CWE-401— Missing Release of Memory after Effective Lifetime (Memory Leak)
957 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-401page 1 of 20
- CVE-2017-15094MEDIUMCVSS 5.92018-01-23
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled b…
- CVE-2017-7654HIGHCVSS 7.52018-06-05
In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets which could cause a denial of service in the Mosquitto Broker.
- CVE-2018-0158HIGHCVSS 8.6EG 9.0⚠ KEV2018-03-28
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a …
- CVE-2018-0832MEDIUMCVSS 4.72018-02-15
The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in mem…
- CVE-2018-0891MEDIUMCVSS 4.32018-03-14
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, …
- CVE-2018-0895MEDIUMCVSS 4.72018-03-14
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows…
- CVE-2018-0901MEDIUMCVSS 4.72018-03-14
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows…
- CVE-2018-11246HIGHCVSS 7.5EG 7.52021-01-11
K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak.
- CVE-2018-13844HIGHCVSS 7.52018-07-10
An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct t…
- CVE-2018-15377HIGHCVSS 8.62018-10-05
A vulnerability in the Cisco Network Plug and Play agent, also referred to as the Cisco Open Plug-n-Play agent, of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak on an af…
- CVE-2018-17240HIGHCVSS 7.5EG 7.52022-06-10
There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password).
- CVE-2018-21017MEDIUMCVSS 6.5EG 6.52019-09-16
GPAC 0.7.1 has a memory leak in dinf_Read in isomedia/box_code_base.c.
- CVE-2018-21079HIGHCVSS 7.5EG 7.52020-04-08
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. There is a kernel pointer leak in the USB gadget driver. The Samsung ID is SVE-2017-10993 (March 2018).
- CVE-2019-0059HIGHCVSS 7.5EG 7.52019-10-09
A memory leak vulnerability in the of Juniper Networks Junos OS allows an attacker to cause a Denial of Service (DoS) to the device by sending specific commands from a peered BGP host and having those BGP states delivered to the vulnerable…
- CVE-2019-1000031HIGHCVSS 7.52019-03-27
A disk space or quota exhaustion issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which wil…
- CVE-2019-10547HIGHCVSS 7.8EG 7.82020-04-16
When issuing IOCTL calls to ION, Memory leak can occur due to failure in unassign pages under certain conditions in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Indu…
- CVE-2019-10649MEDIUMCVSS 5.52019-03-30
In ImageMagick 7.0.8-36 Q16, there is a memory leak in the function SVGKeyValuePairs of coders/svg.c, which allows an attacker to cause a denial of service via a crafted image file.
- CVE-2019-11010MEDIUMCVSS 6.52019-04-08
In GraphicsMagick 1.4 snapshot-20190322 Q8, there is a memory leak in the function ReadMPCImage of coders/mpc.c, which allows attackers to cause a denial of service via a crafted image file.
- CVE-2019-11463MEDIUMCVSS 5.52019-04-23
A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo. NOTE: this only affect…
- CVE-2019-12265MEDIUMCVSS 5.3EG 5.32019-08-09
Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report.
- CVE-2019-12379MEDIUMCVSS 5.52019-05-28
An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue
- CVE-2019-12975MEDIUMCVSS 5.5EG 5.52019-06-26
ImageMagick 7.0.8-34 has a memory leak vulnerability in the WriteDPXImage function in coders/dpx.c.
- CVE-2019-12976MEDIUMCVSS 5.5EG 5.52019-06-26
ImageMagick 7.0.8-34 has a memory leak in the ReadPCLImage function in coders/pcl.c.
- CVE-2019-13133MEDIUMCVSS 5.5EG 5.52019-07-01
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
- CVE-2019-13134MEDIUMCVSS 5.5EG 5.52019-07-01
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
- CVE-2019-13137MEDIUMCVSS 6.5EG 6.52019-07-01
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.
- CVE-2019-13296MEDIUMCVSS 6.5EG 6.52019-07-05
ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagickMemory because of an error in CLIListOperatorImages in MagickWand/operation.c for a NULL value.
- CVE-2019-13301MEDIUMCVSS 6.5EG 6.52019-07-05
ImageMagick 7.0.8-50 Q16 has memory leaks in AcquireMagickMemory because of an AnnotateImage error.
- CVE-2019-13309MEDIUMCVSS 6.5EG 6.52019-07-05
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of mishandling the NoSuchImage error in CLIListOperatorImages in MagickWand/operation.c.
- CVE-2019-13310MEDIUMCVSS 6.5EG 6.52019-07-05
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c.
- CVE-2019-13311MEDIUMCVSS 6.5EG 6.52019-07-05
ImageMagick 7.0.8-50 Q16 has memory leaks at AcquireMagickMemory because of a wand/mogrify.c error.
- CVE-2019-14559HIGHCVSS 7.5EG 7.52020-11-23
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
- CVE-2019-14818HIGHCVSS 7.5EG 7.52019-11-14
A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user socket, can send specially crafted VRING…
- CVE-2019-15134HIGHCVSS 7.5EG 7.52019-08-17
RIOT through 2019.07 contains a memory leak in the TCP implementation (gnrc_tcp), allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to _…
- CVE-2019-15807MEDIUMCVSS 4.7EG 4.72019-08-29
In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.
- CVE-2019-15916HIGHCVSS 7.5EG 7.52019-09-04
An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service.
- CVE-2019-15921MEDIUMCVSS 4.7EG 4.72019-09-04
An issue was discovered in the Linux kernel before 5.0.6. There is a memory leak issue when idr_alloc() fails in genl_register_family() in net/netlink/genetlink.c.
- CVE-2019-16708MEDIUMCVSS 6.5EG 6.52019-09-23
ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.
- CVE-2019-16709MEDIUMCVSS 6.5EG 6.52019-09-23
ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.
- CVE-2019-16710MEDIUMCVSS 6.5EG 6.52019-09-23
ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.
- CVE-2019-16711MEDIUMCVSS 6.5EG 6.52019-09-23
ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.
- CVE-2019-16712MEDIUMCVSS 6.5EG 6.52019-09-23
ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.
- CVE-2019-16713MEDIUMCVSS 6.5EG 6.52019-09-23
ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.
- CVE-2019-16994MEDIUMCVSS 4.7EG 4.72019-09-30
In the Linux kernel before 5.0, a memory leak exists in sit_init_net() in net/ipv6/sit.c when register_netdev() fails to register sitn->fb_tunnel_dev, which may cause denial of service, aka CID-07f12b26e21a.
- CVE-2019-16995HIGHCVSS 7.5EG 7.52019-09-30
In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d.
- CVE-2019-1708HIGHCVSS 8.62019-05-03
A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthentic…
- CVE-2019-17177HIGHCVSS 7.5EG 7.52019-10-04
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.
- CVE-2019-17178HIGHCVSS 7.5EG 7.52019-10-04
HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a reall…
- CVE-2019-17340HIGHCVSS 8.8EG 8.82019-10-08
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.
- CVE-2019-17371MEDIUMCVSS 6.5EG 6.52019-10-09
gif2png 2.5.13 has a memory leak in the writefile function.
Map vulnerabilities like CWE-401 to your infrastructure
EchelonGraph correlates every CVE — across CWE-401 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →