Total
1255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1333 | 4 Apache, Canonical, Netapp and 1 more | 6 Http Server, Ubuntu Linux, Cloud Backup and 3 more | 2021-06-06 | 5.0 MEDIUM | 7.5 HIGH |
| By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). | |||||
| CVE-2019-15538 | 6 Canonical, Debian, Fedoraproject and 3 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2021-06-02 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS. | |||||
| CVE-2021-21419 | 2 Eventlet, Fedoraproject | 2 Eventlet, Fedora | 2021-05-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process. | |||||
| CVE-2021-32918 | 4 Debian, Fedoraproject, Lua and 1 more | 4 Debian Linux, Fedora, Lua and 1 more | 2021-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3. | |||||
| CVE-2017-6444 | 1 Mikrotik | 2 Router Hap Lite, Routeros | 2021-05-25 | 7.8 HIGH | 7.5 HIGH |
| The MikroTik Router hAP Lite 6.25 has no protection mechanism for unsolicited TCP ACK packets in the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many ACK packets. After the attacker stops the exploit, the CPU usage is 100% and the router requires a reboot for normal operation. | |||||
| CVE-2021-29506 | 1 Graphhopper | 1 Graphhopper | 2021-05-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| GraphHopper is an open-source Java routing engine. In GrassHopper from version 2.0 and before version 2.4, there is a regular expression injection vulnerability that may lead to Denial of Service. This has been patched in 2.4 and 3.0 See this pull request for the fix: https://github.com/graphhopper/graphhopper/pull/2304 | |||||
| CVE-2021-32816 | 1 Protonmail | 1 Protonmail | 2021-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| ProtonMail Web Client is the official AngularJS web client for the ProtonMail secure email service. ProtonMail Web Client before version 3.16.60 has a regular expression denial-of-service vulnerability. This was fixed in commit 6687fb. There is a full report available in the referenced GHSL-2021-027. | |||||
| CVE-2021-23011 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, when the BIG-IP system is buffering packet fragments for reassembly, the Traffic Management Microkernel (TMM) may consume an excessive amount of resources, eventually leading to a restart and failover event. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-32455 | 1 Sitel-sa | 2 Cap\/prx, Cap\/prx Firmware | 2021-05-24 | 6.1 MEDIUM | 6.5 MEDIUM |
| SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access to the deviceĀ“s network to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending HTTP requests massively. | |||||
| CVE-2021-22139 | 1 Elastic | 1 Kibana | 2021-05-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kibana versions before 7.12.1 contain a denial of service vulnerability was found in the webhook actions due to a lack of timeout or a limit on the request size. An attacker with permissions to create webhook actions could drain the Kibana host connection pool, making Kibana unavailable for all other users. | |||||
| CVE-2021-32053 | 1 Fhir | 1 Hapi Fhir | 2021-05-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many simultaneous history requests. | |||||
| CVE-2021-30504 | 1 Jetbrains | 1 Intellij Idea | 2021-05-14 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation. | |||||
| CVE-2021-1275 | 1 Cisco | 1 Sd-wan Vmanage | 2021-05-13 | 7.8 HIGH | 7.5 HIGH |
| Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-31409 | 1 Vaadin | 1 Vaadin | 2021-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. | |||||
| CVE-2021-21391 | 1 Ckeditor | 8 Ckeditor5-engine, Ckeditor5-font, Ckeditor5-image and 5 more | 2021-05-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| CKEditor 5 provides a WYSIWYG editing solution. This CVE affects the following npm packages: ckeditor5-engine, ckeditor5-font, ckeditor5-image, ckeditor5-list, ckeditor5-markdown-gfm, ckeditor5-media-embed, ckeditor5-paste-from-office, and ckeditor5-widget. Following an internal audit, a regular expression denial of service (ReDoS) vulnerability has been discovered in multiple CKEditor 5 packages. The vulnerability allowed to abuse particular regular expressions, which could cause a significant performance drop resulting in a browser tab freeze. It affects all users using the CKEditor 5 packages listed above at version <= 26.0.0. The problem has been recognized and patched. The fix will be available in version 27.0.0. | |||||
| CVE-2021-1489 | 1 Cisco | 18 Firepower 1010, Firepower 1120, Firepower 1140 and 15 more | 2021-05-08 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in filesystem usage management for Cisco Firepower Device Manager (FDM) Software could allow an authenticated, remote attacker to exhaust filesystem resources, resulting in a denial of service (DoS) condition on an affected device. This vulnerability is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability by uploading files to the device and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. Manual intervention is required to free filesystem resources and return the device to an operational state. | |||||
| CVE-2020-28944 | 1 Open-xchange | 1 Ox Guard | 2021-05-07 | 5.0 MEDIUM | 7.5 HIGH |
| OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data. | |||||
| CVE-2020-36320 | 1 Vaadin | 1 Vaadin | 2021-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. | |||||
| CVE-2021-31405 | 1 Vaadin | 2 Flow, Vaadin | 2021-05-05 | 5.0 MEDIUM | 7.5 HIGH |
| Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. | |||||
| CVE-2019-13926 | 1 Siemens | 8 Scalance S602, Scalance S602 Firmware, Scalance S612 and 5 more | 2021-05-05 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SCALANCE S602 (All versions >= V3.0 and < V4.1), SCALANCE S612 (All versions >= V3.0 and < V4.1), SCALANCE S623 (All versions >= V3.0 and < V4.1), SCALANCE S627-2M (All versions >= V3.0 and < V4.1). Specially crafted packets sent to port 443/tcp of affected devices could cause a Denial-of-Service condition of the web server. A cold reboot is required to restore the functionality of the device. | |||||