Total
597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35862 | 1 Bitvec Project | 1 Bitvec | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free. | |||||
| CVE-2020-27794 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 9.1 CRITICAL |
| A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash. | |||||
| CVE-2020-27153 | 3 Bluez, Debian, Opensuse | 3 Bluez, Debian Linux, Leap | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. | |||||
| CVE-2020-25773 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file. | |||||
| CVE-2020-25637 | 2 Opensuse, Redhat | 2 Leap, Libvirt | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-25559 | 1 Gnuplot Project | 1 Gnuplot | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution. | |||||
| CVE-2020-24978 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7. | |||||
| CVE-2020-24698 | 1 Powerdns | 1 Authoritative | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature. | |||||
| CVE-2020-1862 | 1 Huawei | 2 Campusinsight, Manageone | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| There is a double free vulnerability in some Huawei products. A local attacker with low privilege may perform some operations to exploit the vulnerability. Due to doubly freeing memory, successful exploit may cause some service abnormal. Affected product versions include:CampusInsight versions V100R019C00;ManageOne versions 6.5.RC2.B050. | |||||
| CVE-2020-1829 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, and V500R001C60SPC500 have a vulnerability that the IPSec module handles a message improperly. Attackers can send specific message to cause double free memory. This may compromise normal service. | |||||
| CVE-2020-1686 | 1 Juniper | 1 Junos | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1. | |||||
| CVE-2020-1647 | 1 Juniper | 1 Junos | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. Continued processing of this specific HTTP message may result in an extended Denial of Service (DoS). The offending HTTP message that causes this issue may originate both from the HTTP server or the client. This issue affects Juniper Networks Junos OS on SRX Series: 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S1; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1. | |||||
| CVE-2020-17498 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. | |||||
| CVE-2020-17019 | 1 Microsoft | 1 Office | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2020-16970 | 1 Microsoft | 1 Azure Sphere | 2024-11-21 | 7.2 HIGH | 8.1 HIGH |
| Azure Sphere Unsigned Code Execution Vulnerability | |||||
| CVE-2020-16590 | 2 Gnu, Netapp | 2 Binutils, Ontap Select Deploy Administration Utility | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. | |||||
| CVE-2020-16217 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A double free vulnerability caused by processing specially crafted project files may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
| CVE-2020-15710 | 2 Canonical, Pulseaudio Project | 2 Ubuntu Linux, Pulseaudio | 2024-11-21 | 3.6 LOW | 5.3 MEDIUM |
| Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14. | |||||
| CVE-2020-14354 | 2 C-ares, Fedoraproject | 2 C-ares, Fedora | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability. | |||||
| CVE-2020-14123 | 1 Mi | 1 Miui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges. | |||||