CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-415

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1000232 415 2017-11-16 2017-11-29
7.5
None Remote Low Not required Partial Partial Partial
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
2 CVE-2017-1000231 415 2017-11-16 2018-02-03
7.5
None Remote Low Not required Partial Partial Partial
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
3 CVE-2017-1000072 415 2017-07-17 2017-07-19
7.5
None Remote Low Not required Partial Partial Partial
Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modification of unexpected memory locations
4 CVE-2017-18120 415 2018-02-02 2018-02-14
6.8
None Remote Medium Not required Partial Partial Partial
A double-free bug in the read_gif function in gifread.c in gifsicle 1.90 allows a remote attacker to cause a denial-of-service attack or unspecified other impact via a maliciously crafted file, because last_name is mishandled, a different vulnerability than CVE-2017-1000421.
5 CVE-2017-16820 415 2017-11-14 2018-02-14
10.0
None Remote Low Not required Complete Complete Complete
The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).
6 CVE-2017-15364 415 DoS 2017-10-15 2017-11-01
4.3
None Remote Medium Not required None None Partial
The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file.
7 CVE-2017-15316 415 Exec Code 2017-12-22 2018-01-05
9.3
None Remote Medium Not required Complete Complete Complete
The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which triggers double free and causes a system crash or arbitrary code execution.
8 CVE-2017-15186 415 DoS 2017-10-24 2017-11-28
4.3
None Remote Medium Not required None None Partial
Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file.
9 CVE-2017-14952 415 Exec Code 2017-10-16 2018-01-18
7.5
None Remote Low Not required Partial Partial Partial
Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.
10 CVE-2017-13181 415 Exec Code 2018-01-12 2018-02-02
7.2
None Local Low Not required Complete Complete Complete
In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67864232.
11 CVE-2017-12925 415 DoS 2017-08-28 2017-09-01
4.3
None Remote Medium Not required None None Partial
Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image.
12 CVE-2017-12858 415 2017-08-23 2017-08-26
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the _zip_dirent_read function in zip_dirent.c in libzip allows attackers to have unspecified impact via unknown vectors.
13 CVE-2017-11462 415 2017-09-13 2017-10-20
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.
14 CVE-2017-11139 415 2017-07-09 2017-07-12
7.5
None Remote Low Not required Partial Partial Partial
GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJNGImage() function in coders/png.c.
15 CVE-2017-11032 415 2017-11-16 2017-11-30
4.6
None Local Low Not required Partial Partial Partial
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a double free can occur when kmalloc fails to allocate memory for pointers resp/req in the service-locator driver function service_locator_send_msg().
16 CVE-2017-10914 415 DoS +Priv +Info 2017-07-04 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
The grant-table feature in Xen through 4.8.x has a race condition leading to a double free, which allows guest OS users to cause a denial of service (memory consumption), or possibly obtain sensitive information or gain privileges, aka XSA-218 bug 2.
17 CVE-2017-9705 415 2018-01-10 2018-01-26
4.6
None Local Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, concurrent rx notifications and read() operations in the G-Link PKT driver can result in a double free condition due to missing locking resulting in list_del() and list_add() overlapping and corrupting the next and previous pointers.
18 CVE-2017-9687 415 2017-10-10 2017-10-19
4.6
None Local Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two concurrent threads/processes can write the value of "0" to the debugfs file that controls ipa ipc log which will lead to the double-free in ipc_log_context_destroy(). Another issue is the Use-After-Free which can happen due to the race condition when the ipc log is deallocated via the debugfs call during a log print.
19 CVE-2017-9686 415 2017-10-10 2017-10-19
4.6
None Local Low Not required Partial Partial Partial
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used.
20 CVE-2017-9287 415 2017-05-29 2018-01-04
4.0
None Remote Low Single system None None Partial
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0.
21 CVE-2017-9078 415 Exec Code 2017-05-19 2017-11-03
9.3
Admin Remote Medium Not required Complete Complete Complete
The server in Dropbear before 2017.75 might allow post-authentication root remote code execution because of a double free in cleanup of TCP listeners when the -a option is enabled.
