Total
1382 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1121 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption. | ||||
| CVE-2022-0669 | 3 Dpdk, Openvswitch, Redhat | 4 Data Plane Development Kit, Openvswitch, Enterprise Linux and 1 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. | ||||
| CVE-2022-0480 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2024-11-21 | 5.5 Medium |
| A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks. | ||||
| CVE-2022-0084 | 1 Redhat | 9 Integration Camel K, Integration Camel Quarkus, Jboss Data Grid and 6 more | 2024-11-21 | 7.5 High |
| A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. | ||||
| CVE-2021-46149 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 High |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search. | ||||
| CVE-2021-46050 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 5.5 Medium |
| A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function. | ||||
| CVE-2021-45699 | 1 Nervos | 1 Ckb | 2024-11-21 | 7.5 High |
| An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap. | ||||
| CVE-2021-44988 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.8 High |
| Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c. | ||||
| CVE-2021-44591 | 1 Libming | 1 Libming | 2024-11-21 | 6.5 Medium |
| In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file. | ||||
| CVE-2021-44590 | 1 Libming | 1 Libming | 2024-11-21 | 6.5 Medium |
| In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability. | ||||
| CVE-2021-44502 | 1 Fisglobal | 1 Gt.m | 2024-11-21 | 7.5 High |
| An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size of a memset that occurs in calls to util_format in sr_unix/util_output.c. | ||||
| CVE-2021-43662 | 1 Totolink | 4 A720r, A720r Firmware, Ex300 V2 and 1 more | 2024-11-21 | 6.5 Medium |
| totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. | ||||
| CVE-2021-43045 | 1 Apache | 1 Avro | 2024-11-21 | 7.5 High |
| A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue. | ||||
| CVE-2021-41840 | 1 Insyde | 1 Insydeh2o | 2024-11-21 | 8.2 High |
| An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 in Insyde InsydeH2O. There is an SMM callout that allows an attacker to access the System Management Mode and execute arbitrary code. This occurs because of Inclusion of Functionality from an Untrusted Control Sphere. | ||||
| CVE-2021-41800 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 5.3 Medium |
| MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled. | ||||
| CVE-2021-41799 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 7.5 High |
| MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan. | ||||
| CVE-2021-41593 | 1 Lightning Network Daemon Project | 1 Lightning Network Daemon | 2024-11-21 | 8.6 High |
| Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure. | ||||
| CVE-2021-41592 | 1 Elementsproject | 1 C-lightning | 2024-11-21 | 9.4 Critical |
| Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. | ||||
| CVE-2021-41591 | 1 Acinq | 1 Eclair | 2024-11-21 | 9.4 Critical |
| ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. | ||||
| CVE-2021-41546 | 1 Siemens | 20 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Rx1400 and 17 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service. | ||||