Total
3406 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3822 | 1 Jsoneditoronline | 1 Jsoneditor | 2024-11-21 | 7.5 High |
| jsoneditor is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3807 | 3 Ansi-regex Project, Oracle, Redhat | 10 Ansi-regex, Communications Cloud Native Core Policy, Acm and 7 more | 2024-11-21 | 7.5 High |
| ansi-regex is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3803 | 2 Debian, Nth-check Project | 2 Debian Linux, Nth-check | 2024-11-21 | 7.5 High |
| nth-check is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3801 | 2 Prismjs, Redhat | 2 Prism, Advanced Cluster Security | 2024-11-21 | 6.5 Medium |
| prism is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3795 | 2 Redhat, Semver-regex Project | 2 Acm, Semver-regex | 2024-11-21 | 7.5 High |
| semver-regex is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3764 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3759 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3749 | 4 Axios, Oracle, Redhat and 1 more | 9 Axios, Goldengate, Acm and 6 more | 2024-11-21 | 7.5 High |
| axios is vulnerable to Inefficient Regular Expression Complexity | ||||
| CVE-2021-3737 | 6 Canonical, Fedoraproject, Netapp and 3 more | 18 Ubuntu Linux, Fedora, Hci and 15 more | 2024-11-21 | 7.5 High |
| A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3733 | 4 Fedoraproject, Netapp, Python and 1 more | 21 Extra Packages For Enterprise Linux, Fedora, Hci Compute Node Firmware and 18 more | 2024-11-21 | 6.5 Medium |
| There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | ||||
| CVE-2021-3690 | 1 Redhat | 14 Camel Quarkus, Enterprise Linux, Fuse and 11 more | 2024-11-21 | 7.5 High |
| A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability. | ||||
| CVE-2021-3679 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service. | ||||
| CVE-2021-3669 | 5 Debian, Fedoraproject, Ibm and 2 more | 24 Debian Linux, Fedora, Spectrum Copy Data Management and 21 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | ||||
| CVE-2021-3629 | 2 Netapp, Redhat | 14 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 11 more | 2024-11-21 | 5.9 Medium |
| A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. | ||||
| CVE-2021-3622 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Enterprise Linux Workstation and 1 more | 2024-11-21 | 4.3 Medium |
| A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2021-3541 | 4 Netapp, Oracle, Redhat and 1 more | 29 Active Iq Unified Manager, Cloud Backup, Clustered Data Ontap and 26 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. | ||||
| CVE-2021-3492 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 8.8 High |
| Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (kernel memory exhaustion) or gain privileges via executing arbitrary code. AKA ZDI-CAN-13562. | ||||
| CVE-2021-3479 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.5 Medium |
| There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system availability. | ||||
| CVE-2021-3478 | 2 Debian, Openexr | 2 Debian Linux, Openexr | 2024-11-21 | 5.5 Medium |
| There's a flaw in OpenEXR's scanline input file functionality in versions before 3.0.0-beta. An attacker able to submit a crafted file to be processed by OpenEXR could consume excessive system memory. The greatest impact of this flaw is to system availability. | ||||
| CVE-2021-39942 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to potentially cause denial of service. | ||||