Total
1223 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47007 | 1 Gnu | 1 Binutils | 2024-11-21 | 5.5 Medium |
| An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | ||||
| CVE-2022-43272 | 1 Offis | 1 Dcmtk | 2024-11-21 | 7.5 High |
| DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object. | ||||
| CVE-2022-42325 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 5.5 Medium |
| Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the same transaction, the transaction will be terminated with an error. As this error is encountered only when handling the deleted node at transaction finalization, the transaction will have been performed partially and without updating the accounting information. This will enable a malicious guest to create arbitrary number of nodes. | ||||
| CVE-2022-42323 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 5.5 Medium |
| Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota. | ||||
| CVE-2022-42322 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 5.5 Medium |
| Xenstore: Cooperating guests can create arbitrary numbers of nodes T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by Dom0. This will allow two malicious guests working together to create an arbitrary number of Xenstore nodes. This is possible by domain A letting domain B write into domain A's local Xenstore tree. Domain B can then create many nodes and reboot. The nodes created by domain B will now be owned by Dom0. By repeating this process over and over again an arbitrary number of nodes can be created, as Dom0's number of nodes isn't limited by Xenstore quota. | ||||
| CVE-2022-42319 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 6.5 Medium |
| Xenstore: Guests can cause Xenstore to not free temporary memory When working on a request of a guest, xenstored might need to allocate quite large amounts of memory temporarily. This memory is freed only after the request has been finished completely. A request is regarded to be finished only after the guest has read the response message of the request from the ring page. Thus a guest not reading the response can cause xenstored to not free the temporary memory. This can result in memory shortages causing Denial of Service (DoS) of xenstored. | ||||
| CVE-2022-41556 | 2 Fedoraproject, Lighttpd | 2 Fedora, Lighttpd | 2024-11-21 | 7.5 High |
| A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67. | ||||
| CVE-2022-41427 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 6.5 Medium |
| Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux. | ||||
| CVE-2022-41426 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 6.5 Medium |
| Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_AtomFactory::CreateAtomFromStream function in mp4split. | ||||
| CVE-2022-41424 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 6.5 Medium |
| Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_SttsAtom::Create function in mp42hls. | ||||
| CVE-2022-41419 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 6.5 Medium |
| Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary. | ||||
| CVE-2022-40439 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 6.5 Medium |
| An memory leak issue was discovered in AP4_StdcFileByteStream::Create in mp42ts in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file. | ||||
| CVE-2022-40281 | 1 Samsung | 1 Tizenrt | 2024-11-21 | 7.5 High |
| An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure. | ||||
| CVE-2022-3812 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is the function AP4_ContainerAtom::AP4_ContainerAtom of the component mp4encrypt. The manipulation leads to memory leak. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212678 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-3543 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211043. | ||||
| CVE-2022-39005 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks. | ||||
| CVE-2022-39004 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks. | ||||
| CVE-2022-38600 | 1 Mplayerhq | 1 Mplayer | 2024-11-21 | 5.5 Medium |
| Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c. | ||||
| CVE-2022-36152 | 1 Monostream | 1 Tifig | 2024-11-21 | 5.5 Medium |
| tifig v0.2.2 was discovered to contain a memory leak via operator new[](unsigned long) at /asan/asan_new_delete.cpp. | ||||
| CVE-2022-35858 | 1 Samsung | 1 Mtower | 2024-11-21 | 7.8 High |
| The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount. | ||||