Total
470 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23010 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 7.5 High |
| On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-22677 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | 4.3 Medium |
| A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. Video self-preview in a webRTC call may be interrupted if the user answers a phone call. | ||||
| CVE-2022-1473 | 3 Netapp, Openssl, Redhat | 44 A250, A250 Firmware, A700s and 41 more | 2024-11-21 | 7.5 High |
| The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). | ||||
| CVE-2022-1289 | 1 Tildearrow | 1 Furnace | 2024-11-21 | 4.3 Medium |
| A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce. | ||||
| CVE-2022-1210 | 2 Libtiff, Netapp | 2 Libtiff, Ontap Select Deploy Administration Utility | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-0396 | 5 Fedoraproject, Isc, Netapp and 2 more | 20 Fedora, Bind, H300e and 17 more | 2024-11-21 | 5.3 Medium |
| BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. | ||||
| CVE-2021-4433 | 1 Karjasoft | 1 Sami Http Server | 2024-11-21 | 5.3 Medium |
| A vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has been classified as problematic. Affected is an unknown function of the component HTTP HEAD Rrequest Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250836. | ||||
| CVE-2021-4432 | 1 Pcman Ftp Server Project | 1 Pcman Ftp Server | 2024-11-21 | 5.3 Medium |
| A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as problematic. This affects an unknown part of the component USER Command Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250719. | ||||
| CVE-2021-4280 | 1 Styler Praat Scripts Project | 1 Styler Praat Scripts | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in styler_praat_scripts. It has been classified as problematic. Affected is an unknown function of the file file_segmenter.praat of the component Slash Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The name of the patch is 0cad44aa4a3eb0ecdba071c10eaff16023d8b35f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216780. | ||||
| CVE-2021-4250 | 1 Active Attr Project | 1 Active Attr | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic has been found in cgriego active_attr up to 0.15.2. This affects the function call of the file lib/active_attr/typecasting/boolean_typecaster.rb of the component Regex Handler. The manipulation of the argument value leads to denial of service. The exploit has been disclosed to the public and may be used. Upgrading to version 0.15.3 is able to address this issue. The name of the patch is dab95e5843b01525444b82bd7b336ef1d79377df. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216207. | ||||
| CVE-2021-4249 | 1 Haskell | 1 Xml-conduit | 2024-11-21 | 4.3 Medium |
| A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack remotely. Upgrading to version 1.9.1.0 is able to address this issue. The name of the patch is 4be1021791dcdee8b164d239433a2043dc0939ea. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216204. | ||||
| CVE-2021-4247 | 1 Owasp | 1 Nodegoat | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of the file app/routes/research.js of the component Query Parameter Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The name of the patch is 4a4d1db74c63fb4ff8d366551c3af006c25ead12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216184. | ||||
| CVE-2021-46702 | 2 Microsoft, Torproject | 2 Windows, Tor | 2024-11-21 | 5.5 Medium |
| Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accomplished by analyzing RAM memory even several hours after the local user used the product. This occurs because the product doesn't properly free memory. | ||||
| CVE-2021-46322 | 1 Duktape Project | 1 Duktape | 2024-11-21 | 5.5 Medium |
| Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c. | ||||
| CVE-2021-45829 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 5.5 Medium |
| HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service. | ||||
| CVE-2021-44717 | 4 Debian, Golang, Opengroup and 1 more | 10 Debian Linux, Go, Unix and 7 more | 2024-11-21 | 4.8 Medium |
| Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | ||||
| CVE-2021-43611 | 1 Linphone | 1 Belle-sip | 2024-11-21 | 7.5 High |
| Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via " \ " in the display name of a From header. | ||||
| CVE-2021-41441 | 1 Dlink | 2 Dir-x1860, Dir-x1860 Firmware | 2024-11-21 | 7.4 High |
| A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot. | ||||
| CVE-2021-40833 | 3 Apple, F-secure, Microsoft | 7 Macos, Atlant, Elements Endpoint Protection and 4 more | 2024-11-21 | 5.5 Medium |
| A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. | ||||
| CVE-2021-40546 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2024-11-21 | 4.9 Medium |
| Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi. | ||||