Total
708 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35085 | 1 Swftools | 1 Swftools | 2024-11-21 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c. | |||||
| CVE-2022-33105 | 1 Redis | 1 Redis | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. | |||||
| CVE-2022-2963 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. | |||||
| CVE-2022-2906 | 1 Isc | 1 Bind | 2024-11-21 | N/A | 7.5 HIGH |
| An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service. | |||||
| CVE-2022-29932 | 1 Primeur | 1 Spazio | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request. | |||||
| CVE-2022-29693 | 1 Unicorn-engine | 1 Unicorn Engine | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. | |||||
| CVE-2022-29515 | 1 Intel | 1 Server Platform Services Firmware | 2024-11-21 | N/A | 6.0 MEDIUM |
| Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-28487 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. | |||||
| CVE-2022-27950 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. | |||||
| CVE-2022-26878 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed). | |||||
| CVE-2022-26365 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). | |||||
| CVE-2022-25479 | 1 Realtek | 2 Rtsper, Rtsuer | 2024-11-21 | N/A | 5.5 MEDIUM |
| Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap. | |||||
| CVE-2022-24959 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. | |||||
| CVE-2022-24756 | 1 Bareos | 1 Bareos | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround. | |||||
| CVE-2022-24599 | 3 Audio File Library Project, Debian, Fedoraproject | 3 Audio File Library, Debian Linux, Fedora | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data. | |||||
| CVE-2022-23585 | 1 Google | 1 Tensorflow | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(..., &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-23578 | 1 Google | 1 Tensorflow | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | |||||
| CVE-2022-23471 | 1 Linuxfoundation | 1 Containerd | 2024-11-21 | N/A | 5.7 MEDIUM |
| containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to launch due to, for example, a faulty command, the goroutine will be stuck waiting to send without a receiver, resulting in a memory leak. Kubernetes and crictl can both be configured to use containerd's CRI implementation and the stream server is used for handling container IO. This bug has been fixed in containerd 1.6.12 and 1.5.16. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used and that only trusted users have permissions to execute commands in running containers. | |||||
| CVE-2022-23159 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.0 MEDIUM | 4.8 MEDIUM |
| Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges could exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity. | |||||
| CVE-2022-23091 | 2024-11-21 | N/A | 4.0 MEDIUM | ||
| A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel. | |||||