Vulnerabilities (CVE)

Filtered by CWE-400
Total 954 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-23852 1 Bosch 10 Cpp13, Cpp13 Firmware, Cpp4 and 7 more 2021-06-17 4.0 MEDIUM 4.9 MEDIUM
An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS).
CVE-2020-15386 1 Netapp 1 Brocade Fabric Os 2021-06-17 5.0 MEDIUM 5.3 MEDIUM
Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2.2d may observe high CPU load during security scanning, which could lead to a slower response to CLI commands and other operations.
CVE-2016-4571 2 Debian, Mini-xml Project 2 Debian Linux, Mini-xml 2021-06-17 7.1 HIGH 5.5 MEDIUM
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
CVE-2017-7670 1 Apache 1 Traffic Control 2021-06-16 5.0 MEDIUM 7.5 HIGH
The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol.
CVE-2020-15383 1 Broadcom 1 Brocade Fabric 2021-06-16 5.0 MEDIUM 7.5 HIGH
Running security scans against the SAN switch can cause config and secnotify processes within the firmware before Brocade Fabric OS v9.0.0, v8.2.2d and v8.2.1e to consume all memory leading to denial of service impacts possibly including a switch panic.
CVE-2016-4570 2 Debian, Mini-xml Project 2 Debian Linux, Mini-xml 2021-06-16 7.1 HIGH 5.5 MEDIUM
The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
CVE-2021-1564 1 Cisco 4 Video Surveillance 7070, Video Surveillance 7070 Firmware, Video Surveillance 7530pd and 1 more 2021-06-16 6.1 MEDIUM 6.5 MEDIUM
Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain Cisco Discovery Protocol and LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted Cisco Discovery Protocol or LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
CVE-2021-22174 3 Fedoraproject, Oracle, Wireshark 3 Fedora, Zfs Storage Appliance, Wireshark 2021-06-16 5.0 MEDIUM 7.5 HIGH
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
CVE-2021-22883 4 Fedoraproject, Netapp, Nodejs and 1 more 5 Fedora, E-series Performance Analyzer, Node.js and 2 more 2021-06-16 7.8 HIGH 7.5 HIGH
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory.
CVE-2020-12291 1 Intel 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more 2021-06-15 2.1 LOW 5.5 MEDIUM
Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-12296 1 Intel 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more 2021-06-15 2.1 LOW 5.5 MEDIUM
Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
CVE-2021-22216 1 Gitlab 1 Gitlab 2021-06-15 4.0 MEDIUM 6.5 MEDIUM
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description
CVE-2021-22217 1 Gitlab 1 Gitlab 2021-06-15 4.0 MEDIUM 6.5 MEDIUM
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request
CVE-2021-1563 1 Cisco 4 Video Surveillance 7070, Video Surveillance 7070 Firmware, Video Surveillance 7530pd and 1 more 2021-06-14 6.1 MEDIUM 6.5 MEDIUM
Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain Cisco Discovery Protocol and LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted Cisco Discovery Protocol or LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
CVE-2020-8277 4 C-ares Project, Fedoraproject, Nodejs and 1 more 4 C-ares, Fedora, Node.js and 1 more 2021-06-14 5.0 MEDIUM 7.5 HIGH
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
CVE-2020-11612 4 Debian, Fedoraproject, Netapp and 1 more 6 Debian Linux, Fedora, Oncommand Api Services and 3 more 2021-06-14 5.0 MEDIUM 7.5 HIGH
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
CVE-2020-27223 2 Apache, Eclipse 3 Nifi, Spark, Jetty 2021-06-14 4.3 MEDIUM 5.3 MEDIUM
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
CVE-2019-20812 1 Linux 1 Linux Kernel 2021-06-14 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.
CVE-2020-7760 1 Codemirror 1 Codemirror 2021-06-14 5.0 MEDIUM 5.3 MEDIUM
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*
CVE-2019-19922 1 Linux 1 Linux Kernel 2021-06-14 2.1 LOW 5.5 MEDIUM
kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.)