Total
631 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8003 | 2 Debian, Virglrenderer Project | 2 Debian Linux, Virglrenderer | 2024-11-21 | 5.5 Medium |
| A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free. | ||||
| CVE-2020-6072 | 2 Debian, Videolabs | 2 Debian Linux, Libmicrodns | 2024-11-21 | 9.8 Critical |
| An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability. | ||||
| CVE-2020-5988 | 1 Nvidia | 1 Virtual Gpu Manager | 2024-11-21 | 7.1 High |
| NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | ||||
| CVE-2020-3685 | 1 Qualcomm | 506 Apq8009, Apq8009w, Apq8017 and 503 more | 2024-11-21 | 7.5 High |
| Pointer variable which is freed is not cleared can result in memory corruption and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2020-3613 | 1 Qualcomm | 2 Sm8150, Sm8150 Firmware | 2024-11-21 | 7.8 High |
| Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150 | ||||
| CVE-2020-3610 | 1 Qualcomm | 74 Apq8009, Apq8009 Firmware, Apq8053 and 71 more | 2024-11-21 | 7.8 High |
| Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | ||||
| CVE-2020-3179 | 1 Cisco | 25 Asa 5505, Asa 5505 Firmware, Asa 5510 and 22 more | 2024-11-21 | 7.5 High |
| A vulnerability in the generic routing encapsulation (GRE) tunnel decapsulation feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory handling error when GRE over IPv6 traffic is processed. An attacker could exploit this vulnerability by sending crafted GRE over IPv6 packets with either IPv4 or IPv6 payload through an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. | ||||
| CVE-2020-36434 | 1 Sys-info Project | 1 Sys-info | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free. | ||||
| CVE-2020-36401 | 2 Linux, Mruby | 2 Linux Kernel, Mruby | 2024-11-21 | 7.8 High |
| mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free). | ||||
| CVE-2020-36318 | 2 Redhat, Rust-lang | 3 Devtools, Enterprise Linux, Rust | 2024-11-21 | 9.8 Critical |
| In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free. | ||||
| CVE-2020-36225 | 3 Apple, Debian, Openldap | 3 Macos, Debian Linux, Openldap | 2024-11-21 | 7.5 High |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | ||||
| CVE-2020-36223 | 3 Apple, Debian, Openldap | 4 Mac Os X, Macos, Debian Linux and 1 more | 2024-11-21 | 7.5 High |
| A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). | ||||
| CVE-2020-36205 | 1 Xcb Project | 1 Xcb | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur. | ||||
| CVE-2020-35891 | 1 Ordnung Project | 1 Ordnung | 2024-11-21 | 7.5 High |
| An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via a remove() double free. | ||||
| CVE-2020-35885 | 1 Alpm-rs Project | 1 Alpm-rs | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation. | ||||
| CVE-2020-35862 | 1 Bitvec Project | 1 Bitvec | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the bitvec crate before 0.17.4 for Rust. BitVec to BitBox conversion leads to a use-after-free or double free. | ||||
| CVE-2020-27794 | 1 Radare | 1 Radare2 | 2024-11-21 | 9.1 Critical |
| A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash. | ||||
| CVE-2020-27153 | 4 Bluez, Debian, Opensuse and 1 more | 4 Bluez, Debian Linux, Leap and 1 more | 2024-11-21 | 8.6 High |
| In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. | ||||
| CVE-2020-25773 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 7.8 High |
| A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file. | ||||
| CVE-2020-25637 | 2 Opensuse, Redhat | 4 Leap, Advanced Virtualization, Enterprise Linux and 1 more | 2024-11-21 | 6.7 Medium |
| A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, clients connecting to the read-write socket with limited ACL permissions could use this flaw to crash the libvirt daemon, resulting in a denial of service, or potentially escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||