ReportizFlow
Filtered by vendor
Subscriptions
Total
625 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23102 | 1 Samsung | 18 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 15 more | 2025-06-10 | 8.8 High |
| An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380, 1480 and 2400. A Double Free in the mobile processor leads to privilege escalation. | ||||
| CVE-2025-5914 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-06-10 | 3.9 Low |
| A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition. | ||||
| CVE-2021-27645 | 4 Debian, Fedoraproject, Gnu and 1 more | 4 Debian Linux, Fedora, Glibc and 1 more | 2025-06-09 | 2.5 Low |
| The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c. | ||||
| CVE-2021-22945 | 8 Apple, Debian, Fedoraproject and 5 more | 25 Macos, Debian Linux, Fedora and 22 more | 2025-06-09 | 9.1 Critical |
| When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*. | ||||
| CVE-2025-23095 | 2025-06-05 | 6.5 Medium | ||
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation. | ||||
| CVE-2025-23096 | 2025-06-05 | 6.5 Medium | ||
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation. | ||||
| CVE-2024-30097 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-06-05 | 8.8 High |
| Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | ||||
| CVE-2024-20498 | 1 Cisco | 52 Meraki Mx, Meraki Mx100, Meraki Mx100 Firmware and 49 more | 2025-06-05 | 8.6 High |
| Multiple vulnerabilities in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in the AnyConnect service on an affected device. These vulnerabilities are due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request to the VPN server of an affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and reauthenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. | ||||
| CVE-2025-27730 | 2025-06-04 | 7.8 High | ||
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-26640 | 2025-06-04 | 7 High | ||
| Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-35368 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 9.8 Critical |
| FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. | ||||
| CVE-2024-35365 | 1 Ffmpeg | 1 Ffmpeg | 2025-06-03 | 8.8 High |
| FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. | ||||
| CVE-2025-31235 | 1 Apple | 2 Ipados, Macos | 2025-05-28 | 6.5 Medium |
| A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to cause unexpected system termination. | ||||
| CVE-2025-31241 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-05-28 | 5.3 Medium |
| A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination. | ||||
| CVE-2022-48740 | 1 Linux | 1 Linux Kernel | 2025-05-27 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the cond_list_destroy() gets called a second time in caller functions, resulting in NULL pointer deref. Fix this by resetting the cond_list_len to 0 in cond_list_destroy(), making subsequent calls a noop. Also consistently reset the cond_list pointer to NULL after freeing. [PM: fix line lengths in the description] | ||||
| CVE-2025-5262 | 2025-05-27 | 8.8 High | ||
| This CVE was accidentally assigned by Mozilla but should be assigned by another CNA. When the correct CVE is available, Mozilla's advisories will be updated to reflect that identifier. | ||||
| CVE-2025-5100 | 2025-05-27 | 8 High | ||
| A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution. | ||||
| CVE-2022-2588 | 3 Canonical, Linux, Redhat | 9 Ubuntu Linux, Linux Kernel, Enterprise Linux and 6 more | 2025-05-22 | 5.3 Medium |
| It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | ||||
| CVE-2024-38157 | 1 Microsoft | 1 Azure Iot Hub Device Client Sdk | 2025-05-22 | 7 High |
| Azure IoT SDK Remote Code Execution Vulnerability | ||||
| CVE-2025-4574 | 1 Redhat | 7 Directory Server, Enterprise Linux, Openshift and 4 more | 2025-05-21 | 6.5 Medium |
| In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption. | ||||