Total
541 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-5954 | 1 Hashicorp | 1 Vault | 2023-12-27 | N/A | 7.5 HIGH |
HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10. | |||||
CVE-2023-0248 | 1 Johnsoncontrols | 2 Iosmart Gen 1, Iosmart Gen 1 Firmware | 2023-12-21 | N/A | 5.3 MEDIUM |
An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader. | |||||
CVE-2023-48958 | 1 Gpac | 1 Gpac | 2023-12-12 | N/A | 5.5 MEDIUM |
gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589. | |||||
CVE-2023-46871 | 1 Gpac | 1 Gpac | 2023-12-12 | N/A | 5.3 MEDIUM |
GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service. | |||||
CVE-2023-6180 | 1 Cloudflare | 1 Boring | 2023-12-12 | N/A | 5.3 MEDIUM |
The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection. | |||||
CVE-2023-48039 | 1 Gpac | 1 Gpac | 2023-12-10 | N/A | 5.5 MEDIUM |
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75. | |||||
CVE-2023-47384 | 1 Gpac | 1 Gpac | 2023-12-10 | N/A | 5.5 MEDIUM |
MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | |||||
CVE-2023-48090 | 1 Gpac | 1 Gpac | 2023-12-10 | N/A | 7.1 HIGH |
GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329. | |||||
CVE-2023-41102 | 1 Opennds | 1 Opennds | 2023-12-10 | N/A | 7.5 HIGH |
An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. | |||||
CVE-2023-32247 | 2 Linux, Netapp | 5 Linux Kernel, H300s, H410s and 2 more | 2023-12-10 | N/A | 7.5 HIGH |
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. | |||||
CVE-2022-47007 | 1 Gnu | 1 Binutils | 2023-12-10 | N/A | 5.5 MEDIUM |
An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | |||||
CVE-2023-43076 | 1 Dell | 1 Powerscale Onefs | 2023-12-10 | N/A | 6.5 MEDIUM |
Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition. | |||||
CVE-2023-39978 | 2 Fedoraproject, Imagemagick | 2 Fedora, Imagemagick | 2023-12-10 | N/A | 3.3 LOW |
ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. | |||||
CVE-2023-4569 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2023-12-10 | N/A | 5.5 MEDIUM |
A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak. | |||||
CVE-2023-45511 | 1 Justdan96 | 1 Tsmuxer | 2023-12-10 | N/A | 5.5 MEDIUM |
A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | |||||
CVE-2023-44193 | 1 Juniper | 12 Junos, Mx10003, Mx10004 and 9 more | 2023-12-10 | N/A | 5.5 MEDIUM |
An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS). On all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S7; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S1; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. | |||||
CVE-2022-4132 | 2 Dogtagpki, Redhat | 2 Network Security Services For Java, Enterprise Linux | 2023-12-10 | N/A | 5.9 MEDIUM |
A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page). | |||||
CVE-2023-40534 | 1 F5 | 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 17 more | 2023-12-10 | N/A | 7.5 HIGH |
When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
CVE-2020-19724 | 1 Gnu | 1 Binutils | 2023-12-10 | N/A | 5.5 MEDIUM |
A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. | |||||
CVE-2020-21490 | 1 Gnu | 1 Binutils | 2023-12-10 | N/A | 5.5 MEDIUM |
An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled. |