Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

CVEs (1,736)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-22312 1Huawei 12Ips6000e Firmware Ips Module FirmwareNgfw Module Firmware+9 more Nov 21, 2024 Apr 8, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory p...Show more There is a memory leak vulnerability in some Huawei products. An authenticated remote attacker may exploit this vulnerability by sending specific message to the affected product. Due to not release the allocated memory properly, successful exploit may cause some service abnormal. Affected product include some versions of IPS Module, NGFW Module, Secospace USG6300, Secospace USG6500, Secospace USG6600 and USG9500.Show less
CVE-2021-1309 1Cisco 11Rv132w Firmware Rv134w FirmwareRv160 Firmware+8 more Nov 21, 2024 Apr 8, 2021 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affecte...Show more Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Show less
CVE-2021-1308 1Cisco 11Rv132w Firmware Rv134w FirmwareRv160 Firmware+8 more Nov 21, 2024 Apr 8, 2021 N/A· v4 7.4 HIGH· v3 6.1 MEDIUM· v2 Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affecte...Show more Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Show less
CVE-2021-1251 1Cisco 11Rv132w Firmware Rv134w FirmwareRv160 Firmware+8 more Nov 21, 2024 Apr 8, 2021 N/A· v4 7.4 HIGH· v3 6.1 MEDIUM· v2 Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affecte...Show more Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Show less
CVE-2020-11255 1Qualcomm 344Apq8009 Firmware Apq8017 FirmwareApq8037 Firmware+341 more Nov 21, 2024 Apr 7, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit...Show more Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon WearablesShow less
CVE-2020-36312 1Linux 1Linux Kernel Nov 21, 2024 Apr 7, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.
CVE-2021-30141 1Friendica 1Friendica Nov 21, 2024 Apr 5, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memor...Show more Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users.Show less
CVE-2021-30002 2Debian Linux 2Debian Linux Linux Kernel Nov 21, 2024 Apr 2, 2021 N/A· v4 6.2 MEDIUM· v3 2.1 LOW· v2 An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.
CVE-2021-20234 1Zeromq 1Libzmq Nov 21, 2024 Apr 1, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to cr...Show more An uncontrolled resource consumption (memory leak) flaw was found in the ZeroMQ client in versions before 4.3.3 in src/pipe.cpp. This issue causes a client that connects to multiple malicious or compromised servers to crash. The highest threat from this vulnerability is to system availability.Show less
CVE-2021-29649 2Fedoraproject Linux 2Fedora Linux Kernel Nov 21, 2024 Mar 30, 2021 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_k...Show more An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677.Show less
CVE-2021-20193 1Gnu 1Tar May 5, 2025 Mar 26, 2021 N/A· v4 3.3 LOW· v3 4.3 MEDIUM· v2 A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability...Show more A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.Show less
CVE-2021-20216 1Privoxy 1Privoxy Nov 21, 2024 Mar 25, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability...Show more A flaw was found in Privoxy in versions before 3.0.31. A memory leak that occurs when decompression fails unexpectedly may lead to a denial of service. The highest threat from this vulnerability is to system availability.Show less
CVE-2021-20215 1Privoxy 1Privoxy Nov 21, 2024 Mar 25, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the show-status CGI handler when memory allocations fail can lead to a system crash.
CVE-2021-20214 1Privoxy 1Privoxy Nov 21, 2024 Mar 25, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A flaw was found in Privoxy in versions before 3.0.29. Memory leaks in the client-tags CGI handler when client tags are configured and memory allocations fail can lead to a system crash.
CVE-2021-20212 1Privoxy 1Privoxy Nov 21, 2024 Mar 25, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A flaw was found in Privoxy in versions before 3.0.29. Memory leak if multiple filters are executed and the last one is skipped due to a pcre error leading to a system crash.
CVE-2021-20211 1Privoxy 1Privoxy Nov 21, 2024 Mar 25, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A flaw was found in Privoxy in versions before 3.0.29. Memory leak when client tags are active can cause a system crash.
CVE-2021-20210 1Privoxy 1Privoxy Nov 21, 2024 Mar 25, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A flaw was found in Privoxy in versions before 3.0.29. Memory leak in the show-status CGI handler when no filter files are configured can lead to a system crash.
CVE-2020-35502 1Privoxy 1Privoxy Nov 21, 2024 Mar 25, 2021 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash.
CVE-2021-20265 2Linux Oracle 2Linux Kernel Tekelec Platform Distribution Nov 21, 2024 Mar 10, 2021 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting ava...Show more A flaw was found in the way memory resources were freed in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. This flaw allows an unprivileged local user to crash the system by exhausting available memory. The highest threat from this vulnerability is to system availability.Show less
CVE-2021-21724 1Zte 1Zxr10 8900e Firmware Nov 21, 2024 Feb 26, 2021 N/A· v4 4.4 MEDIUM· v3 2.1 LOW· v2 A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause mem...Show more A ZTE product has a memory leak vulnerability. Due to the product's improper handling of memory release in certain scenarios, a local attacker with device permissions repeatedly attenuated the optical signal to cause memory leak and abnormal service. This affects: ZXR10 8900E, all versions up to V3.03.20R2B30P1.Show less

Previous 1...737475...87 Next