Total
997 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-52986 | 2025-07-11 | N/A | 5.5 MEDIUM | ||
| A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart. The leak can be monitored with the CLI command: show task memory detail | match task_shard_mgmt_cookie where the allocated memory in bytes can be seen to continuously increase with each exploitation. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S11, * 22.2 versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2, 24.4R2; Junos OS Evolved: * all versions before 22.2R3-S7-EVO * 22.4-EVO versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S4-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO, * 24.4-EVO versions before 24.4R2-EVO. | |||||
| CVE-2025-53020 | 2025-07-10 | N/A | N/A | ||
| Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue. | |||||
| CVE-2025-29828 | 1 Microsoft | 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more | 2025-07-10 | N/A | 8.1 HIGH |
| Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2025-7068 | 1 Hdfgroup | 1 Hdf5 | 2025-07-09 | 1.7 LOW | 3.3 LOW |
| A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-1992 | 2025-07-03 | N/A | 5.3 MEDIUM | ||
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage. | |||||
| CVE-2025-1634 | 2025-06-30 | N/A | 7.5 HIGH | ||
| A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError. | |||||
| CVE-2023-28366 | 1 Eclipse | 1 Mosquitto | 2025-06-26 | N/A | 7.5 HIGH |
| The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. | |||||
| CVE-2021-47296 | 1 Linux | 1 Linux Kernel | 2025-06-23 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak vcpu_put is not called if the user copy fails. This can result in preempt notifier corruption and crashes, among other issues. | |||||
| CVE-2025-6498 | 2025-06-23 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-24267 | 1 Gpac | 1 Gpac | 2025-06-20 | N/A | 7.5 HIGH |
| gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function. | |||||
| CVE-2023-4969 | 3 Amd, Imaginationtech, Khronos | 261 Athlon 3000g, Athlon 3000g Firmware, Instinct Mi100 and 258 more | 2025-06-20 | N/A | 6.5 MEDIUM |
| A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. | |||||
| CVE-2024-26829 | 1 Linux | 1 Linux Kernel | 2025-06-19 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: media: ir_toy: fix a memleak in irtoy_tx When irtoy_command fails, buf should be freed since it is allocated by irtoy_tx, or there is a memleak. | |||||
| CVE-2024-25450 | 1 Enlightenment | 1 Imlib2 | 2025-06-16 | N/A | 8.8 HIGH |
| imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). | |||||
| CVE-2019-20386 | 5 Canonical, Fedoraproject, Netapp and 2 more | 7 Ubuntu Linux, Fedora, Active Iq Unified Manager and 4 more | 2025-06-09 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. | |||||
| CVE-2024-24258 | 1 Artifex | 1 Mupdf | 2025-06-05 | N/A | 7.5 HIGH |
| freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. | |||||
| CVE-2022-23091 | 1 Freebsd | 1 Freebsd | 2025-06-04 | N/A | 4.0 MEDIUM |
| A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel. | |||||
| CVE-2024-22563 | 1 Openvswitch | 1 Openvswitch | 2025-06-02 | N/A | 7.5 HIGH |
| openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. | |||||
| CVE-2025-5324 | 2025-05-30 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Affected is the function sub_140001880 in the library GPU-Z.sys of the component 0x8000645C IOCTL Handler. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-38178 | 4 Debian, Fedoraproject, Isc and 1 more | 4 Debian Linux, Fedora, Bind and 1 more | 2025-05-28 | N/A | 7.5 HIGH |
| By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | |||||
| CVE-2022-38177 | 4 Debian, Fedoraproject, Isc and 1 more | 4 Debian Linux, Fedora, Bind and 1 more | 2025-05-28 | N/A | 7.5 HIGH |
| By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | |||||