Total
476 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-12768 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2022-04-27 | 2.1 LOW | 5.5 MEDIUM |
** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will. | |||||
CVE-2020-35679 | 2 Fedoraproject, Opensmtpd | 2 Fedora, Opensmtpd | 2022-04-26 | 5.0 MEDIUM | 7.5 HIGH |
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. | |||||
CVE-2021-1313 | 1 Cisco | 1 Ios Xr | 2022-04-25 | 7.8 HIGH | 7.5 HIGH |
Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2019-16710 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2022-04-22 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c. | |||||
CVE-2019-16713 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2022-04-22 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c. | |||||
CVE-2019-16711 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2022-04-22 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c. | |||||
CVE-2019-16708 | 4 Canonical, Debian, Imagemagick and 1 more | 4 Ubuntu Linux, Debian Linux, Imagemagick and 1 more | 2022-04-22 | 4.3 MEDIUM | 6.5 MEDIUM |
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage. | |||||
CVE-2020-6080 | 2 Debian, Videolabs | 2 Debian Linux, Libmicrodns | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]. | |||||
CVE-2020-6079 | 2 Debian, Videolabs | 2 Debian Linux, Libmicrodns | 2022-04-22 | 5.0 MEDIUM | 7.5 HIGH |
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode. | |||||
CVE-2022-23159 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity. | |||||
CVE-2018-13844 | 1 Htslib | 1 Htslib | 2022-04-19 | 5.0 MEDIUM | 7.5 HIGH |
** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code. | |||||
CVE-2021-28652 | 3 Debian, Fedoraproject, Squid-cache | 3 Debian Linux, Fedora, Squid | 2022-04-18 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege. | |||||
CVE-2019-20095 | 3 Linux, Netapp, Opensuse | 19 Linux Kernel, 8300, 8300 Firmware and 16 more | 2022-04-18 | 4.9 MEDIUM | 5.5 MEDIUM |
mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. | |||||
CVE-2019-18808 | 4 Canonical, Fedoraproject, Linux and 1 more | 4 Ubuntu Linux, Fedora, Linux Kernel and 1 more | 2022-04-18 | 2.1 LOW | 5.5 MEDIUM |
A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247. | |||||
CVE-2021-45480 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2022-04-06 | 4.7 MEDIUM | 5.5 MEDIUM |
An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances. | |||||
CVE-2022-27950 | 1 Linux | 1 Linux Kernel | 2022-04-05 | 2.1 LOW | 5.5 MEDIUM |
In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. | |||||
CVE-2019-17340 | 2 Debian, Xen | 2 Debian Linux, Xen | 2022-03-31 | 6.1 MEDIUM | 8.8 HIGH |
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. | |||||
CVE-2019-17371 | 1 Gif2png Project | 1 Gif2png | 2022-03-31 | 4.3 MEDIUM | 6.5 MEDIUM |
gif2png 2.5.13 has a memory leak in the writefile function. | |||||
CVE-2022-24756 | 1 Bareos | 1 Bareos | 2022-03-23 | 4.3 MEDIUM | 7.5 HIGH |
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround. | |||||
CVE-2022-0853 | 1 Redhat | 5 Descision Manager, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Expansion Pack and 2 more | 2022-03-18 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability. |