Total
1021 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-29828 | 2025-06-12 | N/A | 8.1 HIGH | ||
| Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2019-20386 | 5 Canonical, Fedoraproject, Netapp and 2 more | 7 Ubuntu Linux, Fedora, Active Iq Unified Manager and 4 more | 2025-06-09 | 2.1 LOW | 2.4 LOW |
| An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur. | |||||
| CVE-2024-24258 | 1 Artifex | 1 Mupdf | 2025-06-05 | N/A | 7.5 HIGH |
| freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. | |||||
| CVE-2022-23091 | 1 Freebsd | 1 Freebsd | 2025-06-04 | N/A | 4.0 MEDIUM |
| A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel. | |||||
| CVE-2024-22563 | 1 Openvswitch | 1 Openvswitch | 2025-06-02 | N/A | 7.5 HIGH |
| openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. | |||||
| CVE-2025-5324 | 2025-05-30 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Affected is the function sub_140001880 in the library GPU-Z.sys of the component 0x8000645C IOCTL Handler. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-38178 | 4 Debian, Fedoraproject, Isc and 1 more | 4 Debian Linux, Fedora, Bind and 1 more | 2025-05-28 | N/A | 7.5 HIGH |
| By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | |||||
| CVE-2022-38177 | 4 Debian, Fedoraproject, Isc and 1 more | 4 Debian Linux, Fedora, Bind and 1 more | 2025-05-28 | N/A | 7.5 HIGH |
| By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources. | |||||
| CVE-2022-2906 | 1 Isc | 1 Bind | 2025-05-28 | N/A | 7.5 HIGH |
| An attacker can leverage this flaw to gradually erode available memory to the point where named crashes for lack of resources. Upon restart the attacker would have to begin again, but nevertheless there is the potential to deny service. | |||||
| CVE-2022-35085 | 1 Swftools | 1 Swftools | 2025-05-27 | N/A | 5.5 MEDIUM |
| SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c. | |||||
| CVE-2024-27508 | 1 Atheme | 1 Atheme | 2025-05-23 | N/A | 7.5 HIGH |
| Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c. | |||||
| CVE-2024-26458 | 2 Mit, Netapp | 12 Kerberos 5, Active Iq Unified Manager, Cloud Volumes Ontap Mediator and 9 more | 2025-05-23 | N/A | 5.3 MEDIUM |
| Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. | |||||
| CVE-2025-47935 | 2025-05-21 | N/A | 7.5 HIGH | ||
| Multer is a node.js middleware for handling `multipart/form-data`. Versions prior to 2.0.0 are vulnerable to a resource exhaustion and memory leak issue due to improper stream handling. When the HTTP request stream emits an error, the internal `busboy` stream is not closed, violating Node.js stream safety guidance. This leads to unclosed streams accumulating over time, consuming memory and file descriptors. Under sustained or repeated failure conditions, this can result in denial of service, requiring manual server restarts to recover. All users of Multer handling file uploads are potentially impacted. Users should upgrade to 2.0.0 to receive a patch. No known workarounds are available. | |||||
| CVE-2022-41847 | 1 Axiosys | 1 Bento4 | 2025-05-20 | N/A | 5.5 MEDIUM |
| An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp. | |||||
| CVE-2025-23165 | 2025-05-19 | N/A | 3.7 LOW | ||
| In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service. Impact: * This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22. | |||||
| CVE-2025-47279 | 2025-05-16 | N/A | 3.1 LOW | ||
| Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, then they can cause a memory leak. This has been patched in versions 5.29.0, 6.21.2, and 7.5.0. As a workaound, avoid calling a webhook repeatedly if the webhook fails. | |||||
| CVE-2024-24259 | 1 Artifex | 1 Mupdf | 2025-05-15 | N/A | 7.5 HIGH |
| freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function. | |||||
| CVE-2025-3198 | 1 Gnu | 1 Binutils | 2025-05-15 | 1.7 LOW | 3.3 LOW |
| A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2022-2963 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2025-05-15 | N/A | 7.5 HIGH |
| A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault. | |||||
| CVE-2025-46420 | 2025-05-13 | N/A | 6.5 MEDIUM | ||
| A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes. | |||||