Total
1153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36798 | 1 Helpsystems | 1 Cobalt Strike | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it. | |||||
| CVE-2021-36174 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs. | |||||
| CVE-2021-36155 | 1 Linuxfoundation | 1 Grpc Swift | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service. | |||||
| CVE-2021-35517 | 3 Apache, Netapp, Oracle | 27 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 24 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. | |||||
| CVE-2021-35516 | 3 Apache, Netapp, Oracle | 24 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 21 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. | |||||
| CVE-2021-35492 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.) | |||||
| CVE-2021-35096 | 1 Qualcomm | 112 Ar8035, Ar8035 Firmware, Qca6390 and 109 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-34854 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13544. | |||||
| CVE-2021-34741 | 1 Cisco | 12 Asyncos, M170, M190 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack against an affected device. This vulnerability is due to insufficient input validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email through Cisco ESA. A successful exploit could allow the attacker to exhaust all the available CPU resources on an affected device for an extended period of time, preventing other emails from being processed and resulting in a DoS condition. | |||||
| CVE-2021-34735 | 1 Cisco | 6 Ata 190, Ata 190 Firmware, Ata 191 and 3 more | 2024-11-21 | 7.8 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34710 | 1 Cisco | 6 Ata 190, Ata 190 Firmware, Ata 191 and 3 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-34568 | 1 Wago | 98 750-8100, 750-8100 Firmware, 750-8101 and 95 more | 2024-11-21 | N/A | 7.5 HIGH |
| In WAGO I/O-Check Service in multiple products an unauthenticated remote attacker can send a specially crafted packet containing OS commands to provoke a denial of service. | |||||
| CVE-2021-34415 | 1 Zoom | 1 Meeting Connector | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash. | |||||
| CVE-2021-33910 | 4 Debian, Fedoraproject, Netapp and 1 more | 5 Debian Linux, Fedora, Hci Management Node and 2 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. | |||||
| CVE-2021-33831 | 1 Th-wildau | 1 Covid-19 Contact Tracing | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds. | |||||
| CVE-2021-33541 | 1 Phoenixcontact | 4 Ilc1x0, Ilc1x0 Firmware, Ilc1x1 and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all versions/variants are affected by a Denial-of-Service vulnerability. The communication protocols and device access do not feature authentication measures. Remote attackers can use specially crafted IP packets to cause a denial of service on the PLC's network communication module. A successful attack stops all network communication. To restore the network connectivity the device needs to be restarted. The automation task is not affected. | |||||
| CVE-2021-33320 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with emails | |||||
| CVE-2021-33176 | 1 Octavolabs | 1 Vernemq | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system. | |||||
| CVE-2021-33175 | 1 Emqx | 1 Emq X Broker | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system. | |||||
| CVE-2021-33011 | 1 Jtekt | 54 2port-efr Thu-6404, 2port-efr Thu-6404 Firmware, Ef10 Tcu-6982 and 51 more | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series,TOYOPUC-PC3J/PC2J Series, TOYOPUC-Nano Series products may not be able to properly process an ICMP flood, which may allow an attacker to deny Ethernet communications between affected devices. | |||||