Total
540 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-43662 | 1 Totolink | 4 A720r, A720r Firmware, Ex300 V2 and 1 more | 2022-07-12 | 3.3 LOW | 6.5 MEDIUM |
totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. | |||||
CVE-2021-33831 | 1 Th-wildau | 1 Covid-19 Contact Tracing | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds. | |||||
CVE-2020-5802 | 1 Rockwellautomation | 1 Factorytalk Linx | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected. | |||||
CVE-2021-41591 | 1 Acinq | 1 Eclair | 2022-07-12 | 7.5 HIGH | 9.4 CRITICAL |
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. | |||||
CVE-2021-29932 | 1 Parse Duration Project | 1 Parse Duration | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent. | |||||
CVE-2021-44590 | 1 Libming | 1 Libming | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability. | |||||
CVE-2020-35210 | 1 Atomix | 1 Atomix | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages. | |||||
CVE-2021-28994 | 2 Kopano, Zarafa | 2 Groupware Core, Zarafa | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers. | |||||
CVE-2021-35492 | 1 Wowza | 1 Streaming Engine | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.) | |||||
CVE-2021-41593 | 1 Lightning Network Daemon Project | 1 Lightning Network Daemon | 2022-07-12 | 7.5 HIGH | 8.6 HIGH |
Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure. | |||||
CVE-2021-41592 | 1 Elementsproject | 1 C-lightning | 2022-07-12 | 7.5 HIGH | 9.4 CRITICAL |
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. | |||||
CVE-2021-34415 | 1 Zoom | 1 Meeting Connector | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash. | |||||
CVE-2022-32040 | 1 Tenda | 2 M3, M3 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. | |||||
CVE-2022-32041 | 1 Tenda | 2 M3, M3 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. | |||||
CVE-2022-32043 | 1 Tenda | 2 M3, M3 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. | |||||
CVE-2022-32039 | 1 Tenda | 2 M3, M3 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. | |||||
CVE-2022-32037 | 1 Tenda | 2 M3, M3 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. | |||||
CVE-2022-32053 | 1 Totolink | 2 T6, T6 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c. | |||||
CVE-2022-32052 | 1 Totolink | 2 T6, T6 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. | |||||
CVE-2022-32051 | 1 Totolink | 2 T6, T6 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. |