Total
1580 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41546 | 1 Siemens | 20 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Rx1400 and 17 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V ...
Show More |
|||||
| CVE-2021-41167 | 1 Modern-async Project | 1 Modern-async | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
modern-async is an open source JavaScript tooling library for asynchronous operations using async/await and promises. In affected versions a bug affecting two of the functions in this library: forEachSeries and forEachLimit. They should limit the concurrency of some actions but, in practice, they don't. Any code calling these functions will be written thinking they would limit the concurrency but they won't. This could lead to potential security issues in other projects. The problem has been pat ...
Show More |
|||||
| CVE-2021-40941 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS).
|
|||||
| CVE-2021-40609 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
|
|||||
| CVE-2021-40607 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
|
|||||
| CVE-2021-3912 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 4.3 MEDIUM | 4.2 MEDIUM |
|
OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).
|
|||||
| CVE-2021-3759 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.
|
|||||
| CVE-2021-3637 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack.
|
|||||
| CVE-2021-3527 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the ...
Show More |
|||||
| CVE-2021-3479 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.
|
|||||
| CVE-2021-3478 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
|
|||||
| CVE-2021-39912 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion.
|
|||||
| CVE-2021-39907 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage.
|
|||||
| CVE-2021-39670 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-204087139
|
|||||
| CVE-2021-39480 | 1 Bingrep Project | 1 Bingrep | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS).
|
|||||
| CVE-2021-39293 | 2 Golang, Netapp | 2 Go, Cloud Insights Telegraf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.
|
|||||
| CVE-2021-38465 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 4.0 MEDIUM | 8.0 HIGH |
|
The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable.
|
|||||
| CVE-2021-38463 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 5.5 MEDIUM | 7.3 HIGH |
|
The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions.
|
|||||
| CVE-2021-38244 | 1 Cbioportal Project | 1 Cbioportal | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json.
|
|||||
| CVE-2021-37629 | 1 Nextcloud | 1 Richdocuments | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled.
|
|||||
| CVE-2021-37111 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion.
|
|||||
| CVE-2021-36798 | 1 Helpsystems | 1 Cobalt Strike | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it.
|
|||||
| CVE-2021-36174 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs.
|
|||||
| CVE-2021-36155 | 1 Linuxfoundation | 1 Grpc Swift | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service.
|
|||||
| CVE-2021-35517 | 3 Apache, Netapp, Oracle | 27 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 24 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
|
|||||
| CVE-2021-35516 | 3 Apache, Netapp, Oracle | 24 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 21 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
|
|||||
| CVE-2021-35492 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker t ...
Show More |
|||||
| CVE-2021-35096 | 1 Qualcomm | 112 Ar8035, Ar8035 Firmware, Qca6390 and 109 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
|
|||||
| CVE-2021-34854 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability t ...
Show More |
|||||
| CVE-2021-34741 | 1 Cisco | 12 Asyncos, M170, M190 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email through Cisco ESA. A successful exploit could allow the attacker to exhaust all the available CPU resources on an ...
Show More |
|||||
| CVE-2021-34735 | 1 Cisco | 6 Ata 190, Ata 190 Firmware, Ata 191 and 3 more | 2024-11-21 | 7.8 HIGH | 8.8 HIGH |
|
Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2021-34710 | 1 Cisco | 6 Ata 190, Ata 190 Firmware, Ata 191 and 3 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2021-34568 | 1 Wago | 98 750-8100, 750-8100 Firmware, 750-8101 and 95 more | 2024-11-21 | N/A | 7.5 HIGH |
|
In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service.
|
|||||
| CVE-2021-34415 | 1 Zoom | 1 Meeting Connector | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash.
|
|||||
| CVE-2021-33831 | 1 Th-wildau | 1 Covid-19 Contact Tracing | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds.
|
|||||
| CVE-2021-33541 | 1 Phoenixcontact | 4 Ilc1x0, Ilc1x0 Firmware, Ilc1x1 and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC's network communication module. A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not aff ...
Show More |
|||||
| CVE-2021-33176 | 1 Octavolabs | 1 Vernemq | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.
|
|||||
| CVE-2021-33175 | 1 Emqx | 1 Emq X Broker | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.
|
|||||
| CVE-2021-33011 | 1 Jtekt | 54 2port-efr Thu-6404, 2port-efr Thu-6404 Firmware, Ef10 Tcu-6982 and 51 more | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
|
All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected devices.
|
|||||
| CVE-2021-32848 | 1 Octobox Project | 1 Octobox | 2024-11-21 | N/A | 7.5 HIGH |
|
Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807.
|
|||||