Vulnerabilities > Improper Release of Memory Before Removing Last Reference ('Memory Leak')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-26 | CVE-2024-23820 | Memory Leak vulnerability in Openfga OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. | 6.5 |
| 2024-01-19 | CVE-2024-22563 | Memory Leak vulnerability in Openvswitch 2.17.8 openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. | 7.5 |
| 2024-01-18 | CVE-2023-51258 | Memory Leak vulnerability in Tortall Yasm 1.3.0 A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512. | 5.5 |
| 2024-01-16 | CVE-2023-4969 | Memory Leak vulnerability in multiple products A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures. | 6.5 |
| 2024-01-12 | CVE-2024-21599 | Memory Leak vulnerability in Juniper Junos A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart. To monitor for this issue, please use the following FPC vty level commands: show heap shows an increase in "LAN buffer" utilization and show clksync ptp nbr-upd-info shows non-zero "Pending PFEs" counter. This issue affects Juniper Networks Junos OS on MX Series with MPC3E: * All versions earlier than 20.4R3-S3; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3; * 21.3 versions earlier than 21.3R2-S1, 21.3R3; * 21.4 versions earlier than 21.4R2; * 22.1 versions earlier than 22.1R2. | 6.5 |
| 2024-01-12 | CVE-2024-21611 | Memory Leak vulnerability in Juniper Junos and Junos OS Evolved A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd. Thread level memory utilization for the areas where the leak occurs can be checked using the below command: user@host> show task memory detail | match so_in so_in6 28 32 344450 11022400 344760 11032320 so_in 8 16 1841629 29466064 1841734 29467744 This issue affects: Junos OS * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Junos OS Evolved * 21.4-EVO versions earlier than 21.4R3-EVO; * 22.1-EVO versions earlier than 22.1R3-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO. This issue does not affect: Juniper Networks Junos OS versions earlier than 21.4R1. Juniper Networks Junos OS Evolved versions earlier than 21.4R1. | 7.5 |
| 2024-01-12 | CVE-2024-21613 | Memory Leak vulnerability in Juniper Junos and Junos OS Evolved A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. | 6.5 |
| 2024-01-02 | CVE-2023-7192 | Memory Leak vulnerability in multiple products A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. | 4.4 |
| 2023-12-14 | CVE-2023-0248 | Memory Leak vulnerability in Johnsoncontrols Iosmart GEN 1 Firmware An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader. | 5.3 |
| 2023-12-12 | CVE-2023-38380 | Memory Leak vulnerability in Siemens products A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. | 7.5 |