Total
882 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1708 | 3 Fedoraproject, Kubernetes, Redhat | 4 Fedora, Cri-o, Enterprise Linux and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability. | |||||
| CVE-2022-1428 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was incorrectly verifying throttling limits for authenticated package requests which resulted in limits not being enforced. | |||||
| CVE-2022-1337 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files. | |||||
| CVE-2022-1333 | 1 Mattermost | 1 Playbooks | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service. | |||||
| CVE-2022-1325 | 1 Cimg | 1 Cimg | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer. | |||||
| CVE-2022-1121 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption. | |||||
| CVE-2022-0480 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
| A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks. | |||||
| CVE-2022-0084 | 1 Redhat | 4 Integration Camel K, Integration Camel Quarkus, Single Sign-on and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. | |||||
| CVE-2021-47551 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdkfd: Fix kernel panic when reset failed and been triggered again In SRIOV configuration, the reset may failed to bring asic back to normal but stop cpsch already been called, the start_cpsch will not be called since there is no resume in this case. When reset been triggered again, driver should avoid to do uninitialization again. | |||||
| CVE-2021-47137 | 2024-11-21 | N/A | 7.8 HIGH | ||
| In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter. | |||||
| CVE-2021-47057 | 2024-11-21 | N/A | 5.5 MEDIUM | ||
| In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of object d when dma_iv fails to map In the case where the dma_iv mapping fails, the return error path leaks the memory allocated to object d. Fix this by adding a new error return label and jumping to this to ensure d is free'd before the return. Addresses-Coverity: ("Resource leak") | |||||
| CVE-2021-46877 | 1 Fasterxml | 1 Jackson-databind | 2024-11-21 | N/A | 7.5 HIGH |
| jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. | |||||
| CVE-2021-46050 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function. | |||||
| CVE-2021-45699 | 1 Nervos | 1 Ckb | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap. | |||||
| CVE-2021-44988 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c. | |||||
| CVE-2021-44591 | 1 Libming | 1 Libming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file. | |||||
| CVE-2021-44590 | 1 Libming | 1 Libming | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability. | |||||
| CVE-2021-44502 | 1 Fisglobal | 1 Gt.m | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size of a memset that occurs in calls to util_format in sr_unix/util_output.c. | |||||
| CVE-2021-43662 | 1 Totolink | 4 A720r, A720r Firmware, Ex300 V2 and 1 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. | |||||
| CVE-2021-43045 | 1 Apache | 1 Avro | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue. | |||||