Total
622 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-36043 | 1 Rizin | 1 Rizin | 2024-11-21 | N/A | 7.8 HIGH |
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.4.0 and prior are vulnerable to a double free in bobj.c:rz_bin_reloc_storage_free() when freeing relocations generated from qnx binary plugin. A user opening a malicious qnx binary could be affected by this vulnerability, allowing an attacker to execute code on the user's machine. Commit number a3d50c1ea185f3f642f2d8180715f82d98840784 contains a patch for this issue. | |||||
CVE-2022-34495 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | |||||
CVE-2022-34494 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | |||||
CVE-2022-33307 | 1 Qualcomm | 220 Aqt1000, Aqt1000 Firmware, Qam8255p and 217 more | 2024-11-21 | N/A | 8.4 HIGH |
Memory Corruption due to double free in automotive when a bad HLOS address for one of the lists to be mapped is passed. | |||||
CVE-2022-33231 | 1 Qualcomm | 438 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8098 and 435 more | 2024-11-21 | N/A | 9.3 CRITICAL |
Memory corruption due to double free in core while initializing the encryption key. | |||||
CVE-2022-33227 | 1 Qualcomm | 142 Aqt1000, Aqt1000 Firmware, Csrb31024 and 139 more | 2024-11-21 | N/A | 6.7 MEDIUM |
Memory corruption in Linux android due to double free while calling unregister provider after register call. | |||||
CVE-2022-33033 | 1 Gnu | 1 Libredwg | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c. | |||||
CVE-2022-32962 | 1 Hinet | 1 Hicos Natural Person Credential Component Client | 2024-11-21 | N/A | 6.8 MEDIUM |
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service. | |||||
CVE-2022-32574 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2022-31614 | 1 Nvidia | 1 Virtual Gpu | 2024-11-21 | N/A | 7.0 HIGH |
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure. | |||||
CVE-2022-31291 | 2 Debian, Genivi | 2 Debian Linux, Diagnostic Log And Trace | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. | |||||
CVE-2022-31117 | 2 Fedoraproject, Ultrajson Project | 2 Fedora, Ultrajson | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue. | |||||
CVE-2022-2588 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | N/A | 5.3 MEDIUM |
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | |||||
CVE-2022-2519 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2024-11-21 | N/A | 6.5 MEDIUM |
There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 | |||||
CVE-2022-2509 | 4 Debian, Fedoraproject, Gnu and 1 more | 4 Debian Linux, Fedora, Gnutls and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. | |||||
CVE-2022-2327 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.5 HIGH |
io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859 | |||||
CVE-2022-2008 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-29156 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. | |||||
CVE-2022-29032 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. | |||||
CVE-2022-28738 | 1 Ruby-lang | 1 Ruby | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations. |