CVEbaza.plCWE DictionaryCWE-591
Common Weakness Enumeration

CWE-591

Sensitive Data Storage in Improperly Locked Memory

Category: VariantCVE: 77
Description

The product stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors.

Extended Description

On Windows systems the VirtualLock function can lock a page of memory to ensure that it will remain present in memory and not be swapped to disk. However, on older versions of Windows, such as 95, 98, or Me, the VirtualLock() function is only a stub and provides no protection. On POSIX systems the mlock() call ensures that a page will stay resident in memory but does not guarantee that the page will not appear in the swap. Therefore, it is unsuitable for use as a protection mechanism for sensitive data. Some platforms, in particular Linux, do make the guarantee that the page will not be swapped, but this is non-standard and is not portable. Calls to mlock() also require supervisor privilege. Return values for both of these calls must be checked to ensure that the lock operation was actually successful.

CVE vulnerabilities with CWE-591 (77)
8.8
CVSS
HIGH
CVE-2024-38131

Clipboard Virtual Channel Extension Remote Code Execution Vulnerability

pub. 2024-08-13
8.1
CVSS
HIGH
CVE-2025-26671

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

pub. 2025-04-08
8.1
CVSS
HIGH
CVE-2025-27482

Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.

pub. 2025-04-08
8.1
CVSS
HIGH
CVE-2025-24035

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

pub. 2025-03-11
8.1
CVSS
HIGH
CVE-2025-24045

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

pub. 2025-03-11
8.1
CVSS
HIGH
CVE-2025-21224

Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability

pub. 2025-01-14
8.1
CVSS
HIGH
CVE-2025-21294

Microsoft Digest Authentication Remote Code Execution Vulnerability

pub. 2025-01-14
8.1
CVSS
HIGH
CVE-2025-21309

Windows Remote Desktop Services Remote Code Execution Vulnerability

pub. 2025-01-14
8.1
CVSS
HIGH
CVE-2024-49106

Windows Remote Desktop Services Remote Code Execution Vulnerability

pub. 2024-12-12
8.1
CVSS
HIGH
CVE-2024-49108

Windows Remote Desktop Services Remote Code Execution Vulnerability

pub. 2024-12-12
8.1
CVSS
HIGH
CVE-2024-49115

Windows Remote Desktop Services Remote Code Execution Vulnerability

pub. 2024-12-12
8.1
CVSS
HIGH
CVE-2024-49123

Windows Remote Desktop Services Remote Code Execution Vulnerability

pub. 2024-12-12
8.1
CVSS
HIGH
CVE-2024-49126

Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability

pub. 2024-12-12
8.1
CVSS
HIGH
CVE-2024-49128

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

pub. 2024-12-12
8.1
CVSS
HIGH
CVE-2024-49132

Windows Remote Desktop Services Remote Code Execution Vulnerability

pub. 2024-12-12
8.1
CVSS
HIGH
CVE-2023-28283

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

pub. 2023-05-09
8.1
CVSS
HIGH
CVE-2023-28219

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

pub. 2023-04-11
8.1
CVSS
HIGH
CVE-2023-28220

Layer 2 Tunneling Protocol Remote Code Execution Vulnerability

pub. 2023-04-11
8.1
CVSS
HIGH
CVE-2023-21535

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

pub. 2023-01-10
8.1
CVSS
HIGH
CVE-2023-21546

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability

pub. 2023-01-10
Showing 20 of 77 vulnerabilities
Information
ID: CWE-591
Type: Variant
Vulnerabilities: 77
MITRE CWE ↗
← CWE Dictionary