Total
882 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39480 | 1 Bingrep Project | 1 Bingrep | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS). | |||||
| CVE-2021-39293 | 2 Golang, Netapp | 2 Go, Cloud Insights Telegraf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. | |||||
| CVE-2021-38465 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 4.0 MEDIUM | 8.0 HIGH |
| The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable. | |||||
| CVE-2021-38463 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 5.5 MEDIUM | 7.3 HIGH |
| The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions. | |||||
| CVE-2021-38244 | 1 Cbioportal Project | 1 Cbioportal | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json. | |||||
| CVE-2021-37629 | 1 Nextcloud | 1 Richdocuments | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled. | |||||
| CVE-2021-37111 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion. | |||||
| CVE-2021-36798 | 1 Helpsystems | 1 Cobalt Strike | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it. | |||||
| CVE-2021-36630 | 1 Ruckuswireless | 8 Sz-100, Sz-100 Firmware, Sz-144 and 5 more | 2024-11-21 | N/A | 7.5 HIGH |
| DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request. | |||||
| CVE-2021-36174 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs. | |||||
| CVE-2021-36155 | 1 Linuxfoundation | 1 Grpc Swift | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service. | |||||
| CVE-2021-35517 | 3 Apache, Netapp, Oracle | 27 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 24 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. | |||||
| CVE-2021-35516 | 3 Apache, Netapp, Oracle | 24 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 21 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. | |||||
| CVE-2021-35492 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.) | |||||
| CVE-2021-35096 | 1 Qualcomm | 112 Ar8035, Ar8035 Firmware, Qca6390 and 109 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-34854 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13544. | |||||
| CVE-2021-34741 | 1 Cisco | 12 Asyncos, M170, M190 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email through Cisco ESA. A successful exploit could allow the attacker to exhaust all the available CPU resources on an affected device for an extended period of time, preventing other emails from being processed and resulting in a DoS condition. | |||||
| CVE-2021-34568 | 1 Wago | 98 750-8100, 750-8100 Firmware, 750-8101 and 95 more | 2024-11-21 | N/A | 7.5 HIGH |
| In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service. | |||||
| CVE-2021-34415 | 1 Zoom | 1 Meeting Connector | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash. | |||||
| CVE-2021-33910 | 4 Debian, Fedoraproject, Netapp and 1 more | 5 Debian Linux, Fedora, Hci Management Node and 2 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | |||||