Total
3664 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1259 | 2 Netapp, Redhat | 12 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 9 more | 2024-11-21 | 7.5 High |
| A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. | ||||
| CVE-2022-1099 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab | ||||
| CVE-2022-0695 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 5.5 Medium |
| Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. | ||||
| CVE-2022-0671 | 1 Redhat | 1 Vscode-xml | 2024-11-21 | 9.1 Critical |
| A flaw was found in vscode-xml in versions prior to 0.19.0. Schema download could lead to blind SSRF or DoS via a large file. | ||||
| CVE-2022-0669 | 3 Dpdk, Openvswitch, Redhat | 4 Data Plane Development Kit, Openvswitch, Enterprise Linux and 1 more | 2024-11-21 | 6.5 Medium |
| A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. | ||||
| CVE-2022-0489 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with 8.15 . It was possible to trigger a DOS by using the math feature with a specific formula in issue comments. | ||||
| CVE-2022-0488 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes. | ||||
| CVE-2022-0476 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 5.5 Medium |
| Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4. | ||||
| CVE-2022-0353 | 1 Lenovo | 3 Diagnostics, Hardwarescan Addin, Hardwarescan Plugin | 2024-11-21 | 4.4 Medium |
| A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash. | ||||
| CVE-2021-4115 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 5.5 Medium |
| There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned | ||||
| CVE-2021-4040 | 2 Apache, Redhat | 2 Activemq Artemis, Amq Broker | 2024-11-21 | 5.3 Medium |
| A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability. | ||||
| CVE-2021-4022 | 1 Rizin | 1 Rizin | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in rizin. The bug involves an ELF64 binary for the HPPA architecture. When a specially crafted binarygets analysed by rizin, it causes rizin to crash by freeing an uninitialized (and potentially user controlled, depending on the build) memory address. | ||||
| CVE-2021-4021 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.5 High |
| A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0, 5.5.4 and 5.5.2. Mapping a huge section filled with zeros of an ELF64 binary for MIPS architecture can lead to uncontrolled resource consumption and DoS. | ||||
| CVE-2021-46668 | 3 Fedoraproject, Mariadb, Redhat | 4 Fedora, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. | ||||
| CVE-2021-46149 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 High |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A denial of service (resource consumption) can be accomplished by searching for a very long key in a Language Name Search. | ||||
| CVE-2021-45829 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 5.5 Medium |
| HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service. | ||||
| CVE-2021-45115 | 3 Djangoproject, Fedoraproject, Redhat | 4 Django, Fedora, Satellite and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. UserAttributeSimilarityValidator incurred significant overhead in evaluating a submitted password that was artificially large in relation to the comparison values. In a situation where access to user registration was unrestricted, this provided a potential vector for a denial-of-service attack. | ||||
| CVE-2021-45042 | 1 Hashicorp | 1 Vault | 2024-11-21 | 4.9 Medium |
| In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0. | ||||
| CVE-2021-44716 | 4 Debian, Golang, Netapp and 1 more | 16 Debian Linux, Go, Cloud Insights Telegraf and 13 more | 2024-11-21 | 7.5 High |
| net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | ||||
| CVE-2021-44527 | 1 Ui | 1 Unifi Switch Firmware | 2024-11-21 | 6.5 Medium |
| A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS) attack on the affected switch.This vulnerability is fixed in UniFi Switch firmware 5.76.6 and later. | ||||