Total
466 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-9405 | 1 Imagemagick | 1 Imagemagick | 2024-09-16 | N/A |
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
CVE-2017-16892 | 1 Bftpd Project | 1 Bftpd | 2024-09-16 | N/A |
In Bftpd before 4.7, there is a memory leak in the file rename function. | ||||
CVE-2018-9271 | 1 Wireshark | 1 Wireshark | 2024-09-16 | N/A |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak. | ||||
CVE-2018-5536 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-09-16 | N/A |
A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module. | ||||
CVE-2017-0813 | 1 Google | 1 Android | 2024-09-16 | N/A |
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID: A-36531046. | ||||
CVE-2018-11097 | 1 Cstring Project | 1 Cstring | 2024-09-16 | N/A |
An issue was discovered in cloudwu/cstring through 2016-11-09. There is a memory leak vulnerability that could lead to a program crash. | ||||
CVE-2017-0726 | 1 Google | 1 Android | 2024-09-16 | N/A |
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36389123. | ||||
CVE-2018-9266 | 1 Wireshark | 1 Wireshark | 2024-09-16 | N/A |
In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak. | ||||
CVE-2017-2700 | 1 Huawei | 4 Ac6005, Ac6005 Firmware, Ac6605 and 1 more | 2024-09-16 | N/A |
AC6005 with software V200R006C10, AC6605 with software V200R006C10 have a DoS Vulnerability. An attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS attacks. | ||||
CVE-2018-18482 | 1 Libpg Query Project | 1 Libpg Query | 2024-09-16 | N/A |
An issue was discovered in libpg_query 10-1.0.2. There is a memory leak in pg_query_raw_parse in pg_query_parse.c, which might lead to a denial of service. | ||||
CVE-2017-15094 | 1 Powerdns | 1 Recursor | 2024-09-16 | N/A |
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default). | ||||
CVE-2017-15845 | 1 Google | 1 Android | 2024-09-16 | N/A |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an invalid input of firmware size (negative value) from user space can potentially lead to the memory leak or buffer overflow during the WLAN cal data store operation. | ||||
CVE-2017-1283 | 1 Ibm | 1 Websphere Mq | 2024-09-16 | N/A |
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a shared memory leak by MQ applications using dynamic queues, which can lead to lack of resources for other MQ applications. IBM X-Force ID: 125144. | ||||
CVE-2017-1786 | 1 Ibm | 1 Websphere Mq | 2024-09-16 | N/A |
IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under special circumstances could allow an authenticated user to consume all resources due to a memory leak resulting in service loss. IBM X-Force ID: 136975. | ||||
CVE-2017-0719 | 1 Google | 1 Android | 2024-09-16 | N/A |
A remote code execution vulnerability in the Android media framework (mpeg2 decoder). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37273673. | ||||
CVE-2018-1000036 | 2 Artifex, Debian | 2 Mupdf, Debian Linux | 2024-09-13 | 5.5 Medium |
In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. | ||||
CVE-2023-45814 | 1 Littlebigfresh | 1 Bunkum | 2024-09-13 | 5.3 Medium |
Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's `AuthenticationService` only supported injecting `IUser`s. However, as Refresh and SoundShapesServer implemented permissions systems support for injecting `IToken`s into endpoints was added. All was well until 4.0. Bunkum 4.0 then changed to enforce relations between `IToken`s and `IUser`s. This wasn't implemented in a very good way in the `AuthenticationService`, and ended up breaking caching in such a way that cached tokens would persist after the lifetime of the request - since we tried to cache both tokens and users. From that point until now, from what I understand, Bunkum was attempting to use that cached token at the start of the next request once cached. Naturally, when that token expired, downstream projects like Refresh would remove the object from Realm - and cause the object in the cache to be in a detached state, causing an exception from invalid use of `IToken.User`. So in other words, a use-after-free since Realm can't manage the lifetime of the cached token. Security-wise, the scope is fairly limited, can only be pulled off on a couple endpoints given a few conditions, and you can't guarantee which token you're going to get. Also, the token *would* get invalidated properly if the endpoint had either a `IToken` usage or a `IUser` usage. The fix is to just wipe the token cache after the request was handled, which is now in `4.2.1`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
CVE-2023-47216 | 1 Openatom | 1 Openharmony | 2024-09-09 | 2.9 Low |
in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources | ||||
CVE-2023-31274 | 1 Aveva | 1 Pi Server | 2024-08-29 | 5.3 Medium |
AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory resulting in throttled processing of new PI Data Archive events and a partial denial-of-service condition. | ||||
CVE-2024-41890 | 1 Apache | 1 Answer | 2024-08-29 | 5.3 Medium |
Missing Release of Resource after Effective Lifetime vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. User sends multiple password reset emails, each containing a valid link. Within the link's validity period, this could potentially lead to the link being misused or hijacked. Users are recommended to upgrade to version 1.3.6, which fixes the issue. |