Total
784 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7821 | 1 Schneider-electric | 3 Modicon M221, Modicon M221 Firmware, Somachine Basic | 2022-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated. | |||||
| CVE-2022-22153 | 1 Juniper | 45 Junos, Mx10, Mx10000 and 42 more | 2022-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| An Insufficient Algorithmic Complexity combined with an Allocation of Resources Without Limits or Throttling vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 allows an unauthenticated network attacker to cause latency in transit packet processing and even packet loss. If transit traffic includes a significant percentage (> 5%) of fragmented packets which need to be reassembled, high latency or packet drops might be observed. This issue affects Juniper Networks Junos OS on SRX Series, MX Series with SPC3: All versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2-S9, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S1, 19.2R2. | |||||
| CVE-2021-39480 | 1 Bingrep Project | 1 Bingrep | 2022-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS). | |||||
| CVE-2021-44591 | 1 Libming | 1 Libming | 2022-01-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file. | |||||
| CVE-2021-37111 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Memory leakage vulnerability in Smartphone.Successful exploitation of this vulnerability may cause memory exhaustion. | |||||
| CVE-2021-45699 | 1 Nervos | 1 Ckb | 2022-01-06 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the ckb crate before 0.40.0 for Rust. Remote attackers may be able to conduct a 51% attack against the Nervos CKB blockchain by triggering an inability to allocate memory for the misbehavior HashMap. | |||||
| CVE-2020-6610 | 2 Gnu, Opensuse | 3 Libredwg, Backports, Leap | 2022-01-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. | |||||
| CVE-2021-38244 | 1 Cbioportal Project | 1 Cbioportal | 2021-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| A regular expression denial of service (ReDoS) vulnerability exits in cbioportal 3.6.21 and older via a POST request to /ProteinArraySignificanceTest.json. | |||||
| CVE-2021-27383 | 1 Siemens | 35 Simatic Hmi Comfort Outdoor Panels 15\", Simatic Hmi Comfort Outdoor Panels 15\" Firmware, Simatic Hmi Comfort Outdoor Panels 7\" and 32 more | 2021-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has a heap allocation leak vulnerability in the server Tight encoder, which could result in a Denial-of-Service condition. | |||||
| CVE-2019-9073 | 3 Canonical, Gnu, Netapp | 4 Ubuntu Linux, Binutils, Hci Management Node and 1 more | 2021-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. | |||||
| CVE-2019-9072 | 2 Gnu, Netapp | 3 Binutils, Hci Management Node, Solidfire | 2021-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. | |||||
| CVE-2019-9076 | 2 Gnu, Netapp | 2 Binutils, Element Software Management | 2021-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c. | |||||
| CVE-2020-29487 | 1 Xen | 1 Xapi | 2021-12-10 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from the guest, and are therefore watched by toolstack. Specifically, keys are watched by xenopsd, and data are forwarded via RPC through message-switch to xapi. The watching logic in xenopsd sends one RPC update containing all data, any time any single xenstore key is updated, and therefore has O(N^2) time complexity. Furthermore, message-switch retains recent (currently 128) RPC messages for diagnostic purposes, yielding O(M*N) space complexity. The quantity of memory a single guest can monopolise is bounded by xenstored quota, but the quota is fairly large. It is believed to be in excess of 1G per malicious guest. In practice, this manifests as a host denial of service, either through message-switch thrashing against swap, or OOMing entirely, depending on dom0's configuration. (There are no quotas in xenopsd to limit the quantity of keys that result in RPC traffic.) A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. All versions of XAPI are vulnerable. Systems that are not using the XAPI toolstack are not vulnerable. | |||||
| CVE-2021-31787 | 1 Actions-semi | 10 Ats2815, Ats2815 Firmware, Ats2819 and 7 more | 2021-12-03 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Classic implementation on Actions ATS2815 chipsets does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown of a device by flooding the target device with LMP_features_res packets. | |||||
| CVE-2020-15100 | 1 Schokokeks | 1 Freewvs | 2021-11-18 | 2.1 LOW | 3.3 LOW |
| In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1. | |||||
| CVE-2020-15213 | 1 Google | 1 Tensorflow | 2021-11-18 | 4.3 MEDIUM | 4.0 MEDIUM |
| In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code. | |||||
| CVE-2019-0005 | 1 Juniper | 14 Ex2300, Ex2300-c, Ex3400 and 11 more | 2021-11-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| On EX2300, EX3400, EX4600, QFX3K and QFX5K series, firewall filter configuration cannot perform packet matching on any IPv6 extension headers. This issue may allow IPv6 packets that should have been blocked to be forwarded. IPv4 packet filtering is unaffected by this vulnerability. Affected releases are Juniper Networks Junos OS on EX and QFX series;: 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1R7; 15.1X53 versions prior to 15.1X53-D234 on QFX5200/QFX5110 series; 15.1X53 versions prior to 15.1X53-D591 on EX2300/EX3400 series; 16.1 versions prior to 16.1R7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2. | |||||
| CVE-2021-39912 | 1 Gitlab | 1 Gitlab | 2021-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion. | |||||
| CVE-2021-39907 | 1 Gitlab | 1 Gitlab | 2021-11-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage. | |||||
| CVE-2021-29763 | 5 Ibm, Linux, Microsoft and 2 more | 6 Aix, Db2, Linux Kernel and 3 more | 2021-11-05 | 1.9 LOW | 5.1 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267. | |||||