Total
1003 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48065 | 3 Fedoraproject, Gnu, Netapp | 3 Fedora, Binutils, Ontap Select Deploy Administration Utility | 2023-11-15 | N/A | 5.5 MEDIUM |
| GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. | |||||
| CVE-2023-43076 | 1 Dell | 1 Powerscale Onefs | 2023-11-09 | N/A | 6.5 MEDIUM |
| Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition. | |||||
| CVE-2019-20388 | 6 Debian, Fedoraproject, Netapp and 3 more | 31 Debian Linux, Fedora, Cloud Backup and 28 more | 2023-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | |||||
| CVE-2023-5349 | 2 Fedoraproject, Rmagick | 2 Fedora, Rmagick | 2023-11-09 | N/A | 3.3 LOW |
| A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion. | |||||
| CVE-2023-4569 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2023-11-07 | N/A | 5.5 MEDIUM |
| A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause double-deactivations of catchall elements, which can result in a memory leak. | |||||
| CVE-2023-28096 | 1 Opensips | 1 Opensips | 2023-11-07 | N/A | 7.5 HIGH |
| OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function `parse_mi_request` while performing coverage-guided fuzzing. This issue can be reproduced by sending multiple requests of the form `{"jsonrpc": "2.0","method": "log_le`. This malformed message was tested against an instance of OpenSIPS via FIFO transport layer and was found to increase the memory consumption over time. To abuse this memory leak, attackers need to reach the management interface (MI) which typically should only be exposed on trusted interfaces. In cases where the MI is exposed to the internet without authentication, abuse of this issue will lead to memory exhaustion which may affect the underlying system’s availability. No authentication is typically required to reproduce this issue. On the other hand, memory leaks may occur in other areas of OpenSIPS where the cJSON library is used for parsing JSON objects. The issue has been fixed in versions 3.1.8 and 3.2.5. | |||||
| CVE-2023-25566 | 1 Gss-ntlmssp Project | 1 Gss-ntlmssp | 2023-11-07 | N/A | 7.5 HIGH |
| GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0. | |||||
| CVE-2023-20089 | 1 Cisco | 47 Nexus 9000v, Nexus 92160yc-x, Nexus 92300yc and 44 more | 2023-11-07 | N/A | 6.5 MEDIUM |
| A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required. | |||||
| CVE-2022-4132 | 2 Dogtagpki, Redhat | 2 Network Security Services For Java, Enterprise Linux | 2023-11-07 | N/A | 5.9 MEDIUM |
| A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page). | |||||
| CVE-2022-41556 | 2 Fedoraproject, Lighttpd | 2 Fedora, Lighttpd | 2023-11-07 | N/A | 7.5 HIGH |
| A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67. | |||||
| CVE-2022-3630 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 5.5 MEDIUM |
| A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211931. | |||||
| CVE-2022-3669 | 1 Axiosys | 1 Bento4 | 2023-11-07 | N/A | 5.5 MEDIUM |
| A vulnerability was found in Axiomatic Bento4 and classified as problematic. This issue affects the function AP4_AvccAtom::Create of the component mp4edit. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212009 was assigned to this vulnerability. | |||||
| CVE-2022-3619 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 4.3 MEDIUM |
| A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2cap_recv_acldata of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211918 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-3624 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 3.3 LOW |
| A vulnerability was found in Linux Kernel and classified as problematic. Affected by this issue is the function rlb_arp_xmit of the file drivers/net/bonding/bond_alb.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211928. | |||||
| CVE-2022-3668 | 1 Axiosys | 1 Bento4 | 2023-11-07 | N/A | 5.5 MEDIUM |
| A vulnerability has been found in Axiomatic Bento4 and classified as problematic. This vulnerability affects the function AP4_AtomFactory::CreateAtomFromStream of the component mp4edit. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212008. | |||||
| CVE-2022-3526 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 7.5 HIGH |
| A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024. | |||||
| CVE-2022-28487 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2022-26365 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2023-11-07 | 3.6 LOW | 7.1 HIGH |
| Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). | |||||
| CVE-2022-20785 | 4 Cisco, Clamav, Debian and 1 more | 4 Secure Endpoint, Clamav, Debian Linux and 1 more | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. | |||||
| CVE-2022-1012 | 1 Linux | 1 Linux Kernel | 2023-11-07 | N/A | 8.2 HIGH |
| A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. | |||||