Total
620 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5924 | 1 F5 | 1 Big-ip Access Policy Manager | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS authentication leaks memory when the username for authentication is not set. | |||||
| CVE-2020-4267 | 1 Ibm | 2 Mq, Mq Appliance | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authenticated user cause a denial of service due to a memory leak. IBM X-Force ID: 175840. | |||||
| CVE-2021-26090 | 1 Fortinet | 1 Fortimail | 2021-07-13 | 5.0 MEDIUM | 7.5 HIGH |
| A missing release of memory after its effective lifetime vulnerability in the Webmail of FortiMail 6.4.0 through 6.4.4 and 6.2.0 through 6.2.6 may allow an unauthenticated remote attacker to exhaust available memory via specifically crafted login requests. | |||||
| CVE-2021-22341 | 1 Huawei | 14 Ips Module, Ips Module Firmware, Ngfw Module and 11 more | 2021-07-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| There is a memory leak vulnerability in Huawei products. A resource management weakness exists in a module. Attackers with high privilege can exploit this vulnerability by performing some operations. This can lead to memory leak. Affected product versions include:IPS Module V500R005C00SPC100,V500R005C00SPC200;NGFW Module V500R005C00SPC100,V500R005C00SPC200;NIP6300 V500R005C00SPC100,V500R005C10SPC200;NIP6600 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6300 V500R005C00SPC100,V500R005C00SPC200;Secospace USG6500 V500R005C00SPC100,V500R005C10SPC200;Secospace USG6600 V500R005C00SPC100,V500R005C00SPC200. | |||||
| CVE-2019-8259 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2021-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199. | |||||
| CVE-2019-19069 | 4 Broadcom, Canonical, Linux and 1 more | 21 Fabric Operating System, Ubuntu Linux, Linux Kernel and 18 more | 2021-06-22 | 7.8 HIGH | 7.5 HIGH |
| A memory leak in the fastrpc_dma_buf_attach() function in drivers/misc/fastrpc.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering dma_get_sgtable() failures, aka CID-fc739a058d99. | |||||
| CVE-2021-26111 | 1 Fortinet | 1 Fortiswitch | 2021-06-11 | 3.3 LOW | 6.5 MEDIUM |
| A missing release of memory after effective lifetime vulnerability in FortiSwitch 6.4.0 to 6.4.6, 6.2.0 to 6.2.6, 6.0.0 to 6.0.6, 3.6.11 and below may allow an attacker on an adjacent network to exhaust available memory by sending specifically crafted LLDP/CDP/EDP packets to the device. | |||||
| CVE-2020-22038 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c. | |||||
| CVE-2020-22039 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inavi_add_ientry function. | |||||
| CVE-2020-22040 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memory leak in the v_frame_alloc function in frame.c. | |||||
| CVE-2020-22043 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c. | |||||
| CVE-2020-22056 | 1 Ffmpeg | 1 Ffmpeg | 2021-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c. | |||||
| CVE-2019-13134 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2021-06-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c. | |||||
| CVE-2019-13133 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2021-06-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c. | |||||
| CVE-2020-27753 | 1 Imagemagick | 1 Imagemagick | 2021-06-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| There are several memory leaks in the MIFF coder in /coders/miff.c due to improper image depth values, which can be triggered by a specially crafted input file. These leaks could potentially lead to an impact to application availability or cause a denial of service. It was originally reported that the issues were in `AcquireMagickMemory()` because that is where LeakSanitizer detected the leaks, but the patch resolves issues in the MIFF coder, which incorrectly handles data being passed to `AcquireMagickMemory()`. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2020-27755 | 1 Imagemagick | 1 Imagemagick | 2021-06-02 | 4.3 MEDIUM | 3.3 LOW |
| in SetImageExtent() of /MagickCore/image.c, an incorrect image depth size can cause a memory leak because the code which checks for the proper image depth size does not reset the size in the event there is an invalid size. The patch resets the depth to a proper size before throwing an exception. The memory leak can be triggered by a crafted input file that is processed by ImageMagick and could cause an impact to application reliability, such as denial of service. This flaw affects ImageMagick versions prior to 7.0.9-0. | |||||
| CVE-2021-32032 | 1 Linaro | 1 Trusted Firmware-m | 2021-05-27 | 5.0 MEDIUM | 7.5 HIGH |
| In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak. | |||||
| CVE-2021-3492 | 1 Canonical | 1 Ubuntu Linux | 2021-05-21 | 7.2 HIGH | 7.8 HIGH |
| Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. | |||||
| CVE-2021-0272 | 1 Juniper | 6 Junos, Qfx10002-32q, Qfx10002-60c and 3 more | 2021-05-04 | 6.1 MEDIUM | 6.5 MEDIUM |
| A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. On QFX10002-32Q, QFX10002-60C, QFX10002-72Q devices the device will crash and restart. On QFX10008, QFX10016 devices, depending on the number of FPCs involved in an attack, one more more FPCs may crash and traffic through the device may be degraded in other ways, until the attack traffic stops. A reboot is required to restore service and clear the kernel memory. Continued receipt and processing of these genuine packets will create a sustained Denial of Service (DoS) condition. On QFX10008, QFX10016 devices, an indicator of compromise may be the existence of DCPFE core files. You can also monitor PFE memory utilization for incremental growth: user@qfx-RE:0% cprod -A fpc0 -c "show heap 0" | grep -i ke 0 3788a1b0 3221225048 2417120656 804104392 24 Kernel user@qfx-RE:0% cprod -A fpc0 -c "show heap 0" | grep -i ke 0 3788a1b0 3221225048 2332332200 888892848 27 Kernel This issue affects: Juniper Networks Junos OS on QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016: 16.1 versions 16.1R1 and above prior to 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2. This issue does not affect releases prior to Junos OS 16.1R1. This issue does not affect EX Series devices. This issue does not affect Junos OS Evolved. | |||||
| CVE-2019-13137 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2021-04-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c. | |||||