Export limit exceeded: 339825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6165 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3909 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 4.4 Medium |
| OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive. | ||||
| CVE-2021-3908 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 5.9 Medium |
| OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. | ||||
| CVE-2021-3905 | 4 Canonical, Fedoraproject, Openvswitch and 1 more | 5 Ubuntu Linux, Fedora, Openvswitch and 2 more | 2024-11-21 | 7.5 High |
| A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments. | ||||
| CVE-2021-3822 | 1 Jsoneditoronline | 1 Jsoneditor | 2024-11-21 | 7.5 High |
| jsoneditor is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3807 | 3 Ansi-regex Project, Oracle, Redhat | 10 Ansi-regex, Communications Cloud Native Core Policy, Acm and 7 more | 2024-11-21 | 7.5 High |
| ansi-regex is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3803 | 2 Debian, Nth-check Project | 2 Debian Linux, Nth-check | 2024-11-21 | 7.5 High |
| nth-check is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3801 | 2 Prismjs, Redhat | 2 Prism, Advanced Cluster Security | 2024-11-21 | 6.5 Medium |
| prism is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3795 | 2 Redhat, Semver-regex Project | 2 Acm, Semver-regex | 2024-11-21 | 7.5 High |
| semver-regex is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3764 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3759 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3749 | 4 Axios, Oracle, Redhat and 1 more | 9 Axios, Goldengate, Acm and 6 more | 2024-11-21 | 7.5 High |
| axios is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3744 | 5 Debian, Fedoraproject, Linux and 2 more | 24 Debian Linux, Fedora, Linux Kernel and 21 more | 2024-11-21 | 5.5 Medium |
| A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. | ||||
| CVE-2021-3736 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information. | ||||
| CVE-2021-3690 | 1 Redhat | 14 Camel Quarkus, Enterprise Linux, Fuse and 11 more | 2024-11-21 | 7.5 High |
| A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability. | ||||
| CVE-2021-3679 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service. | ||||
| CVE-2021-3629 | 2 Netapp, Redhat | 14 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 11 more | 2024-11-21 | 5.9 Medium |
| A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. | ||||
| CVE-2021-3622 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Enterprise Linux Workstation and 1 more | 2024-11-21 | 4.3 Medium |
| A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3574 | 2 Fedoraproject, Imagemagick | 2 Fedora, Imagemagick | 2024-11-21 | 3.3 Low |
| A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. | ||||
| CVE-2021-3544 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 6.5 Medium |
| Several memory leaks were found in the virtio vhost-user GPU device (vhost-user-gpu) of QEMU in versions up to and including 6.0. They exist in contrib/vhost-user-gpu/vhost-user-gpu.c and contrib/vhost-user-gpu/virgl.c due to improper release of memory (i.e., free) after effective lifetime. | ||||
| CVE-2021-3541 | 4 Netapp, Oracle, Redhat and 1 more | 29 Active Iq Unified Manager, Cloud Backup, Clustered Data Ontap and 26 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. | ||||