Total
603 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28390 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2025-06-25 | 4.6 MEDIUM | 7.8 HIGH |
| ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. | |||||
| CVE-2023-26545 | 3 Debian, Linux, Netapp | 12 Debian Linux, Linux Kernel, H300s and 9 more | 2025-06-25 | N/A | 4.7 MEDIUM |
| In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | |||||
| CVE-2025-5914 | 2 Libarchive, Redhat | 3 Libarchive, Enterprise Linux, Openshift Container Platform | 2025-06-20 | N/A | 3.9 LOW |
| A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. | |||||
| CVE-2025-23095 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 7 more | 2025-06-11 | N/A | 6.5 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2025-23096 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 7 more | 2025-06-11 | N/A | 6.5 MEDIUM |
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2025-23102 | 1 Samsung | 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more | 2025-06-10 | N/A | 8.8 HIGH |
| An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380, 1480 and 2400. A Double Free in the mobile processor leads to privilege escalation. | |||||
| CVE-2021-27645 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Glibc | 2025-06-09 | 1.9 LOW | 2.5 LOW |
| The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. | |||||
| CVE-2021-22945 | 8 Apple, Debian, Fedoraproject and 5 more | 25 Macos, Debian Linux, Fedora and 22 more | 2025-06-09 | 5.8 MEDIUM | 9.1 CRITICAL |
| When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. | |||||
| CVE-2024-20498 | 1 Cisco | 50 Meraki Mx100, Meraki Mx100 Firmware, Meraki Mx105 and 47 more | 2025-06-04 | N/A | 8.6 HIGH |
| Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. | |||||
| CVE-2024-35368 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | N/A | 9.8 CRITICAL |
| FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. | |||||
| CVE-2024-35365 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | N/A | 8.8 HIGH |
| FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. | |||||
| CVE-2025-31235 | 1 Apple | 2 Ipados, Macos | 2025-05-27 | N/A | 6.5 MEDIUM |
| A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to cause unexpected system termination. | |||||
| CVE-2025-31241 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-05-27 | N/A | 5.3 MEDIUM |
| A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination. | |||||
| CVE-2022-48740 | 1 Linux | 1 Linux Kernel | 2025-05-27 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the cond_list_destroy() gets called a second time in caller functions, resulting in NULL pointer deref. Fix this by resetting the cond_list_len to 0 in cond_list_destroy(), making subsequent calls a noop. Also consistently reset the cond_list pointer to NULL after freeing. [PM: fix line lengths in the description] | |||||
| CVE-2025-5100 | 2025-05-27 | N/A | 8.0 HIGH | ||
| A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution. | |||||
| CVE-2019-5797 | 1 Google | 1 Chrome | 2025-05-20 | N/A | 7.5 HIGH |
| Double free in DOMStorage in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2025-4574 | 2025-05-16 | N/A | 6.5 MEDIUM | ||
| In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption. | |||||
| CVE-2022-25660 | 1 Qualcomm | 186 Aqt1000, Aqt1000 Firmware, Ar8035 and 183 more | 2025-05-15 | N/A | 7.8 HIGH |
| Memory corruption due to double free issue in kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2022-0699 | 1 Osgeo | 1 Shapelib | 2025-05-13 | N/A | 9.8 CRITICAL |
| A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc. | |||||
| CVE-2022-25750 | 1 Qualcomm | 30 Kailua, Kailua Firmware, Sg8275 and 27 more | 2025-05-13 | N/A | 8.4 HIGH |
| Memory corruption in BTHOST due to double free while music playback and calls over bluetooth headset in Snapdragon Mobile | |||||