8962 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 9.3 HIGH | 7.3 HIGH |
Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call. | |||||
CVE-2015-8894 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and later allows remote attackers to cause a denial of service (application crash) via a crafted tga file. | |||||
CVE-2016-6912 | 1 Libgd | 1 Libgd | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values. | |||||
CVE-2016-8360 | 1 Moxa | 1 Softcms | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code. | |||||
CVE-2016-1516 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code. | |||||
CVE-2014-9807 | 1 Imagemagick | 1 Imagemagick | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
The pdb coder in ImageMagick allows remote attackers to cause a denial of service (double free) via unspecified vectors. | |||||
CVE-2016-3177 | 1 Giflib Project | 1 Giflib | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors. | |||||
CVE-2017-6353 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986. | |||||
CVE-2016-8693 | 3 Fedoraproject, Jasper Project, Opensuse | 3 Fedora, Jasper, Opensuse | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command. | |||||
CVE-2017-5836 | 1 Libimobiledevice | 1 Libplist | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free. | |||||
CVE-2017-2636 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-10 | 6.9 MEDIUM | 7.0 HIGH |
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline. | |||||
CVE-2017-9078 | 3 Debian, Dropbear Ssh Project, Netapp | 4 Debian Linux, Dropbear Ssh, H410c and 1 more | 2023-12-10 | 8.5 HIGH | 8.8 HIGH |
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled. | |||||
CVE-2017-8890 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. | |||||
CVE-2016-5772 | 4 Debian, Opensuse, Php and 1 more | 7 Debian Linux, Leap, Opensuse and 4 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call. | |||||
CVE-2015-8880 | 1 Php | 1 Php | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error. | |||||
CVE-2016-5768 | 1 Php | 1 Php | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception. | |||||
CVE-2016-5384 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. |