Total
2334 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-3912 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 4.3 MEDIUM | 4.2 MEDIUM |
OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash). | |||||
CVE-2021-3909 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 4.4 MEDIUM |
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but does keep drip feeding new bytes to keep the connection alive. | |||||
CVE-2021-3908 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. | |||||
CVE-2021-3822 | 1 Jsoneditoronline | 1 Jsoneditor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
jsoneditor is vulnerable to Inefficient Regular Expression Complexity | |||||
CVE-2021-3764 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. | |||||
CVE-2021-3759 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. | |||||
CVE-2021-3749 | 3 Axios, Oracle, Siemens | 3 Axios, Goldengate, Sinec Ins | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
axios is vulnerable to Inefficient Regular Expression Complexity | |||||
CVE-2021-3737 | 6 Canonical, Fedoraproject, Netapp and 3 more | 17 Ubuntu Linux, Fedora, Hci and 14 more | 2024-11-21 | 7.1 HIGH | 7.5 HIGH |
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. | |||||
CVE-2021-3733 | 4 Fedoraproject, Netapp, Python and 1 more | 20 Extra Packages For Enterprise Linux, Fedora, Hci Compute Node Firmware and 17 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | |||||
CVE-2021-3690 | 1 Redhat | 8 Enterprise Linux, Fuse, Integration Camel K and 5 more | 2024-11-21 | N/A | 7.5 HIGH |
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability. | |||||
CVE-2021-3679 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service. | |||||
CVE-2021-3670 | 3 Fedoraproject, Redhat, Samba | 3 Fedora, Storage, Samba | 2024-11-21 | N/A | 6.5 MEDIUM |
MaxQueryDuration not honoured in Samba AD DC LDAP | |||||
CVE-2021-3669 | 5 Debian, Fedoraproject, Ibm and 2 more | 24 Debian Linux, Fedora, Spectrum Copy Data Management and 21 more | 2024-11-21 | N/A | 5.5 MEDIUM |
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | |||||
CVE-2021-3629 | 2 Netapp, Redhat | 9 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 6 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. | |||||
CVE-2021-3622 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Enterprise Linux Workstation and 1 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability. | |||||
CVE-2021-3479 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. | |||||
CVE-2021-3478 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. | |||||
CVE-2021-39942 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to potentially cause denial of service. | |||||
CVE-2021-39939 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager | |||||
CVE-2021-39938 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 3.1 LOW |
A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker to cause uncontrolled resource consumption leading to Denial of Service via specially crafted deploy Slash commands |