Vulnerabilities > Missing Release of Resource after Effective Lifetime

DATE CVE VULNERABILITY TITLE RISK
2016-12-23 CVE-2016-9907 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Quick Emulator (Qemu) built with the USB redirector usb-guest support is vulnerable to a memory leakage flaw.
local
low complexity
qemu debian redhat CWE-772
6.5
2016-12-10 CVE-2016-7995 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of crafted buffer page select (PG) indexes.
local
low complexity
qemu opensuse CWE-772
6.0
2016-12-10 CVE-2016-7994 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the virtio_gpu_resource_create_2d function in hw/display/virtio-gpu.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_CREATE_2D commands.
local
low complexity
qemu opensuse CWE-772
6.0
2016-12-10 CVE-2016-7466 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator), when the xhci uses msix, allows local guest OS administrators to cause a denial of service (memory consumption and possibly QEMU process crash) by repeatedly unplugging a USB device.
local
low complexity
qemu opensuse redhat CWE-772
6.0
2016-12-09 CVE-2016-9106 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.
local
low complexity
qemu opensuse debian CWE-772
6.0
2016-12-09 CVE-2016-9105 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.
local
low complexity
qemu opensuse debian CWE-772
6.0
2016-12-09 CVE-2016-9102 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.
local
low complexity
qemu debian CWE-772
6.0
2016-12-09 CVE-2016-9101 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
local
low complexity
qemu opensuse debian CWE-772
6.0
2016-11-04 CVE-2016-8577 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.
local
low complexity
qemu debian opensuse CWE-772
6.0
2016-05-31 CVE-2016-0877 Missing Release of Resource after Effective Lifetime vulnerability in Moxa Edr-G903 Firmware
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.
network
low complexity
moxa CWE-772
7.5