Total
1382 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41167 | 1 Modern-async Project | 1 Modern-async | 2024-11-21 | 7.5 High |
| modern-async is an open source JavaScript tooling library for asynchronous operations using async/await and promises. In affected versions a bug affecting two of the functions in this library: forEachSeries and forEachLimit. They should limit the concurrency of some actions but, in practice, they don't. Any code calling these functions will be written thinking they would limit the concurrency but they won't. This could lead to potential security issues in other projects. The problem has been patched in 1.0.4. There is no workaround. | ||||
| CVE-2021-40941 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 High |
| In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS). | ||||
| CVE-2021-40797 | 2 Openstack, Redhat | 2 Neutron, Openstack | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service. | ||||
| CVE-2021-40609 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | ||||
| CVE-2021-40607 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | ||||
| CVE-2021-3912 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2024-11-21 | 4.2 Medium |
| OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash). | ||||
| CVE-2021-3759 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3669 | 5 Debian, Fedoraproject, Ibm and 2 more | 24 Debian Linux, Fedora, Spectrum Copy Data Management and 21 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | ||||
| CVE-2021-3637 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Single Sign-on | 2024-11-21 | 7.5 High |
| A flaw was found in keycloak-model-infinispan in keycloak versions before 14.0.0 where authenticationSessions map in RootAuthenticationSessionEntity grows boundlessly which could lead to a DoS attack. | ||||
| CVE-2021-3607 | 3 Debian, Fedoraproject, Qemu | 3 Debian Linux, Fedora, Qemu | 2024-11-21 | 6.0 Medium |
| An integer overflow was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3527 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A flaw was found in the USB redirector device (usb-redir) of QEMU. Small USB packets are combined into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk transfer is used to dynamically allocate a variable length array (VLA) on the stack without proper validation. Since the total size is not bounded, a malicious guest could use this flaw to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service. | ||||
| CVE-2021-3479 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.5 Medium |
| There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. | ||||
| CVE-2021-3478 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.5 Medium |
| There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. | ||||
| CVE-2021-39912 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion. | ||||
| CVE-2021-39907 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage. | ||||
| CVE-2021-39670 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-204087139 | ||||
| CVE-2021-39480 | 1 Bingrep Project | 1 Bingrep | 2024-11-21 | 7.5 High |
| Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS). | ||||
| CVE-2021-39293 | 3 Golang, Netapp, Redhat | 7 Go, Cloud Insights Telegraf, Advanced Cluster Security and 4 more | 2024-11-21 | 7.5 High |
| In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. | ||||
| CVE-2021-38465 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 8 High |
| The webinstaller is a Golang web server executable that enables the generation of an Auvesy image agent. Resource consumption can be achieved by generating large amounts of installations, which are then saved without limitation in the temp folder of the webinstaller executable. | ||||
| CVE-2021-38463 | 1 Auvesy | 1 Versiondog | 2024-11-21 | 7.3 High |
| The affected product does not properly control the allocation of resources. A user may be able to allocate unlimited memory buffers using API functions. | ||||