ReportizFlow
Filtered by vendor
Subscriptions
Total
1444 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20239 | 1 Cisco | 5 Adaptive Security Appliance Software, Firepower Threat Defense Software, Ios and 2 more | 2025-08-17 | 8.6 High |
| A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to a lack of proper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. In the case of Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly. In the case of Cisco ASA and FTD Software, a successful exploit could allow the attacker to partially exhaust system memory, causing system instability such as being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition. | ||||
| CVE-2025-20224 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2025-08-15 | 5.8 Medium |
| A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending a continuous stream of crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to partially exhaust system memory, causing system instability like being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition. | ||||
| CVE-2025-20252 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2025-08-15 | 5.8 Medium |
| A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending a continuous stream of crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to partially exhaust system memory, causing system instability like being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition. | ||||
| CVE-2025-20225 | 1 Cisco | 4 Adaptive Security Appliance Software, Firepower Threat Defense Software, Ios and 1 more | 2025-08-15 | 5.8 Medium |
| A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to a lack of proper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to an affected device. In the case of Cisco IOS and IOS XE Software, a successful exploit could allow the attacker to cause the device to reload unexpectedly. In the case of Cisco ASA and FTD Software, a successful exploit could allow the attacker to partially exhaust system memory, causing system instability such as being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition. | ||||
| CVE-2025-20254 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2025-08-15 | 5.8 Medium |
| A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending a continuous stream of crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to partially exhaust system memory, causing system instability like being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition. | ||||
| CVE-2025-20133 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2025-08-15 | 8.6 High |
| A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly stop responding, resulting in a DoS condition. This vulnerability is due to ineffective validation of user-supplied input during the Remote Access SSL VPN authentication process. An attacker could exploit this vulnerability by sending a crafted request to the VPN service on an affected device. A successful exploit could allow the attacker to cause a DoS condition where the device stops responding to Remote Access SSL VPN authentication requests. | ||||
| CVE-2025-20135 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2025-08-15 | 4.3 Medium |
| A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to exhaust available memory. This vulnerability is due to improper validation of incoming DHCP packets. An attacker could exploit this vulnerability by repeatedly sending crafted DHCPv4 packets to an affected device. A successful exploit could allow the attacker to exhaust available memory, which would affect availability of services and prevent new processes from starting, resulting in a Denial of Service (DoS) condition that would require a manual reboot. Note: On Cisco Secure FTD Software, this vulnerability does not affect management interfaces. | ||||
| CVE-2025-20077 | 1 Intel | 1 Reference Server Platforms | 2025-08-14 | 5.3 Medium |
| Missing release of memory after effective lifetime in the UEFI OobRasMmbiHandlerDriver module for some Intel(R) reference server platforms may allow a privileged user to enable denial of service via local access. | ||||
| CVE-2025-24844 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2025-08-12 | 3.3 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | ||||
| CVE-2025-24925 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2025-08-12 | 3.3 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | ||||
| CVE-2025-27562 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2025-08-12 | 3.3 Low |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | ||||
| CVE-2023-33086 | 1 Qualcomm | 314 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 311 more | 2025-08-11 | 7.5 High |
| Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers. | ||||
| CVE-2023-33049 | 1 Qualcomm | 202 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 199 more | 2025-08-11 | 7.5 High |
| Transient DOS in Multi-Mode Call Processor due to UE failure because of heap leakage. | ||||
| CVE-2024-5294 | 2 D-link, Dlink | 3 Dir-3040, Dir-3040, Dir-3040 Firmware | 2025-08-06 | 6.5 Medium |
| D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the prog.cgi program, which handles HNAP requests made to the lighttpd webserver listening on ports 80 and 443. The issue results from the lack of proper memory management when processing HTTP cookie values. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. . Was ZDI-CAN-21668. | ||||
| CVE-2025-53537 | 1 Oisf | 1 Libhtp | 2025-08-05 | 7.5 High |
| LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can starve the process of memory, leading to loss of visibility. To workaround this issue, set `suricata.yaml app-layer.protocols.http.libhtp.default-config.lzma-enabled` to false. This issue is fixed in version 0.5.51. | ||||
| CVE-2025-8225 | 1 Gnu | 1 Binutils | 2025-08-01 | 3.3 Low |
| A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2025-25469 | 1 Ffmpeg | 1 Ffmpeg | 2025-07-21 | 6.5 Medium |
| FFmpeg git-master before commit d5873b was discovered to contain a memory leak in the component libavutil/iamf.c. | ||||
| CVE-2025-25566 | 1 Softether | 1 Vpn | 2025-07-19 | 5.6 Medium |
| Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function. NOTE: the Supplier disputes this because the behavior is limited to a single allocation of a few hundred bytes with a command-line tool. | ||||
| CVE-2024-42649 | 1 Emqx | 1 Nanomq | 2025-07-16 | 6.5 Medium |
| NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message. | ||||
| CVE-2025-52986 | 1 Juniper Networks | 2 Junos Os, Junos Os Evolved | 2025-07-15 | 5.5 Medium |
| A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart. The leak can be monitored with the CLI command: show task memory detail | match task_shard_mgmt_cookie where the allocated memory in bytes can be seen to continuously increase with each exploitation. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S11, * 22.2 versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2, 24.4R2; Junos OS Evolved: * all versions before 22.2R3-S7-EVO * 22.4-EVO versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S4-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO, * 24.4-EVO versions before 24.4R2-EVO. | ||||