Total
1413 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34549 | 1 Torproject | 1 Tor | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency. | |||||
| CVE-2022-31803 | 1 Codesys | 1 Gateway | 2022-07-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact. | |||||
| CVE-2021-21267 | 2 Netapp, Schema-inspector Project | 3 E-series Performance Analyzer, Oncommand Insight, Schema-inspector | 2022-06-30 | 5.0 MEDIUM | 7.5 HIGH |
| Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS. | |||||
| CVE-2022-29866 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption. | |||||
| CVE-2022-29864 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption. | |||||
| CVE-2022-29225 | 1 Envoyproxy | 1 Envoy | 2022-06-16 | 5.0 MEDIUM | 7.5 HIGH |
| Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression. | |||||
| CVE-2022-31028 | 1 Minio | 1 Minio | 2022-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections. Public-facing MinIO deployments are most affected. Users should upgrade to RELEASE.2022-06-02T02-11-04Z to receive a patch. One possible workaround is to use a reverse proxy to limit the number of connections being attempted in front of MinIO, and actively rejecting connections from such malicious clients. | |||||
| CVE-2022-31018 | 1 Lightbend | 1 Play Framework | 2022-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON request body or the `Form#bind` method directly on a JSON value. If the JSON data being bound to the form contains a deeply-nested JSON object or array, the form binding implementation may consume all available heap space and cause an `OutOfMemoryError`. If executing on the default dispatcher and `akka.jvm-exit-on-fatal-error` is enabled—as it is by default—then this can crash the application process. `Form.bindFromRequest` is vulnerable when using any body parser that produces a type of `AnyContent` or `JsValue` in Scala, or one that can produce a `JsonNode` in Java. This includes Play's default body parser. This vulnerability been patched in version 2.8.16. There is now a global limit on the depth of a JSON object that can be parsed, which can be configured by the user if necessary. As a workaround, applications that do not need to parse a request body of type `application/json` can switch from the default body parser to another body parser that supports only the specific type of body they expect. | |||||
| CVE-2022-1982 | 1 Mattermost | 1 Mattermost Server | 2022-06-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post. | |||||
| CVE-2022-22556 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2022-06-11 | 7.8 HIGH | 7.5 HIGH |
| Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service. | |||||
| CVE-2022-1797 | 1 Rockwellautomation | 18 Compact Guardlogix 5370, Compact Guardlogix 5370 Firmware, Compact Guardlogix 5380 and 15 more | 2022-06-11 | 7.8 HIGH | 8.6 HIGH |
| A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online. | |||||
| CVE-2017-2884 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2022-06-03 | 7.8 HIGH | 7.5 HIGH |
| An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability. | |||||
| CVE-2017-2889 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2022-06-03 | 7.8 HIGH | 7.5 HIGH |
| An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability. | |||||
| CVE-2020-11645 | 1 Br-automation | 6 Gatemanager 4260, Gatemanager 4260 Firmware, Gatemanager 8250 and 3 more | 2022-06-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances. | |||||
| CVE-2013-5567 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-06-02 | 5.4 MEDIUM | N/A |
| Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause a denial of service (traffic loop and device crash) via a packet that triggers multiple matches, aka Bug ID CSCui45606. | |||||
| CVE-2014-3407 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-06-02 | 5.0 MEDIUM | N/A |
| The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888. | |||||
| CVE-2022-30551 | 1 Opcfoundation | 1 Ua-java | 2022-06-01 | 5.0 MEDIUM | 7.5 HIGH |
| OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. | |||||
| CVE-2022-27640 | 1 Siemens | 4 Simatic Cp 442-1 Rna, Simatic Cp 442-1 Rna Firmware, Simatic Cp 443-1 Rna and 1 more | 2022-06-01 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests. This could allow an attacker to create a denial of service condition by performing ARP storming attacks, which can cause the device to reboot. | |||||
| CVE-2021-22187 | 1 Gitlab | 1 Gitlab | 2022-05-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions of Gitlab EE/CE before 13.6.7. A potential resource exhaustion issue that allowed running or pending jobs to continue even after project was deleted. | |||||
| CVE-2022-28191 | 1 Nvidia | 1 Virtual Gpu | 2022-05-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial of service. | |||||