22 CVE-2017-8890 415 DoS 2017-05-10 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
23 CVE-2017-8265 415 2017-08-18 2017-08-22
5.1
None Remote High Not required Partial Partial Partial
In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free.
24 CVE-2017-8141 415 Exec Code 2017-11-22 2017-12-11
9.3
None Remote Medium Not required Complete Complete Complete
The Touch Panel (TP) driver in P10 Plus smart phones with software versions earlier than VKY-AL00C00B153 has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.
25 CVE-2017-8140 415 Exec Code 2017-11-22 2017-12-11
9.3
None Remote Medium Not required Complete Complete Complete
The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution.
26 CVE-2017-7521 415 2017-06-27 2017-11-03
4.3
None Remote Medium Not required None None Partial
OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension().
27 CVE-2017-7393 415 DoS Exec Code 2017-03-31 2018-01-12
6.5
None Remote Low Single system Partial Partial Partial
In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.
28 CVE-2017-7373 415 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.
29 CVE-2017-6362 415 DoS 2017-09-07 2017-09-13
5.0
None Remote Low Not required None None Partial
Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.
30 CVE-2017-6353 415 DoS 2017-03-01 2017-11-03
4.9
None Local Low Not required None None Complete
net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.
31 CVE-2017-6166 415 2017-11-22 2017-12-27
4.3
None Remote Medium Not required None None Partial
In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.
32 CVE-2017-6074 415 DoS 2017-02-18 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call.
33 CVE-2017-5836 415 DoS 2017-03-03 2017-03-06
5.0
None Remote Low Not required None None Partial
The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.
34 CVE-2017-5506 415 2017-03-24 2017-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in magick/profile.c in ImageMagick allows remote attackers to have unspecified impact via a crafted file.
35 CVE-2017-5334 415 2017-03-24 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.
36 CVE-2017-2636 415 DoS +Priv 2017-03-07 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.
37 CVE-2017-2425 415 Exec Code 2017-04-01 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "SecurityFoundation" component. A double free vulnerability allows remote attackers to execute arbitrary code via a crafted certificate.
38 CVE-2016-9806 415 DoS 2016-12-28 2018-01-04
7.2
None Local Low Not required Complete Complete Complete
Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.
39 CVE-2016-8693 415 DoS Exec Code 2017-02-15 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command.
40 CVE-2016-8360 415 DoS Exec Code 2017-02-13 2017-02-17
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code.
41 CVE-2016-6912 415 2017-01-26 2017-11-03
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.
42 CVE-2016-5772 415 DoS Exec Code 2016-08-07 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted XML data that is mishandled in a wddx_deserialize call.
43 CVE-2016-5768 415 DoS Exec Code 2016-08-07 2018-01-04
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by leveraging a callback exception.
44 CVE-2016-5384 415 Exec Code 2016-08-12 2017-01-17
4.6
None Local Low Not required Partial Partial Partial
fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file.
45 CVE-2016-3177 415 2017-01-23 2017-01-24
7.5
None Remote Low Not required Partial Partial Partial
Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.
46 CVE-2016-3132 415 Exec Code 2016-08-07 2016-11-28
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to execute arbitrary code via a crafted index.
47 CVE-2016-1516 415 Exec Code 2017-04-09 2017-04-14
6.8
None Remote Medium Not required Partial Partial Partial
OpenCV 3.0.0 has a double free issue that allows attackers to execute arbitrary code.
48 CVE-2016-1515 415 2017-01-06 2017-01-10
5.0
None Remote Low Not required None None Partial
A use-after-free / double-free vulnerability can occur in libebml master branch while parsing Track elements of the MKV container.
49 CVE-2015-9007 415 2017-06-06 2017-06-08
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.
50 CVE-2015-8962 415 DoS +Priv Mem. Corr. 2016-11-16 2017-01-17
9.3
None Remote Medium Not required Complete Complete Complete
Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call.
Total number of vulnerabilities : 61   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.