Search
Total
356 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19052 | 1 Linux | 1 Linux Kernel | 2021-06-14 | 7.8 HIGH | 7.5 HIGH |
| A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. | |||||
| CVE-2019-19066 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2021-06-14 | 4.7 MEDIUM | 4.7 MEDIUM |
| A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. | |||||
| CVE-2021-28652 | 2 Debian, Squid-cache | 2 Debian Linux, Squid | 2021-06-14 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege. | |||||
| CVE-2021-26111 | 1 Fortinet | 1 Fortiswitch | 2021-06-11 | 3.3 LOW | 6.5 MEDIUM |
| A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device. | |||||
| CVE-2020-22038 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. | |||||
| CVE-2020-22040 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c. | |||||
| CVE-2020-22039 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. | |||||
| CVE-2020-22043 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. | |||||
| CVE-2020-22051 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the filter_frame function in vf_tile.c. | |||||
| CVE-2020-22056 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. | |||||
| CVE-2021-20193 | 1 Gnu | 1 Tar | 2021-06-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2019-13134 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2021-06-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. | |||||
| CVE-2019-13133 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2021-06-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. | |||||
| CVE-2020-27753 | 1 Imagemagick | 1 Imagemagick | 2021-06-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2020-27755 | 1 Imagemagick | 1 Imagemagick | 2021-06-02 | 4.3 MEDIUM | 3.3 LOW |
| in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2019-19070 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2021-06-02 | 7.8 HIGH | 7.5 HIGH |
| ** DISPUTED ** A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began. | |||||
| CVE-2019-8980 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2021-06-02 | 7.8 HIGH | 7.5 HIGH |
| A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. | |||||
| CVE-2021-32032 | 1 Linaro | 1 Trusted Firmware-m | 2021-05-27 | 5.0 MEDIUM | 7.5 HIGH |
| In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak. | |||||
| CVE-2021-3492 | 1 Canonical | 1 Ubuntu Linux | 2021-05-21 | 7.2 HIGH | 7.8 HIGH |
| Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. | |||||
| CVE-2021-0272 | 1 Juniper | 6 Junos, Qfx10002-32q, Qfx10002-60c and 3 more | 2021-05-04 | 6.1 MEDIUM | 6.5 MEDIUM |
| A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. On QFX10002-32Q, QFX10002-60C, QFX10002-72Q devices the device will crash and restart. On QFX10008, QFX10016 devices, depending on the number of FPCs involved in an attack, one more more FPCs may crash and traffic through the device may be degraded in other ways, until the attack traffic stops. A reboot is required to restore service and clear the kernel memory. Continued receipt and processing of these genuine packets will create a sustained Denial of Service (DoS) condition. On QFX10008, QFX10016 devices, an indicator of compromise may be the existence of DCPFE core files. You can also monitor PFE memory utilization for incremental growth: user@qfx-RE:0% cprod -A fpc0 -c "show heap 0" | grep -i ke 0 3788a1b0 3221225048 2417120656 804104392 24 Kernel user@qfx-RE:0% cprod -A fpc0 -c "show heap 0" | grep -i ke 0 3788a1b0 3221225048 2332332200 888892848 27 Kernel This issue affects: Juniper Networks Junos OS on QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016: 16.1 versions 16.1R1 and above prior to 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2. This issue does not affect releases prior to Junos OS 16.1R1. This issue does not affect EX Series devices. This issue does not affect Junos OS Evolved. | |||||
| CVE-2019-13137 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2021-04-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. | |||||
| CVE-2019-7398 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2021-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| In ImageMagick before 7.0.8-25, a memory leak exists in WriteDIBImage in coders/dib.c. | |||||
| CVE-2019-7397 | 5 Canonical, Debian, Graphicsmagick and 2 more | 5 Ubuntu Linux, Debian Linux, Graphicsmagick and 2 more | 2021-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| In ImageMagick before 7.0.8-25 and GraphicsMagick through 1.3.31, several memory leaks exist in WritePDFImage in coders/pdf.c. | |||||
| CVE-2019-7396 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2021-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c. | |||||
| CVE-2019-7175 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2021-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| In ImageMagick before 7.0.8-25, some memory leaks exist in DecodeImage in coders/pcd.c. | |||||
| CVE-2019-7395 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2021-04-28 | 5.0 MEDIUM | 7.5 HIGH |
| In ImageMagick before 7.0.8-25, a memory leak exists in WritePSDChannel in coders/psd.c. | |||||
