Vulnerabilities (CVE)

Filtered by CWE-400
Total 1033 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-26260 3 Debian, Fedoraproject, Openexr 3 Debian Linux, Fedora, Openexr 2021-12-01 4.3 MEDIUM 5.5 MEDIUM
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215.
CVE-2021-23215 3 Debian, Fedoraproject, Openexr 3 Debian Linux, Fedora, Openexr 2021-12-01 4.3 MEDIUM 5.5 MEDIUM
An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.
CVE-2018-14659 2 Debian, Redhat 6 Debian Linux, Enterprise Linux, Enterprise Linux Server and 3 more 2021-11-30 4.0 MEDIUM 6.5 MEDIUM
The Gluster file system through versions 4.1.4 and 3.1.2 is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory.
CVE-2021-21348 4 Debian, Fedoraproject, Oracle and 1 more 12 Debian Linux, Fedora, Banking Enterprise Default Management and 9 more 2021-11-30 7.8 HIGH 7.5 HIGH
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21341 4 Debian, Fedoraproject, Oracle and 1 more 12 Debian Linux, Fedora, Banking Enterprise Default Management and 9 more 2021-11-30 5.0 MEDIUM 7.5 HIGH
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2018-14660 3 Debian, Gluster, Redhat 6 Debian Linux, Glusterfs, Enterprise Linux and 3 more 2021-11-30 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node.
CVE-2020-36332 4 Debian, Netapp, Redhat and 1 more 4 Debian Linux, Ontap Select Deploy Administration Utility, Enterprise Linux and 1 more 2021-11-30 5.0 MEDIUM 7.5 HIGH
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
CVE-2018-11056 1 Dell 2 Bsafe, Bsafe Crypto-c 2021-11-30 4.0 MEDIUM 6.5 MEDIUM
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.
CVE-2021-42120 1 Businessdnasolutions 1 Topease 2021-11-30 4.0 MEDIUM 6.5 MEDIUM
Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on all object attributes allows an authenticated remote attacker with Object Modification privileges to insert arbitrarily long strings, eventually leading to exhaustion of the underlying resource.
CVE-2021-41229 2 Bluez, Debian 2 Bluez, Debian Linux 2021-11-29 3.3 LOW 6.5 MEDIUM
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.
CVE-2021-24894 1 Implecode 1 Reviews Plus 2021-11-29 4.0 MEDIUM 6.5 MEDIUM
The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page
CVE-2021-20600 1 Mitsubishielectric 2 R12ccpu-v, R12ccpu-v Firmware 2021-11-28 4.3 MEDIUM 5.9 MEDIUM
Uncontrolled resource consumption in MELSEC iQ-R series C Controller Module R12CCPU-V all versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up. System reset is required for recovery.
CVE-2021-21274 2 Fedoraproject, Matrix 2 Fedora, Synapse 2021-11-23 4.3 MEDIUM 6.5 MEDIUM
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.
CVE-2021-36310 1 Dell 1 Networking Os10 2021-11-23 6.8 MEDIUM 4.9 MEDIUM
Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to a denial of service.
CVE-2021-22965 1 Pulsesecure 1 Pulse Connect Secure 2021-11-23 7.8 HIGH 7.5 HIGH
A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device.
CVE-2021-0182 1 Intel 1 Hardware Accelerated Execution Manager 2021-11-22 2.1 LOW 6.2 MEDIUM
Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable information disclosure via local access.
CVE-2021-0180 1 Intel 1 Hardware Accelerated Execution Manager 2021-11-22 4.6 MEDIUM 8.4 HIGH
Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access.
CVE-2021-33073 1 Intel 1 Distribution Of Openvino Toolkit 2021-11-22 2.1 LOW 5.5 MEDIUM
Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINOâ„¢ Toolkit before version 2021.4 may allow an unauthenticated user to potentially enable denial of service via local access.
CVE-2013-7470 1 Linux 1 Linux Kernel 2021-11-17 7.1 HIGH 5.9 MEDIUM
cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310.
CVE-2021-41145 1 Freeswitch 1 Freeswitch 2021-11-17 5.0 MEDIUM 7.5 HIGH
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion. By abusing this vulnerability, an attacker is able to crash any FreeSWITCH instance by flooding it with SIP messages, leading to Denial of Service. The attack does not require authentication and can be carried out over UDP, TCP or TLS. This issue was patched in version 1.10.7.