Vulnerabilities > Missing Release of Resource after Effective Lifetime

DATE CVE VULNERABILITY TITLE RISK
2016-12-09 CVE-2016-9106 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) by leveraging failure to free an IO vector.
local
low complexity
qemu opensuse debian CWE-772
6.0
6.0
2016-12-09 CVE-2016-9105 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors involving a reference to the source fid object.
local
low complexity
qemu opensuse debian CWE-772
6.0
6.0
2016-12-09 CVE-2016-9102 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) via a large number of Txattrcreate messages with the same fid number.
local
low complexity
qemu debian CWE-772
6.0
6.0
2016-12-09 CVE-2016-9101 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by repeatedly unplugging an i8255x (PRO100) NIC device.
local
low complexity
qemu opensuse debian CWE-772
2.1
2.1
2016-11-04 CVE-2016-8577 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O read operation.
local
low complexity
qemu debian opensuse CWE-772
6.0
6.0
2016-05-31 CVE-2016-0877 Missing Release of Resource after Effective Lifetime vulnerability in Moxa Edr-G903 Firmware
Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 allows remote attackers to cause a denial of service (memory consumption) by executing the ping function.
network
low complexity
moxa CWE-772
7.8
7.8
2016-02-13 CVE-2015-8631 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
network
low complexity
mit opensuse debian redhat oracle CWE-772
4.0
4.0
2015-10-14 CVE-2015-6704 Missing Release of Resource after Effective Lifetime vulnerability in Adobe products
The animations property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via a function call, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, and CVE-2015-6703.
network
adobe CWE-772
4.3
4.3
2015-10-14 CVE-2015-6703 Missing Release of Resource after Effective Lifetime vulnerability in Adobe products
The loadFlashMovie function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, and CVE-2015-6704.
network
adobe CWE-772
4.3
4.3
2015-10-14 CVE-2015-6702 Missing Release of Resource after Effective Lifetime vulnerability in Adobe products
The createSquareMesh function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6703, and CVE-2015-6704.
network
adobe CWE-772
4.3
4.3