Vulnerabilities (CVE)

Filtered by CWE-404
Total 284 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-1098 1 Nvidia 1 Virtual Gpu 2023-12-10 4.6 MEDIUM 7.8 HIGH
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it doesn't release some resources during driver unload requests from guests. This flaw allows a malicious guest to perform operations by reusing those resources, which may lead to information disclosure, data tampering, or denial of service. This affects vGPU version 12.x (prior to 12.3), version 11.x (prior to 11.5) and version 8.x (prior 8.8).
CVE-2021-38623 1 Deferred Image Processing Project 1 Deferred Image Processing 2023-12-10 5.0 MEDIUM 7.5 HIGH
The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption.
CVE-2021-21003 1 Phoenixcontact 30 Fl Nat Smn 8tx, Fl Nat Smn 8tx-m, Fl Nat Smn 8tx-m Firmware and 27 more 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the device is not affected.
CVE-2013-1054 1 Canonical 2 Ubuntu Linux, Unity-firefox-extension 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.
CVE-2013-1055 1 Canonical 2 Ubuntu Linux, Unity-firefox-extension 2023-12-10 4.3 MEDIUM 4.3 MEDIUM
The unity-firefox-extension package could be tricked into dropping a C callback which was still in use, which Firefox would then free, causing Firefox to crash. This could be achieved by adding an action to the launcher and updating it with new callbacks until the libunity-webapps rate limit was hit. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 of unity-firefox-extension and in all versions of libunity-webapps by shipping an empty unity-firefox-extension package, thus disabling the extension entirely and invalidating the attack against the libunity-webapps package.
CVE-2021-1077 1 Nvidia 1 Gpu Display Driver 2023-12-10 2.1 LOW 5.5 MEDIUM
NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.
CVE-2021-29962 1 Mozilla 1 Firefox 2023-12-10 4.3 MEDIUM 4.3 MEDIUM
Firefox for Android would become unstable and hard-to-recover when a website opened too many popups. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 89.
CVE-2021-26906 1 Digium 2 Asterisk, Certified Asterisk 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.
CVE-2020-27283 1 Redlion 1 Crimson 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.
CVE-2019-19343 2 Netapp, Redhat 4 Active Iq Unified Manager, Jboss-remoting, Jboss Enterprise Application Platform and 1 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.
CVE-2020-26411 1 Gitlab 1 Gitlab 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.
CVE-2020-28327 2 Asterisk, Digium 2 Open Source, Certified Asterisk 2023-12-10 2.1 LOW 5.3 MEDIUM
A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.
CVE-2020-4756 1 Ibm 2 Elastic Storage Server, Spectrum Scale 2023-12-10 4.9 MEDIUM 5.5 MEDIUM
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-Force ID: 188599.
CVE-2020-26070 1 Cisco 12 Asr 9000v, Asr 9001, Asr 9006 and 9 more 2023-12-10 7.8 HIGH 8.6 HIGH
A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when an affected device processes network traffic in software switching mode (punted). An attacker could exploit this vulnerability by sending specific streams of Layer 2 or Layer 3 protocol data units (PDUs) to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could make the device unable to process or forward traffic, resulting in a DoS condition. The device would need to be restarted to regain functionality.
CVE-2020-3555 1 Cisco 3 Adaptive Security Appliance, Adaptive Security Appliance Software, Firepower Threat Defense 2023-12-10 7.8 HIGH 7.5 HIGH
A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to a watchdog timeout and crash during the cleanup of threads that are associated with a SIP connection that is being deleted from the connection list. An attacker could exploit this vulnerability by sending a high rate of crafted SIP traffic through an affected device. A successful exploit could allow the attacker to cause a watchdog timeout and crash, resulting in a crash and reload of the affected device.
CVE-2020-24360 1 Arista 27 7280cr2ak-30, 7280cr2k-60, 7280cr3-32d4 and 24 more 2023-12-10 6.1 MEDIUM 7.4 HIGH
An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train.
CVE-2020-12049 2 Canonical, Freedesktop 2 Ubuntu Linux, Dbus 2023-12-10 4.9 MEDIUM 5.5 MEDIUM
An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.
CVE-2020-14642 1 Oracle 1 Coherence 2023-12-10 7.8 HIGH 7.5 HIGH
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: CacheStore). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-12758 1 Hashicorp 1 Consul 2023-12-10 5.0 MEDIUM 7.5 HIGH
HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4.
CVE-2020-12439 1 Grin 1 Grin 2023-12-10 5.0 MEDIUM 5.3 MEDIUM
Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain.