Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-770
Total 540 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43662 1 Totolink 4 A720r, A720r Firmware, Ex300 V2 and 1 more 2022-07-12 3.3 LOW 6.5 MEDIUM
totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.
CVE-2021-33831 1 Th-wildau 1 Covid-19 Contact Tracing 2022-07-12 4.0 MEDIUM 6.5 MEDIUM
api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds.
CVE-2020-5802 1 Rockwellautomation 1 Factorytalk Linx 2022-07-12 5.0 MEDIUM 7.5 HIGH
An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected.
CVE-2021-41591 1 Acinq 1 Eclair 2022-07-12 7.5 HIGH 9.4 CRITICAL
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.
CVE-2021-29932 1 Parse Duration Project 1 Parse Duration 2022-07-12 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent.
CVE-2021-44590 1 Libming 1 Libming 2022-07-12 4.3 MEDIUM 6.5 MEDIUM
In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability.
CVE-2020-35210 1 Atomix 1 Atomix 2022-07-12 4.0 MEDIUM 6.5 MEDIUM
A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.
CVE-2021-28994 2 Kopano, Zarafa 2 Groupware Core, Zarafa 2022-07-12 5.0 MEDIUM 7.5 HIGH
kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
CVE-2021-35492 1 Wowza 1 Streaming Engine 2022-07-12 4.0 MEDIUM 6.5 MEDIUM
Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.)
CVE-2021-41593 1 Lightning Network Daemon Project 1 Lightning Network Daemon 2022-07-12 7.5 HIGH 8.6 HIGH
Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure.
CVE-2021-41592 1 Elementsproject 1 C-lightning 2022-07-12 7.5 HIGH 9.4 CRITICAL
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.
CVE-2021-34415 1 Zoom 1 Meeting Connector 2022-07-12 7.8 HIGH 7.5 HIGH
The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash.
CVE-2022-32040 1 Tenda 2 M3, M3 Firmware 2022-07-12 5.0 MEDIUM 7.5 HIGH
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm.
CVE-2022-32041 1 Tenda 2 M3, M3 Firmware 2022-07-12 5.0 MEDIUM 7.5 HIGH
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData.
CVE-2022-32043 1 Tenda 2 M3, M3 Firmware 2022-07-12 5.0 MEDIUM 7.5 HIGH
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo.
CVE-2022-32039 1 Tenda 2 M3, M3 Firmware 2022-07-12 5.0 MEDIUM 7.5 HIGH
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient.
CVE-2022-32037 1 Tenda 2 M3, M3 Firmware 2022-07-12 5.0 MEDIUM 7.5 HIGH
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg.
CVE-2022-32053 1 Totolink 2 T6, T6 Firmware 2022-07-12 5.0 MEDIUM 7.5 HIGH
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c.
CVE-2022-32052 1 Totolink 2 T6, T6 Firmware 2022-07-12 5.0 MEDIUM 7.5 HIGH
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4.
CVE-2022-32051 1 Totolink 2 T6, T6 Firmware 2022-07-12 5.0 MEDIUM 7.5 HIGH
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4.