Total
2505 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36716 | 1 Segment | 1 Is-email | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU. | |||||
| CVE-2021-36310 | 1 Dell | 1 Networking Os10 | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
| Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service. | |||||
| CVE-2021-36187 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0, version 6.3.15 and below, 6.2.5 and below allows attacker to cause a denial of service for webserver daemon via crafted HTTP requests | |||||
| CVE-2021-35559 | 4 Debian, Fedoraproject, Netapp and 1 more | 14 Debian Linux, Fedora, Active Iq Unified Manager and 11 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2021-34792 | 1 Cisco | 18 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 15 more | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management when connection rates are high. An attacker could exploit this vulnerability by opening a significant number of connections on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2021-34549 | 1 Torproject | 1 Tor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency. | |||||
| CVE-2021-33824 | 1 Moxa | 2 Mgate Mb3180, Mgate Mb3180 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 18113012. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. | |||||
| CVE-2021-33822 | 1 Sing4g | 2 4gee Router Hh70vb, 4gee Router Hh70vb Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. | |||||
| CVE-2021-33818 | 1 Ui | 2 Camera G3 Flex, Camera G3 Flex Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service. | |||||
| CVE-2021-33623 | 3 Debian, Netapp, Trim-newlines Project | 3 Debian Linux, E-series Performance Analyzer, Trim-newlines | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method. | |||||
| CVE-2021-33609 | 1 Vaadin | 1 Vaadin | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by requesting too many rows of data. | |||||
| CVE-2021-33580 | 1 Apache | 1 Roller | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2. | |||||
| CVE-2021-33503 | 3 Fedoraproject, Oracle, Python | 5 Fedora, Enterprise Manager Ops Center, Instantis Enterprisetrack and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect. | |||||
| CVE-2021-33073 | 1 Intel | 1 Distribution Of Openvino Toolkit | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINOâ„¢ Toolkit before version 2021.4 may allow an unauthenticated user to potentially enable denial of service via local access. | |||||
| CVE-2021-32918 | 4 Debian, Fedoraproject, Lua and 1 more | 4 Debian Linux, Fedora, Lua and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3. | |||||
| CVE-2021-32839 | 1 Sqlparse Project | 1 Sqlparse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround don't use the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. The issues has been fixed in sqlparse 0.4.2. | |||||
| CVE-2021-32838 | 2 Fedoraproject, Flask-restx Project | 2 Fedora, Flask-restx | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Flask-RESTX (pypi package flask-restx) is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS (Regular Expression Denial of Service) in email_regex. This is fixed in version 0.5.1. | |||||
| CVE-2021-32832 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions could lead potentially to Denial of Service. This was fixed in versions 3.11.3, 3.12.2, and 3.13. | |||||
| CVE-2021-32823 | 2 Bindata Project, Gitlab | 2 Bindata, Gitlab | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers. | |||||
| CVE-2021-32821 | 1 Mootools | 1 Mootools | 2024-11-21 | N/A | 6.2 MEDIUM |
| MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue. | |||||