Total
1241 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39912 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion. | ||||
| CVE-2021-39907 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage. | ||||
| CVE-2021-39670 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-204087139 | ||||
| CVE-2021-39480 | 1 Bingrep Project | 1 Bingrep | 2024-11-21 | 7.5 High |
| Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS). | ||||
| CVE-2021-39293 | 3 Golang, Netapp, Redhat | 7 Go, Cloud Insights Telegraf, Advanced Cluster Security and 4 more | 2024-11-21 | 7.5 High |
| In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. | ||||
| CVE-2021-38465 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 8 High |
| The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable. | ||||
| CVE-2021-38463 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 7.3 High |
| The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions. | ||||
| CVE-2021-38244 | 1 Cbioportal Project | 1 Cbioportal | 2024-11-21 | 7.5 High |
| A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json. | ||||
| CVE-2021-37629 | 1 Nextcloud | 1 Richdocuments | 2024-11-21 | 5.3 Medium |
| Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled. | ||||
| CVE-2021-37111 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 7.5 High |
| There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion. | ||||
| CVE-2021-36798 | 1 Helpsystems | 1 Cobalt Strike | 2024-11-21 | 7.5 High |
| A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it. | ||||
| CVE-2021-36630 | 1 Ruckuswireless | 8 Sz-100, Sz-100 Firmware, Sz-144 and 5 more | 2024-11-21 | 7.5 High |
| DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request. | ||||
| CVE-2021-36374 | 2 Apache, Oracle | 36 Ant, Agile Engineering Data Management, Agile Plm and 33 more | 2024-11-21 | 5.5 Medium |
| When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. | ||||
| CVE-2021-36373 | 3 Apache, Oracle, Redhat | 33 Ant, Agile Plm, Banking Trade Finance and 30 more | 2024-11-21 | 5.5 Medium |
| When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected. | ||||
| CVE-2021-36174 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 4.3 Medium |
| A memory allocation with excessive size value vulnerability in the license verification function of FortiPortal before 6.0.6 may allow an attacker to perform a denial of service attack via specially crafted license blobs. | ||||
| CVE-2021-36155 | 1 Linuxfoundation | 1 Grpc Swift | 2024-11-21 | 7.5 High |
| LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service. | ||||
| CVE-2021-36090 | 4 Apache, Netapp, Oracle and 1 more | 36 Commons Compress, Active Iq Unified Manager, Oncommand Insight and 33 more | 2024-11-21 | 7.5 High |
| When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. | ||||
| CVE-2021-35586 | 5 Debian, Fedoraproject, Netapp and 2 more | 18 Debian Linux, Fedora, Active Iq Unified Manager and 15 more | 2024-11-21 | 5.3 Medium |
| Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2021-35561 | 5 Debian, Fedoraproject, Netapp and 2 more | 18 Debian Linux, Fedora, Active Iq Unified Manager and 15 more | 2024-11-21 | 5.3 Medium |
| Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2021-35559 | 5 Debian, Fedoraproject, Netapp and 2 more | 18 Debian Linux, Fedora, Active Iq Unified Manager and 15 more | 2024-11-21 | 5.3 Medium |
| Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||