Total
399 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4683 | 1 Cisco | 1 Ios | 2020-05-13 | 7.8 HIGH | N/A |
| Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote attackers to cause a denial of service (memory consumption) by sending a crafted SIP REGISTER message over UDP, aka Bug ID CSCtg41733. | |||||
| CVE-2009-5039 | 1 Cisco | 1 Ios | 2020-05-13 | 5.0 MEDIUM | N/A |
| Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535. | |||||
| CVE-2018-20126 | 3 Canonical, Opensuse, Qemu | 3 Ubuntu Linux, Leap, Qemu | 2020-05-12 | 2.1 LOW | 5.5 MEDIUM |
| hw/rdma/vmw/pvrdma_cmd.c in QEMU allows create_cq and create_qp memory leaks because errors are mishandled. | |||||
| CVE-2020-12134 | 1 Nanometrics | 2 Centaur, Titansma | 2020-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishandle access control for the syslog log. | |||||
| CVE-2017-18675 | 2 Google, Samsung | 3 Android, Exynos 7420, Exynox 8890 | 2020-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) (Exynos7420 or Exynox8890 chipsets) software. The Camera application can leak uninitialized memory via ion. The Samsung ID is SVE-2016-6989 (April 2017). | |||||
| CVE-2020-9375 | 1 Tp-link | 2 Archer C5, Archer C50 | 2020-03-31 | 7.8 HIGH | 7.5 HIGH |
| TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows remote attackers to cause a denial of service via a crafted HTTP Header containing an unexpected Referer field. | |||||
| CVE-2011-4661 | 1 Cisco | 1 Ios | 2020-03-02 | 4.3 MEDIUM | 7.5 HIGH |
| A memory leak vulnerability exists in Cisco IOS before 15.2(1)T due to a memory leak in the HTTP PROXY Server process (aka CSCtu52820), when configured with Cisco ISR Web Security with Cisco ScanSafe and User Authenticaiton NTLM configured. | |||||
| CVE-2011-2498 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2020-02-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages. | |||||
| CVE-2019-19533 | 1 Linux | 1 Linux Kernel | 2020-01-18 | 2.1 LOW | 2.4 LOW |
| In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464. | |||||
| CVE-2018-11364 | 1 Wizardmac | 1 Readstat | 2019-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call. | |||||
| CVE-2010-4657 | 3 Debian, Php, Redhat | 3 Debian Linux, Php, Enterprise Linux | 2019-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. | |||||
| CVE-2018-20657 | 2 F5, Gnu | 2 Traffix Signaling Delivery Controller, Binutils | 2019-11-06 | 5.0 MEDIUM | 7.5 HIGH |
| The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. | |||||
| CVE-2018-5744 | 1 Isc | 1 Bind | 2019-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions 9.13.0 -> 9.13.6 of the 9.13 development branch are also affected. | |||||
| CVE-2019-18214 | 1 Video Converter Project | 1 Video Converter | 2019-10-22 | 6.8 MEDIUM | 7.7 HIGH |
| The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.) | |||||
| CVE-2018-21028 | 1 Boa | 1 Boa | 2019-10-16 | 5.0 MEDIUM | 7.5 HIGH |
| Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function. | |||||
| CVE-2018-6554 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2019-10-09 | 4.9 MEDIUM | 5.5 MEDIUM |
| Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. | |||||
| CVE-2018-5739 | 1 Isc | 1 Kea | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial implementation of this store does not properly free memory in every case. Hooks which make use of query4 or query6 parameters in their callouts can leak memory, resulting in the eventual exhaustion of available memory and subsequent failure of the server process. Affects Kea DHCP 1.4.0. | |||||
| CVE-2018-10851 | 1 Powerdns | 2 Authoritative, Recursor | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. | |||||
| CVE-2018-0421 | 1 Cisco | 2 Prime Access Registrar, Prime Access Registrar Jumpstart | 2019-10-09 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. The vulnerability is due to incorrect handling of incoming TCP SYN packets to specific listening ports. The improper handling of the TCP SYN packets could cause a system file description to be allocated and not freed. An attacker could exploit this vulnerability by sending a crafted stream of TCP SYN packets to the application. A successful exploit could allow the attacker to cause the application to eventually restart if a file description cannot be obtained. | |||||
| CVE-2018-0165 | 1 Cisco | 47 Catalyst 3850-12s-e, Catalyst 3850-12s-s, Catalyst 3850-12xs-e and 44 more | 2019-10-09 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually. This vulnerability affects: Cisco Catalyst 4500 Switches with Supervisor Engine 8-E, if they are running Cisco IOS XE Software Release 3.x.x.E and IP multicast routing is configured; Cisco devices that are running Cisco IOS XE Software Release 16.x, if IP multicast routing is configured. Cisco Bug IDs: CSCuw09295, CSCve94496. | |||||