Total
416 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-20052 | 1 Matio Project | 1 Matio | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case. | |||||
CVE-2018-5744 | 1 Isc | 1 Bind | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. | |||||
CVE-2019-5248 | 1 Huawei | 2 Cloudengine 12800, Cloudengine 12800 Firmware | 2023-12-10 | 6.1 MEDIUM | 7.4 HIGH |
CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target device. | |||||
CVE-2019-20159 | 1 Gpac | 1 Gpac | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box_code_base.c. | |||||
CVE-2018-21028 | 1 Boa | 1 Boa | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function. | |||||
CVE-2019-17183 | 2 Foxitsoftware, Microsoft | 2 Reader, Windows | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Foxit Reader before 9.7 allows an Access Violation and crash if insufficient memory exists. | |||||
CVE-2019-16994 | 3 Linux, Opensuse, Redhat | 3 Linux Kernel, Leap, Enterprise Linux | 2023-12-10 | 4.7 MEDIUM | 4.7 MEDIUM |
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a. | |||||
CVE-2010-4657 | 3 Debian, Php, Redhat | 3 Debian Linux, Php, Enterprise Linux | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. | |||||
CVE-2019-5023 | 1 Opensrcsec | 2 Grsecurity, Pax | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version v4.9.25-unofficialgrsec to v4.9.74-unofficialgrsec. PaX adds a temp buffer to the read_kmem function, which is never freed when an invalid address is supplied. This results in a memory leakage that can lead to a crash of the system. An attacker needs to induce a read to /dev/kmem using an invalid address to exploit this vulnerability. | |||||
CVE-2019-17178 | 3 Freerdp, Lodev, Opensuse | 3 Freerdp, Lodepng, Leap | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. | |||||
CVE-2011-2498 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages. | |||||
CVE-2020-7216 | 1 Opensuse | 2 Leap, Wicked | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option. | |||||
CVE-2019-5293 | 1 Huawei | 32 Ar120-s, Ar120-s Firmware, Ar1200 and 29 more | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
Some Huawei products have a memory leak vulnerability when handling some messages. A remote attacker with operation privilege could exploit the vulnerability by sending specific messages continuously. Successful exploit may cause some service to be abnormal. | |||||
CVE-2011-4661 | 1 Cisco | 1 Ios | 2023-12-10 | 4.3 MEDIUM | 7.5 HIGH |
A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured. | |||||
CVE-2019-19533 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 2.1 LOW | 2.4 LOW |
In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. | |||||
CVE-2019-6681 | 1 F5 | 1 Big-ip Local Traffic Manager | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
On BIG-IP versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.5, a memory leak in Multicast Forwarding Cache (MFC) handling in tmrouted. | |||||
CVE-2011-1489 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset. | |||||
CVE-2019-18214 | 1 Video Converter Project | 1 Video Converter | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.) | |||||
CVE-2011-1488 | 3 Debian, Opensuse, Rsyslog | 3 Debian Linux, Opensuse, Rsyslog | 2023-12-10 | 1.9 LOW | 5.5 MEDIUM |
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time. | |||||
CVE-2019-1965 | 1 Cisco | 87 7000 10-slot, 7000 18-slot, 7000 4-slot and 84 more | 2023-12-10 | 4.0 MEDIUM | 7.7 HIGH |
A vulnerability in the Virtual Shell (VSH) session management for Cisco NX-OS Software could allow an authenticated, remote attacker to cause a VSH process to fail to delete upon termination. This can lead to a build-up of VSH processes that overtime can deplete system memory. When there is no system memory available, this can cause unexpected system behaviors and crashes. The vulnerability is due to the VSH process not being properly deleted when a remote management connection to the device is disconnected. An attacker could exploit this vulnerability by repeatedly performing a remote management connection to the device and terminating the connection in an unexpected manner. A successful exploit could allow the attacker to cause the VSH processes to fail to delete, which can lead to a system-wide denial of service (DoS) condition. The attacker must have valid user credentials to log in to the device using the remote management connection. |