Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-401
Total 476 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20023 1 Libsixel Project 1 Libsixel 2021-07-21 4.3 MEDIUM 6.5 MEDIUM
A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4.
CVE-2020-9431 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2021-07-21 5.0 MEDIUM 7.5 HIGH
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.
CVE-2020-9249 1 Huawei 2 P30, P30 Firmware 2021-07-21 3.3 LOW 6.5 MEDIUM
HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have a denial of service vulnerability. A module does not deal with mal-crafted messages and it leads to memory leak. Attackers can exploit this vulnerability to make the device denial of service.Affected product versions include: HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11).
CVE-2020-9124 1 Huawei 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more 2021-07-21 5.0 MEDIUM 7.5 HIGH
There is a memory leak vulnerability in some versions of Huawei CloudEngine product. An unauthenticated, remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause memory leak.
CVE-2019-20052 1 Matio Project 1 Matio 2021-07-21 4.3 MEDIUM 6.5 MEDIUM
A memory leak was discovered in Mat_VarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case.
CVE-2019-20159 1 Gpac 1 Gpac 2021-07-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box_code_base.c.
CVE-2020-7216 1 Opensuse 2 Leap, Wicked 2021-07-21 5.0 MEDIUM 7.5 HIGH
An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option.
CVE-2020-5924 1 F5 1 Big-ip Access Policy Manager 2021-07-21 5.0 MEDIUM 5.3 MEDIUM
In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS authentication leaks memory when the username for authentication is not set.
CVE-2020-5883 1 F5 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 7 more 2021-07-21 5.0 MEDIUM 7.5 HIGH
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak.
CVE-2020-4375 1 Ibm 1 Mq Appliance 2021-07-21 5.0 MEDIUM 7.5 HIGH
IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080.
CVE-2020-4267 1 Ibm 2 Mq, Mq Appliance 2021-07-21 4.0 MEDIUM 6.5 MEDIUM
IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840.
CVE-2019-5248 1 Huawei 2 Cloudengine 12800, Cloudengine 12800 Firmware 2021-07-21 6.1 MEDIUM 7.4 HIGH
CloudEngine 12800 has a DoS vulnerability. An attacker of a neighboring device sends a large number of specific packets. As a result, a memory leak occurs after the device uses the specific packet. As a result, the attacker can exploit this vulnerability to cause DoS attacks on the target device.
CVE-2020-3959 1 Vmware 3 Esxi, Fusion, Workstation 2021-07-21 2.1 LOW 3.3 LOW
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service.
CVE-2021-26090 1 Fortinet 1 Fortimail 2021-07-13 5.0 MEDIUM 7.5 HIGH
A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests.
CVE-2021-1598 1 Cisco 4 Video Surveillance 7070, Video Surveillance 7070 Firmware, Video Surveillance 7530pd and 1 more 2021-07-13 3.3 LOW 6.5 MEDIUM
Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
CVE-2021-1597 1 Cisco 4 Video Surveillance 7070, Video Surveillance 7070 Firmware, Video Surveillance 7530pd and 1 more 2021-07-13 3.3 LOW 6.5 MEDIUM
Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
CVE-2021-1596 1 Cisco 4 Video Surveillance 7070, Video Surveillance 7070 Firmware, Video Surveillance 7530pd and 1 more 2021-07-13 3.3 LOW 6.5 MEDIUM
Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
CVE-2021-1595 1 Cisco 4 Video Surveillance 7070, Video Surveillance 7070 Firmware, Video Surveillance 7530pd and 1 more 2021-07-13 3.3 LOW 6.5 MEDIUM
Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
CVE-2021-22341 1 Huawei 14 Ips Module, Ips Module Firmware, Ngfw Module and 11 more 2021-07-02 4.0 MEDIUM 4.9 MEDIUM
There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This can lead to memory leak. Affected product versions include:IPS Module V500R005C00SPC100,V500R005C00SPC200;NGFW Module V500R005C00SPC100,V500R005C00SPC200;NIP6300 V500R005C00SPC100,V500R005C10SPC200;NIP6600 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 V500R005C00SPC100,V500R005C10SPC200;Secospace USG6600 V500R005C00SPC100,V500R005C00SPC200.
CVE-2019-8259 2 Siemens, Uvnc 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more 2021-06-28 5.0 MEDIUM 7.5 HIGH
UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199.