Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
CWE
:
Topic
Date
Author
Med.
ModSecurity 3.0.x Denial Of Service
17.09.2020
Christian Folini
Med.
ZyXEL P-660HW UDP fragmentation Denial of Service
12.01.2018
Hosein Askari
Med.
ZyXEL TTL Expiry Denial of Service
25.12.2017
Hosein Askari
Low
Android Private Internet Access Denial Of Service
30.10.2017
nightwatchcybersecurit...
Low
libgedit.a mishandling NUL Blocks in gedit(GNOME text editor)
02.09.2017
Hosein Askari
Low
Trihedral VTScada DoS / XSS / Information Disclosure
01.07.2017
Karn Ganeshen
Med.
MikroTik UDP Flood Denial of Service
10.05.2017
Hosein Askari
Med.
BackBox OS Denial Of Service(CPU Consumption)
01.04.2017
Hosein Askari(FarazPaj...
Med.
MikroTik RouterBoard V-6.38.5 Denial Of Service | CPU Consumption
28.03.2017
Hosein Askari (FarazPa...
Med.
Android Qualcomm GPS/GNSS Man-In-The-Middle
12.10.2016
Yakov Shafranovich
Low
Open-Xchange App Suite 7.8.1 Information Disclosure
23.06.2016
Martin Heiland
Med.
SAP Afaria 7 XcListener DoS in the module XeClient.Dll
19.06.2015
Vahagn Vardanyan
Med.
XMPP-Layer Compression Uncontrolled Resource Consumption
06.04.2014
Giancarlo Pellegrino
Low
Guitar Pro 6.1.1 r10791 (.gpx) Denial of Service Exploit
06.05.2012
condis
CVEMAP Search Results
CVE
Details
Description
2021-02-26
CVE-2021-21328
Updating...
Vapor is a web framework for Swift. In Vapor before version 4.40.1, there is a DoS attack against anyone who Bootstraps a metrics backend for their Vapor app. The following is the attack vector: 1. send unlimited requests against a vapor instance with different paths. this will create unlimited counters and timers, which will eventually drain the system. 2. downstream services might suffer from this attack as well by being spammed with error paths. This has been patched in 4.40.1. The `DefaultResponder` will rewrite any undefined route paths for to `vapor_route_undefined` to avoid unlimited counters.
CVE-2021-21274
Updating...
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to a denial of service attack where homeservers will consume significantly more resources when requesting the .well-known file of a malicious homeserver. This affects any server which accepts federation requests from untrusted servers. Issue is resolved in version 1.25.0. As a workaround the `federation_domain_whitelist` setting can be used to restrict the homeservers communicated with over federation.
2021-02-23
Medium
CVE-2021-22882
Updating...
UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.
High
CVE-2020-27782
Vendor:
Redhat
Software:
Jboss fuse
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1.
2021-02-22
High
CVE-2020-11270
Updating...
Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
2021-02-19
Medium
CVE-2021-27405
Vendor:
Scrapbox-parser project
Software:
Scrapbox-parser
A ReDoS (regular expression denial of service) flaw was found in the @progfay/scrapbox-parser package before 6.0.3 for Node.js.
2021-02-18
Medium
CVE-2020-28496
Vendor:
Three project
Software:
Three
This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = "rgb(" for (var i = 0; i < n; i++) { ret += " " } return ret + ""; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() - time; console.log(time_cost+" ms")
Medium
CVE-2020-28491
Vendor:
Fasterxml
Software:
Jackson-data...
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
2021-02-17
Medium
CVE-2021-22553
Vendor:
Google
Software:
Gerrit
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.
Medium
CVE-2021-22174
Vendor:
Wireshark
Software:
Wireshark
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
Copyright
2021
, cxsecurity.com
Back to Top
