Total
822 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-46854 | 1 Proftpd | 1 Proftpd | 2024-08-04 | 7.5 High |
mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. | ||||
CVE-2021-46956 | 2024-08-04 | 4.7 Medium | ||
In the Linux kernel, the following vulnerability has been resolved: virtiofs: fix memory leak in virtio_fs_probe() When accidentally passing twice the same tag to qemu, kmemleak ended up reporting a memory leak in virtiofs. Also, looking at the log I saw the following error (that's when I realised the duplicated tag): virtiofs: probe of virtio5 failed with error -17 Here's the kmemleak log for reference: unreferenced object 0xffff888103d47800 (size 1024): comm "systemd-udevd", pid 118, jiffies 4294893780 (age 18.340s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff 80 90 02 a0 ff ff ff ff ................ backtrace: [<000000000ebb87c1>] virtio_fs_probe+0x171/0x7ae [virtiofs] [<00000000f8aca419>] virtio_dev_probe+0x15f/0x210 [<000000004d6baf3c>] really_probe+0xea/0x430 [<00000000a6ceeac8>] device_driver_attach+0xa8/0xb0 [<00000000196f47a7>] __driver_attach+0x98/0x140 [<000000000b20601d>] bus_for_each_dev+0x7b/0xc0 [<00000000399c7b7f>] bus_add_driver+0x11b/0x1f0 [<0000000032b09ba7>] driver_register+0x8f/0xe0 [<00000000cdd55998>] 0xffffffffa002c013 [<000000000ea196a2>] do_one_initcall+0x64/0x2e0 [<0000000008f727ce>] do_init_module+0x5c/0x260 [<000000003cdedab6>] __do_sys_finit_module+0xb5/0x120 [<00000000ad2f48c6>] do_syscall_64+0x33/0x40 [<00000000809526b5>] entry_SYSCALL_64_after_hwframe+0x44/0xae | ||||
CVE-2021-45346 | 2 Netapp, Sqlite | 2 Ontap Select Deploy Administration Utility, Sqlite | 2024-08-04 | 4.3 Medium |
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect. | ||||
CVE-2021-46481 | 1 Jsish | 1 Jsish | 2024-08-04 | 5.5 Medium |
Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c. | ||||
CVE-2021-46142 | 4 Debian, Fedoraproject, Opensuse and 1 more | 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more | 2024-08-04 | 5.5 Medium |
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriNormalizeSyntax. | ||||
CVE-2021-46141 | 4 Debian, Fedoraproject, Opensuse and 1 more | 7 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 4 more | 2024-08-04 | 5.5 Medium |
An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeOwner. | ||||
CVE-2021-46082 | 1 Moxa | 12 Mgate 5101-pbm-mn, Mgate 5101-pbm-mn-t, Mgate 5101-pbm-mn-t Firmware and 9 more | 2024-08-04 | 7.5 High |
Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gateways, and MGate 5101-PBM-MN v2.1 series protocol gateways were discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via crafted packets. | ||||
CVE-2021-45480 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-04 | 5.5 Medium |
An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances. | ||||
CVE-2021-45481 | 2 Redhat, Webkitgtk | 2 Enterprise Linux, Webkitgtk | 2024-08-04 | 6.5 Medium |
In WebKitGTK before 2.32.4, there is incorrect memory allocation in WebCore::ImageBufferCairoImageSurfaceBackend::create, leading to a segmentation violation and application crash, a different vulnerability than CVE-2021-30889. | ||||
CVE-2021-45095 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-08-04 | 5.5 Medium |
pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak. | ||||
CVE-2021-44961 | 1 Slic3r | 1 Libslic3r | 2024-08-04 | 5.5 Medium |
A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious files to trigger this vulnerability. | ||||
CVE-2021-44542 | 1 Privoxy | 1 Privoxy | 2024-08-04 | 7.5 High |
A memory leak vulnerability was found in Privoxy when handling errors. | ||||
CVE-2021-44540 | 1 Privoxy | 1 Privoxy | 2024-08-04 | 7.5 High |
A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. | ||||
CVE-2021-44541 | 1 Privoxy | 1 Privoxy | 2024-08-04 | 7.5 High |
A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination. | ||||
CVE-2021-42523 | 1 Colord Project | 1 Colord | 2024-08-04 | 7.5 High |
There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it. | ||||
CVE-2021-42522 | 1 Gnome | 1 Anjuta | 2024-08-04 | 7.5 High |
There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'. | ||||
CVE-2021-42218 | 1 Rice | 1 Open Motion Planning Library | 2024-08-04 | 7.5 High |
OMPL v1.5.2 contains a memory leak in VFRRT.cpp | ||||
CVE-2021-42197 | 1 Swftools | 1 Swftools | 2024-08-04 | 7.8 High |
An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution. | ||||
CVE-2021-41959 | 1 Jerryscript | 1 Jerryscript | 2024-08-04 | 7.5 High |
JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak. | ||||
CVE-2021-41687 | 1 Offis | 1 Dcmtk | 2024-08-04 | 7.5 High |
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack. |