Total
620 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9697 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a disclosure of sensitive data vulnerability. Successful exploitation could lead to memory leak. | |||||
| CVE-2020-3756 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to memory leak . | |||||
| CVE-2020-3753 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2021-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to memory leak . | |||||
| CVE-2021-34389 | 1 Nvidia | 9 Jetson Agx Xavier 16gb, Jetson Agx Xavier 32gb, Jetson Agx Xavier 8gb and 6 more | 2021-08-25 | 1.9 LOW | 5.0 MEDIUM |
| Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. An incorrect bounds check can allow a local user through a malicious client to access memory from the heap in the TrustZone, which may lead to information disclosure. | |||||
| CVE-2020-3189 | 1 Cisco | 25 Asa 5505, Asa 5505 Firmware, Asa 5510 and 22 more | 2021-08-12 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the VPN System Logging functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak that can deplete system memory over time, which can cause unexpected system behaviors or device crashes. The vulnerability is due to the system memory not being properly freed for a VPN System Logging event generated when a VPN session is created or deleted. An attacker could exploit this vulnerability by repeatedly creating or deleting a VPN tunnel connection, which could leak a small amount of system memory for each logging event. A successful exploit could allow the attacker to cause system memory depletion, which can lead to a systemwide denial of service (DoS) condition. The attacker does not have any control of whether VPN System Logging is configured or not on the device, but it is enabled by default. | |||||
| CVE-2021-22424 | 1 Huawei | 1 Harmonyos | 2021-08-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service. | |||||
| CVE-2021-34431 | 1 Eclipse | 1 Mosquitto | 2021-08-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker. | |||||
| CVE-2021-25701 | 1 Teradici | 1 Pcoip Client | 2021-07-29 | 2.1 LOW | 5.5 MEDIUM |
| The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object management during the handling of a variety of IOCTLs, which allowed an attacker to cause a denial of service. | |||||
| CVE-2021-0293 | 1 Juniper | 1 Junos | 2021-07-29 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI command 'show system connections extensive' is executed. The amount of memory leaked on each execution depends on the number of TCP connections from and to the system. Repeated execution will cause more memory to leak and eventually daemons that need to allocate additionally memory and ultimately the kernel to crash, which will result in traffic loss. Continued execution of this command will cause a sustained Denial of Service (DoS) condition. An administrator can use the following CLI command to monitor for increase in memory consumption of the netstat process, if it exists: user@junos> show system processes extensive | match "username|netstat" PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 21181 root 100 0 5458M 4913M CPU3 2 0:59 97.27% netstat The following log message might be observed if this issue happens: kernel: %KERN-3: pid 21181 (netstat), uid 0, was killed: out of swap space This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R2-S8, 18.2R3-S7. 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2; This issue does not affect Juniper Networks Junos OS versions prior to 18.2R1. | |||||
| CVE-2020-22650 | 1 Att | 1 Alienvault Ossim | 2021-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events. | |||||
| CVE-2021-20108 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2021-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| Manage Engine Asset Explorer Agent 1.0.34 listens on port 9000 for incoming commands over HTTPS from Manage Engine Server. The HTTPS certificates are not verified which allows any arbitrary user on the network to send commands over port 9000. While these commands may not be executed (due to authtoken validation), the Asset Explorer agent will reach out to the manage engine server for an HTTP request. During this process, AEAgent.cpp allocates 0x66 bytes using "malloc". This memory is never free-ed in the program, causing a memory leak. Additionally, the instruction sent to aeagent (ie: NEWSCAN, DELTASCAN, etc) is converted to a unicode string, but is never freed. These memory leaks allow a remote attacker to exploit a Denial of Service scenario through repetitively sending these commands to an agent and eventually crashing it the agent due to an out-of-memory condition. | |||||
| CVE-2020-9249 | 1 Huawei | 2 P30, P30 Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have a denial of service vulnerability. A module does not deal with mal-crafted messages and it leads to memory leak. Attackers can exploit this vulnerability to make the device denial of service.Affected product versions include: HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11). | |||||
| CVE-2019-16995 | 3 Linux, Netapp, Opensuse | 27 Linux Kernel, Aff A700s, Aff A700s Firmware and 24 more | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. | |||||
| CVE-2019-17178 | 3 Freerdp, Lodev, Opensuse | 3 Freerdp, Lodepng, Leap | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. | |||||
| CVE-2020-5883 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 7 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak. | |||||
| CVE-2020-1883 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal. | |||||
| CVE-2020-4375 | 1 Ibm | 1 Mq Appliance | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS could allow an attacker to cause a denial of service due to a memory leak caused by an error creating a dynamic queue. IBM X-Force ID: 179080. | |||||
| CVE-2020-25340 | 1 Nfstream | 1 Nfstream | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, if the nfstream object is directly destroyed without being used after it is created, it will cause a memory leak that may result in a local denial of service (DoS). | |||||
| CVE-2020-7216 | 1 Opensuse | 2 Leap, Wicked | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option. | |||||
| CVE-2020-1815 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a memory leak vulnerability. The software does not sufficiently track and release allocated memory while parse certain message, the attacker sends the message continuously that could consume remaining memory. Successful exploit could cause memory exhaust. | |||||