Total
1026 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39004 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | N/A | 7.5 HIGH |
| The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks. | |||||
| CVE-2022-38600 | 1 Mplayerhq | 1 Mplayer | 2024-11-21 | N/A | 5.5 MEDIUM |
| Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c. | |||||
| CVE-2022-38178 | 4 Debian, Fedoraproject, Isc and 1 more | 4 Debian Linux, Fedora, Bind and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | |||||
| CVE-2022-38177 | 4 Debian, Fedoraproject, Isc and 1 more | 4 Debian Linux, Fedora, Bind and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | |||||
| CVE-2022-36152 | 1 Monostream | 1 Tifig | 2024-11-21 | N/A | 5.5 MEDIUM |
| tifig v0.2.2 was discovered to contain a memory leak via operator new[](unsigned long) at /asan/asan_new_delete.cpp. | |||||
| CVE-2022-35858 | 1 Samsung | 1 Mtower | 2024-11-21 | N/A | 7.8 HIGH |
| The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount. | |||||
| CVE-2022-35433 | 1 Ffjpeg Project | 1 Ffjpeg | 2024-11-21 | N/A | 6.5 MEDIUM |
| ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c. | |||||
| CVE-2022-35110 | 1 Swftools | 1 Swftools | 2024-11-21 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c. | |||||
| CVE-2022-33105 | 1 Redis | 1 Redis | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. | |||||
| CVE-2022-2906 | 1 Isc | 1 Bind | 2024-11-21 | N/A | 7.5 HIGH |
| An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service. | |||||
| CVE-2022-29932 | 1 Primeur | 1 Spazio | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request. | |||||
| CVE-2022-29693 | 1 Unicorn-engine | 1 Unicorn Engine | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. | |||||
| CVE-2022-28487 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2022-27950 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. | |||||
| CVE-2022-26365 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). | |||||
| CVE-2022-25479 | 1 Realtek | 2 Rtsper, Rtsuer | 2024-11-21 | N/A | 5.5 MEDIUM |
| Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap. | |||||
| CVE-2022-24959 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. | |||||
| CVE-2022-24756 | 1 Bareos | 1 Bareos | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround. | |||||
| CVE-2022-24599 | 3 Audio File Library Project, Debian, Fedoraproject | 3 Audio File Library, Debian Linux, Fedora | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data. | |||||
| CVE-2022-23585 | 1 Google | 1 Tensorflow | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||