Vulnerabilities (CVE)

Filtered by CWE-400
Total 2334 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3912 2 Cloudflare, Debian 2 Octorpki, Debian Linux 2024-11-21 4.3 MEDIUM 4.2 MEDIUM
OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).
CVE-2021-3909 2 Cloudflare, Debian 2 Octorpki, Debian Linux 2024-11-21 5.0 MEDIUM 4.4 MEDIUM
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive.
CVE-2021-3908 2 Cloudflare, Debian 2 Octorpki, Debian Linux 2024-11-21 5.0 MEDIUM 5.9 MEDIUM
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.
CVE-2021-3822 1 Jsoneditoronline 1 Jsoneditor 2024-11-21 5.0 MEDIUM 7.5 HIGH
jsoneditor is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3764 1 Linux 1 Linux Kernel 2024-11-21 N/A 5.5 MEDIUM
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
CVE-2021-3759 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 N/A 5.5 MEDIUM
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.
CVE-2021-3749 3 Axios, Oracle, Siemens 3 Axios, Goldengate, Sinec Ins 2024-11-21 7.8 HIGH 7.5 HIGH
axios is vulnerable to Inefficient Regular Expression Complexity
CVE-2021-3737 6 Canonical, Fedoraproject, Netapp and 3 more 17 Ubuntu Linux, Fedora, Hci and 14 more 2024-11-21 7.1 HIGH 7.5 HIGH
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
CVE-2021-3733 4 Fedoraproject, Netapp, Python and 1 more 20 Extra Packages For Enterprise Linux, Fedora, Hci Compute Node Firmware and 17 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
CVE-2021-3690 1 Redhat 8 Enterprise Linux, Fuse, Integration Camel K and 5 more 2024-11-21 N/A 7.5 HIGH
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.
CVE-2021-3679 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2024-11-21 2.1 LOW 5.5 MEDIUM
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.
CVE-2021-3670 3 Fedoraproject, Redhat, Samba 3 Fedora, Storage, Samba 2024-11-21 N/A 6.5 MEDIUM
MaxQueryDuration not honoured in Samba AD DC LDAP
CVE-2021-3669 5 Debian, Fedoraproject, Ibm and 2 more 24 Debian Linux, Fedora, Spectrum Copy Data Management and 21 more 2024-11-21 N/A 5.5 MEDIUM
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.
CVE-2021-3629 2 Netapp, Redhat 9 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 6 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.
CVE-2021-3622 2 Fedoraproject, Redhat 4 Fedora, Enterprise Linux, Enterprise Linux Workstation and 1 more 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.
CVE-2021-3479 2 Debian, Openexr 2 Debian Linux, Openexr 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability.
CVE-2021-3478 2 Debian, Openexr 2 Debian Linux, Openexr 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability.
CVE-2021-39942 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to potentially cause denial of service.
CVE-2021-39939 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager
CVE-2021-39938 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 3.1 LOW
A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands