CWE-244
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Monthly
SQLite's zipfile extension contains a bug in the zipfileInflate function that leaks heap memory contents when processing specially crafted ZIP files. This affects SQLite version 3.51.1 and earlier installations that use the zipfile extension. An attacker can exploit this by providing a malicious ZIP file to read sensitive data from the application's memory, potentially exposing passwords, encryption keys, or other confidential information.
Unauthenticated remote attackers can trigger a denial of service against Cisco Secure Firewall ASA and FTD devices by sending crafted HTTP requests to the VPN web server, exploiting ineffective memory management to force device reloads. The vulnerability requires no authentication or user interaction and affects all network-exposed instances. No patch is currently available.
Concert versions up to 2.1.0 contains a vulnerability that allows attackers to obtain sensitive information using man in the middle techniques due to improper (CVSS 5.9).
Concert versions up to 2.1.0 contains a vulnerability that allows attackers to a remote attacker to obtain sensitive information from allocated memory due to i (CVSS 5.9).
Concert versions up to 2.1.0 contains a vulnerability that allows attackers to a remote attacker to obtain sensitive information from allocated memory due to i (CVSS 5.9).
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQLite's zipfile extension contains a bug in the zipfileInflate function that leaks heap memory contents when processing specially crafted ZIP files. This affects SQLite version 3.51.1 and earlier installations that use the zipfile extension. An attacker can exploit this by providing a malicious ZIP file to read sensitive data from the application's memory, potentially exposing passwords, encryption keys, or other confidential information.
Unauthenticated remote attackers can trigger a denial of service against Cisco Secure Firewall ASA and FTD devices by sending crafted HTTP requests to the VPN web server, exploiting ineffective memory management to force device reloads. The vulnerability requires no authentication or user interaction and affects all network-exposed instances. No patch is currently available.
Concert versions up to 2.1.0 contains a vulnerability that allows attackers to obtain sensitive information using man in the middle techniques due to improper (CVSS 5.9).
Concert versions up to 2.1.0 contains a vulnerability that allows attackers to a remote attacker to obtain sensitive information from allocated memory due to i (CVSS 5.9).
Concert versions up to 2.1.0 contains a vulnerability that allows attackers to a remote attacker to obtain sensitive information from allocated memory due to i (CVSS 5.9).
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.