| CVE-2021-22312 | 1 Huawei | 24 Ips6000e, Ips6000e Firmware, Ips Module and 21 more | 2021-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500. | |||||
| CVE-2021-30141 | 1 Friendica | 1 Friendica | 2021-04-15 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users." | |||||
| CVE-2020-36312 | 1 Linux | 1 Linux Kernel | 2021-04-13 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. | |||||
| CVE-2020-11255 | 1 Qualcomm | 688 Apq8009, Apq8009 Firmware, Apq8017 and 685 more | 2021-04-12 | 7.8 HIGH | 7.5 HIGH |
| Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2021-29649 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2021-04-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. | |||||
| CVE-2020-29485 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2021-03-16 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are vulnerable. Systems using the C Xenstored implementation are not vulnerable. | |||||
| CVE-2021-21724 | 1 Zte | 2 Zxr10 8900e, Zxr10 8900e Firmware | 2021-03-04 | 2.1 LOW | 4.4 MEDIUM |
| A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1. | |||||
| CVE-2021-1229 | 1 Cisco | 86 Mds 9148s, Mds 9250i, Mds 9706 and 83 more | 2021-03-03 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in ICMP Version 6 (ICMPv6) processing in Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a slow system memory leak, which over time could lead to a denial of service (DoS) condition. This vulnerability is due to improper error handling when an IPv6-configured interface receives a specific type of ICMPv6 packet. An attacker could exploit this vulnerability by sending a sustained rate of crafted ICMPv6 packets to a local IPv6 address on a targeted device. A successful exploit could allow the attacker to cause a system memory leak in the ICMPv6 process on the device. As a result, the ICMPv6 process could run out of system memory and stop processing traffic. The device could then drop all ICMPv6 packets, causing traffic instability on the device. Restoring device functionality would require a device reboot. | |||||
| CVE-2021-1353 | 1 Cisco | 5 Asr 5000, Asr 5500, Asr 5700 and 2 more | 2021-02-03 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, leading to a DoS condition on the affected device. | |||||
| CVE-2021-21723 | 1 Zte | 10 Zxr10 9904, Zxr10 9904-s, Zxr10 9904-s Firmware and 7 more | 2021-02-02 | 4.3 MEDIUM | 7.5 HIGH |
| Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operations, resulting in memory leak, which may eventually lead to device denial of service. This affects: ZXR10 9904, ZXR10 9908, ZXR10 9916, ZXR10 9904-S, ZXR10 9908-S; all versions up to V1.01.10.B12. | |||||
| CVE-2020-15025 | 1 Ntp | 1 Ntp | 2021-01-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file. | |||||
| CVE-2018-11246 | 1 K7computing | 4 Antivrius, Enterprise Security, Total Security and 1 more | 2021-01-13 | 5.0 MEDIUM | 7.5 HIGH |
| K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak. | |||||
| CVE-2020-25795 | 1 Sized-chunks Project | 1 Sized-chunks | 2021-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic. | |||||
| CVE-2020-25794 | 1 Sized-chunks Project | 1 Sized-chunks | 2021-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic. | |||||
| CVE-2020-27038 | 1 Google | 1 Android | 2020-12-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In process of C2SoftVorbisDec.cpp, there is a possible resource exhaustion due to a memory leak. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154302257 | |||||
| CVE-2020-27822 | 1 Redhat | 1 Wildfly | 2020-12-14 | 7.1 HIGH | 5.9 MEDIUM |
| A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-27713 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory. | |||||
| CVE-2019-11463 | 1 Libarchive | 1 Libarchive | 2020-12-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. | |||||
| CVE-2019-3815 | 2 Debian, Redhat | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2020-11-13 | 2.1 LOW | 3.3 LOW |
| A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2. | |||||
| CVE-2017-5857 | 1 Qemu | 1 Qemu | 2020-11-10 | 4.9 MEDIUM | 6.5 MEDIUM |
| Memory leak in the virgl_cmd_resource_unref function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_UNREF commands sent without detaching the backing storage beforehand. | |||||
| CVE-2016-9916 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-11-10 | 4.9 MEDIUM | 6.5 MEDIUM |
| Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in the proxy backend. | |||||
| CVE-2017-5526 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-11-10 | 4.9 MEDIUM | 6.5 MEDIUM |
| Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations. | |||||
| CVE-2017-9374 | 1 Qemu | 1 Qemu | 2020-11-10 | 2.1 LOW | 5.5 MEDIUM |
| Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the device. | |||||
| CVE-2016-9914 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-11-10 | 4.9 MEDIUM | 6.5 MEDIUM |
| Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local privileged guest OS users to cause a denial of service (host memory consumption and possibly QEMU process crash) by leveraging a missing cleanup operation in FileOperations. | |||||