CWE:
 

Topic
Date
Author
Med.
ModSecurity 3.0.x Denial Of Service
17.09.2020
Christian Folini
Med.
ZyXEL P-660HW UDP fragmentation Denial of Service
12.01.2018
Hosein Askari
Med.
ZyXEL TTL Expiry Denial of Service
25.12.2017
Hosein Askari
Low
Android Private Internet Access Denial Of Service
30.10.2017
nightwatchcybersecurit...
Low
libgedit.a mishandling NUL Blocks in gedit(GNOME text editor)
02.09.2017
Hosein Askari
Low
Trihedral VTScada DoS / XSS / Information Disclosure
01.07.2017
Karn Ganeshen
Med.
MikroTik UDP Flood Denial of Service
10.05.2017
Hosein Askari
Med.
BackBox OS Denial Of Service(CPU Consumption)
01.04.2017
Hosein Askari(FarazPaj...
Med.
MikroTik RouterBoard V-6.38.5 Denial Of Service | CPU Consumption
28.03.2017
Hosein Askari (FarazPa...
Med.
Android Qualcomm GPS/GNSS Man-In-The-Middle
12.10.2016
Yakov Shafranovich
Low
Open-Xchange App Suite 7.8.1 Information Disclosure
23.06.2016
Martin Heiland
Med.
SAP Afaria 7 XcListener DoS in the module XeClient.Dll
19.06.2015
Vahagn Vardanyan
Med.
XMPP-Layer Compression Uncontrolled Resource Consumption
06.04.2014
Giancarlo Pellegrino
Low
Guitar Pro 6.1.1 r10791 (.gpx) Denial of Service Exploit
06.05.2012
condis


CVEMAP Search Results

CVE
Details
Description
2021-02-26
Waiting for details
CVE-2021-21328

Updating...
 

 
Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited counters and timers, which will eventually drain the system. 2. downstream services might suffer from this attack as well by being spammed with error paths. This has been patched in 4.40.1. The `DefaultResponder` will rewrite any undefined route paths for to `vapor_route_undefined` to avoid unlimited counters.

 
Waiting for details
CVE-2021-21274

Updating...
 

 
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.

 
2021-02-23
Medium
CVE-2021-22882

Updating...
 

 
UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.

 
High
CVE-2020-27782

Vendor: Redhat
Software: Jboss fuse
 

 
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.

 
2021-02-22
High
CVE-2020-11270

Updating...
 

 
Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

 
2021-02-19
Medium
CVE-2021-27405

Vendor: Scrapbox-parser project
Software: Scrapbox-parser
 

 
A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js.

 
2021-02-18
Medium
CVE-2020-28496

Vendor: Three project
Software: Three
 

 
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = "rgb(" for (var i = 0; i < n; i++) { ret += " " } return ret + ""; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() - time; console.log(time_cost+" ms")

 
Medium
CVE-2020-28491

Vendor: Fasterxml
Software: Jackson-data...
 

 
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.

 
2021-02-17
Medium
CVE-2021-22553

Vendor: Google
Software: Gerrit
 

 
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.

 
Medium
CVE-2021-22174

Vendor: Wireshark
Software: Wireshark
 

 
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

 

 


Copyright 2021, cxsecurity.com

 

Back to Top