Vulnerabilities (CVE)

Filtered by CWE-401
Total 1045 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-53537 2025-07-23 N/A 7.5 HIGH
LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set `suricata.yaml app-layer.protocols.http.libhtp.default-config.lzma-enabled` to false. This issue is fixed in version 0.5.51.
CVE-2025-25566 1 Softether 1 Vpn 2025-07-19 N/A 5.6 MEDIUM
Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function. NOTE: the Supplier disputes this because the behavior is limited to a single allocation of a few hundred bytes with a command-line tool.
CVE-2024-42649 1 Emqx 1 Nanomq 2025-07-16 N/A 6.5 MEDIUM
NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.
CVE-2025-53020 2025-07-15 N/A 7.5 HIGH
Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63. Users are recommended to upgrade to version 2.4.64, which fixes the issue.
CVE-2025-52986 2025-07-15 N/A 5.5 MEDIUM
A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart. The leak can be monitored with the CLI command: show task memory detail | match task_shard_mgmt_cookie where the allocated memory in bytes can be seen to continuously increase with each exploitation. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S11, * 22.2 versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4,  * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2, 24.4R2; Junos OS Evolved: * all versions before 22.2R3-S7-EVO * 22.4-EVO versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S4-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO,  * 24.4-EVO versions before 24.4R2-EVO.
CVE-2025-29828 1 Microsoft 6 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 3 more 2025-07-10 N/A 8.1 HIGH
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network.
CVE-2025-7068 1 Hdfgroup 1 Hdf5 2025-07-09 1.7 LOW 3.3 LOW
A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVE-2025-1992 2025-07-03 N/A 5.3 MEDIUM
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage.
CVE-2025-1634 2025-06-30 N/A 7.5 HIGH
A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.
CVE-2023-28366 1 Eclipse 1 Mosquitto 2025-06-26 N/A 7.5 HIGH
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.
CVE-2021-47296 1 Linux 1 Linux Kernel 2025-06-23 N/A 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak vcpu_put is not called if the user copy fails. This can result in preempt notifier corruption and crashes, among other issues.
CVE-2025-6498 2025-06-23 1.7 LOW 3.3 LOW
A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVE-2024-24267 1 Gpac 1 Gpac 2025-06-20 N/A 7.5 HIGH
gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
CVE-2023-4969 3 Amd, Imaginationtech, Khronos 261 Athlon 3000g, Athlon 3000g Firmware, Instinct Mi100 and 258 more 2025-06-20 N/A 6.5 MEDIUM
A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.
CVE-2024-26829 1 Linux 1 Linux Kernel 2025-06-19 N/A 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: media: ir_toy: fix a memleak in irtoy_tx When irtoy_command fails, buf should be freed since it is allocated by irtoy_tx, or there is a memleak.
CVE-2024-25450 1 Enlightenment 1 Imlib2 2025-06-16 N/A 8.8 HIGH
imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
CVE-2019-20386 5 Canonical, Fedoraproject, Netapp and 2 more 7 Ubuntu Linux, Fedora, Active Iq Unified Manager and 4 more 2025-06-09 2.1 LOW 2.4 LOW
An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur.
CVE-2024-24258 1 Artifex 1 Mupdf 2025-06-05 N/A 7.5 HIGH
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
CVE-2022-23091 1 Freebsd 1 Freebsd 2025-06-04 N/A 4.0 MEDIUM
A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause. An unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel.
CVE-2024-22563 1 Openvswitch 1 Openvswitch 2025-06-02 N/A 7.5 HIGH
openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.