CWE-591— Sensitive Data Storage in Improperly Locked Memory
The product stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors.— MITRE CWE catalog
77 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-591page 1 of 2
- CVE-2023-21535HIGHCVSS 8.1EG 8.12023-01-10
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
- CVE-2023-21546HIGHCVSS 8.1EG 8.12023-01-10
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
- CVE-2023-21548HIGHCVSS 8.1EG 8.12023-01-10
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
- CVE-2023-21739HIGHCVSS 7.0EG 7.02023-01-10
Windows Bluetooth Driver Elevation of Privilege Vulnerability
- CVE-2023-21766MEDIUMCVSS 4.7EG 4.72023-01-10
Windows Overlay Filter Information Disclosure Vulnerability
- CVE-2023-21771HIGHCVSS 7.0EG 7.02023-01-10
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
- CVE-2023-23393HIGHCVSS 7.0EG 7.02023-03-14
Windows BrokerInfrastructure Service Elevation of Privilege Vulnerability
- CVE-2023-23407HIGHCVSS 7.1EG 7.12023-03-14
Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
- CVE-2023-23414HIGHCVSS 7.1EG 7.12023-03-14
Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
- CVE-2023-24899HIGHCVSS 7.0EG 7.02023-05-09
Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2023-24946HIGHCVSS 7.8EG 7.82023-05-09
Windows Backup Service Elevation of Privilege Vulnerability
- CVE-2023-28219HIGHCVSS 8.1EG 8.12023-04-11
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2023-28220HIGHCVSS 8.1EG 8.12023-04-11
Layer 2 Tunneling Protocol Remote Code Execution Vulnerability
- CVE-2023-28224HIGHCVSS 7.1EG 7.12023-04-11
Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
- CVE-2023-28229HIGHCVSS 7.0EG 9.0⚠ KEV2023-04-11
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
- CVE-2023-28236HIGHCVSS 7.8EG 7.82023-04-11
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-28238HIGHCVSS 7.5EG 7.52023-04-11
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
- CVE-2023-28255MEDIUMCVSS 6.6EG 6.62023-04-11
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2023-28256MEDIUMCVSS 6.6EG 6.62023-04-11
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2023-28273HIGHCVSS 7.0EG 7.02023-04-11
Windows Clip Service Elevation of Privilege Vulnerability
- CVE-2023-28278MEDIUMCVSS 6.6EG 6.62023-04-11
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2023-28283HIGHCVSS 8.1EG 8.12023-05-09
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
- CVE-2023-32010HIGHCVSS 7.0EG 7.02023-06-14
Windows Bus Filter Driver Elevation of Privilege Vulnerability
- CVE-2023-33163HIGHCVSS 7.5EG 7.52023-07-11
Windows Network Load Balancing Remote Code Execution Vulnerability
- CVE-2023-35309HIGHCVSS 7.5EG 7.52023-07-11
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
- CVE-2023-35310MEDIUMCVSS 6.6EG 6.62023-07-11
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2023-35340HIGHCVSS 7.8EG 7.82023-07-11
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
- CVE-2023-35344MEDIUMCVSS 6.6EG 6.62023-07-11
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2023-35345MEDIUMCVSS 6.6EG 6.62023-07-11
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2023-35346MEDIUMCVSS 6.6EG 6.62023-07-11
Windows DNS Server Remote Code Execution Vulnerability
- CVE-2023-35360HIGHCVSS 7.0EG 7.02023-07-11
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-35362HIGHCVSS 7.8EG 7.82023-07-11
Windows Clip Service Elevation of Privilege Vulnerability
- CVE-2023-36005HIGHCVSS 7.5EG 7.52023-12-12
Windows Telephony Server Elevation of Privilege Vulnerability
- CVE-2023-36403HIGHCVSS 7.0EG 7.02023-11-14
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2023-38159HIGHCVSS 7.0EG 7.02023-10-10
Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2024-20686HIGHCVSS 7.8EG 7.82024-01-09
Win32k Elevation of Privilege Vulnerability
- CVE-2024-21355HIGHCVSS 7.0EG 7.02024-02-13
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
- CVE-2024-21405HIGHCVSS 7.0EG 7.02024-02-13
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
- CVE-2024-21446HIGHCVSS 7.8EG 7.82024-03-12
NTFS Elevation of Privilege Vulnerability
- CVE-2024-26236HIGHCVSS 7.0EG 7.02024-04-09
Windows Update Stack Elevation of Privilege Vulnerability
- CVE-2024-26242HIGHCVSS 7.0EG 7.02024-04-09
Windows Telephony Server Elevation of Privilege Vulnerability
- CVE-2024-34525MEDIUMCVSS 5.3EG 5.32024-05-06
FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file.
- CVE-2024-38106HIGHCVSS 7.0EG 9.0⚠ KEV2024-08-13
Windows Kernel Elevation of Privilege Vulnerability
- CVE-2024-38131HIGHCVSS 8.8EG 8.82024-08-13
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
- CVE-2024-38137HIGHCVSS 7.0EG 7.02024-08-13
Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability
- CVE-2024-38262HIGHCVSS 7.5EG 7.52024-10-08
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
- CVE-2024-38263HIGHCVSS 7.5EG 7.52024-09-10
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
- CVE-2024-38264MEDIUMCVSS 5.9EG 5.92024-11-12
Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability
- CVE-2024-43563HIGHCVSS 7.8EG 7.82024-10-08
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
- CVE-2024-43633MEDIUMCVSS 6.5EG 6.52024-11-12
Windows Hyper-V Denial of Service Vulnerability
Map vulnerabilities like CWE-591 to your infrastructure
EchelonGraph correlates every CVE — across CWE-591 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →