Total
3395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27212 | 2 Debian, Openldap | 2 Debian Linux, Openldap | 2024-11-21 | 7.5 High |
| In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. | ||||
| CVE-2021-26945 | 1 Openexr | 1 Openexr | 2024-11-21 | 5.5 Medium |
| An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. | ||||
| CVE-2021-26260 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-11-21 | 5.5 Medium |
| An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. This is a different flaw from CVE-2021-23215. | ||||
| CVE-2021-25909 | 1 Zivautomation | 2 4cct-ea6-334126bf, 4cct-ea6-334126bf Firmware | 2024-11-21 | 8.6 High |
| ZIV Automation 4CCT-EA6-334126BF firmware version 3.23.80.27.36371, allows an unauthenticated, remote attacker to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending specific packets to the port 7919. | ||||
| CVE-2021-25701 | 1 Teradici | 1 Pcoip Client | 2024-11-21 | 5.5 Medium |
| The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object management during the handling of a variety of IOCTLs, which allowed an attacker to cause a denial of service. | ||||
| CVE-2021-25659 | 1 Siemens | 1 Automation License Manager | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0 SP9 Update 2). Sending specially crafted packets to port 4410/tcp of an affected system could lead to extensive memory being consumed and as such could cause a denial-of-service preventing legitimate users from using the system. | ||||
| CVE-2021-25252 | 7 Apple, Emc, Linux and 4 more | 25 Macos, Celerra Network Attached Storage, Linux Kernel and 22 more | 2024-11-21 | 5.5 Medium |
| Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. | ||||
| CVE-2021-25227 | 1 Trendmicro | 1 Antivirus | 2024-11-21 | 3.3 Low |
| Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability - i.e. the attacker must already have access to the target system (either legitimately or via another exploit). | ||||
| CVE-2021-25226 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 5.5 Medium |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-25225 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 5.5 Medium |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-25224 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 5.5 Medium |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-24893 | 1 Stars Rating Project | 1 Stars Rating | 2024-11-21 | 7.5 High |
| The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated. | ||||
| CVE-2021-23852 | 1 Bosch | 10 Cpp13, Cpp13 Firmware, Cpp4 and 7 more | 2024-11-21 | 4.9 Medium |
| An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS). | ||||
| CVE-2021-23437 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 7.5 High |
| The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | ||||
| CVE-2021-23425 | 2 Redhat, Trim-off-newlines Project | 2 Rhev Manager, Trim-off-newlines | 2024-11-21 | 5.3 Medium |
| All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. | ||||
| CVE-2021-23424 | 1 Ansi-html Project | 1 Ansi-html | 2024-11-21 | 7.5 High |
| This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time. | ||||
| CVE-2021-23413 | 1 Jszip Project | 1 Jszip | 2024-11-21 | 5.3 Medium |
| This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance. | ||||
| CVE-2021-23382 | 2 Postcss, Redhat | 4 Postcss, Acm, Openshift and 1 more | 2024-11-21 | 5.3 Medium |
| The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*). | ||||
| CVE-2021-23368 | 2 Postcss, Redhat | 4 Postcss, Acm, Openshift and 1 more | 2024-11-21 | 5.3 Medium |
| The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. | ||||
| CVE-2021-23364 | 2 Browserslist Project, Redhat | 3 Browserslist, Acm, Quay | 2024-11-21 | 5.3 Medium |
| The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries. | ||||