Total
3419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32657 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 Medium |
| Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The vulnerability is fixed in versions 19.0.11, 20.0.10, and 21.0.2. As a workaround, administrators can use the OCC command line tool to administrate the Nextcloud users. | ||||
| CVE-2021-32640 | 2 Netapp, Ws Project | 2 E-series Performance Analyzer, Ws | 2024-11-21 | 5.3 Medium |
| ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options. | ||||
| CVE-2021-32617 | 3 Exiv2, Fedoraproject, Redhat | 3 Exiv2, Fedora, Enterprise Linux | 2024-11-21 | 4.7 Medium |
| Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`. | ||||
| CVE-2021-32595 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 6.5 Medium |
| Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests. | ||||
| CVE-2021-32503 | 1 Sick | 2 Ftmg, Ftmg Firmware | 2024-11-21 | 4.9 Medium |
| Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system. | ||||
| CVE-2021-32455 | 1 Sitel-sa | 2 Cap\/prx, Cap\/prx Firmware | 2024-11-21 | 6.8 Medium |
| SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access to the device´s network to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending HTTP requests massively. | ||||
| CVE-2021-32053 | 1 Fhir | 1 Hapi Fhir | 2024-11-21 | 5.3 Medium |
| JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are many simultaneous history requests. | ||||
| CVE-2021-32014 | 2 Oracle, Sheetjs | 3 Rest Data Services, Sheetjs, Sheetjs Pro | 2024-11-21 | 5.5 Medium |
| SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js. | ||||
| CVE-2021-32013 | 2 Oracle, Sheetjs Project | 3 Rest Data Services, Sheetjs, Sheetjs Pro | 2024-11-21 | 5.5 Medium |
| SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2). | ||||
| CVE-2021-32012 | 2 Oracle, Sheetjs Project | 3 Rest Data Services, Sheetjs, Sheetjs Pro | 2024-11-21 | 5.5 Medium |
| SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2). | ||||
| CVE-2021-31811 | 4 Apache, Fedoraproject, Oracle and 1 more | 13 Pdfbox, Fedora, Banking Corporate Lending Process Management and 10 more | 2024-11-21 | 5.5 Medium |
| In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions. | ||||
| CVE-2021-31807 | 4 Fedoraproject, Netapp, Redhat and 1 more | 4 Fedora, Cloud Manager, Enterprise Linux and 1 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent. | ||||
| CVE-2021-31409 | 1 Vaadin | 1 Vaadin | 2024-11-21 | 7.5 High |
| Unsafe validation RegEx in EmailValidator component in com.vaadin:vaadin-compatibility-server versions 8.0.0 through 8.12.4 (Vaadin versions 8.0.0 through 8.12.4) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. | ||||
| CVE-2021-31405 | 1 Vaadin | 2 Flow, Vaadin | 2024-11-21 | 7.5 High |
| Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-text-field-flow versions 2.0.4 through 2.3.2 (Vaadin 14.0.6 through 14.4.3), and 3.0.0 through 4.0.2 (Vaadin 15.0.0 through 17.0.10) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. | ||||
| CVE-2021-31368 | 1 Juniper | 6 Acx710, Ex2300, Ex2300-c and 3 more | 2024-11-21 | 7.5 High |
| An Uncontrolled Resource Consumption vulnerability in the kernel of Juniper Networks JUNOS OS allows an unauthenticated network based attacker to cause 100% CPU load and the device to become unresponsive by sending a flood of traffic to the out-of-band management ethernet port. Continued receipted of a flood will create a sustained Denial of Service (DoS) condition. Once the flood subsides the system will recover by itself. An indication that the system is affected by this issue would be that kernel and netisr process are shown to be using a lot of CPU cycles like in the following example output: user@host> show system processes extensive ... PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 16 root -72 - 0K 304K WAIT 1 839:40 88.96% intr{swi1: netisr 0} 0 root 97 - 0K 160K RUN 1 732:43 87.99% kernel{bcm560xgmac0 que} This issue affects Juniper Networks JUNOS OS on EX2300 Series, EX3400 Series, and ACX710: All versions prior to 18.1R3-S13; 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8, 18.4R3-S9; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2. | ||||
| CVE-2021-31365 | 1 Juniper | 5 Ex2300, Ex3400, Ex4300 and 2 more | 2024-11-21 | 6.5 Medium |
| An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will trigger an Aggregated Ethernet (AE) interface to go down and thereby causing a Denial of Service (DoS). By continuously sending a stream of specific layer 2 frames an attacker will sustain the Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS EX4300 Series All versions prior to 15.1R7-S7; 16.1 versions prior to 16.1R7-S8; 17.1 versions prior to 17.1R2-S12; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S10, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R2-S7, 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R1-S7, 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R1-S5, 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S2, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2. Juniper Networks Junos OS EX3400 and EX4300-MP Series All versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S9, 18.4R3-S7; 19.1 versions prior to 19.1R2-S3, 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3-S1; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS EX2300 Series All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S7, 19.3R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R2-S2, 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R2-S1, 20.4R3; 21.1 versions prior to 21.1R2. | ||||
| CVE-2021-31340 | 1 Siemens | 50 Simatic Reader Rf610r Cmiit, Simatic Reader Rf610r Cmiit Firmware, Simatic Reader Rf610r Etsi and 47 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation. | ||||
| CVE-2021-30504 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.5 High |
| In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of unbounded resource allocation. | ||||
| CVE-2021-30468 | 3 Apache, Oracle, Redhat | 8 Cxf, Tomee, Business Intelligence and 5 more | 2024-11-21 | 7.5 High |
| A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11. | ||||
| CVE-2021-30464 | 1 Omicronenergy | 1 Stationguard | 2024-11-21 | 7.5 High |
| OMICRON StationGuard before 1.10 allows remote attackers to cause a denial of service (connectivity outage) via crafted tcp/20499 packets to the CTRL Ethernet port. | ||||