Total
1003 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44542 | 1 Privoxy | 1 Privoxy | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A memory leak vulnerability was found in Privoxy when handling errors. | |||||
| CVE-2021-44540 | 1 Privoxy | 1 Privoxy | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. | |||||
| CVE-2021-44541 | 1 Privoxy | 1 Privoxy | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination. | |||||
| CVE-2021-3574 | 2 Fedoraproject, Imagemagick | 2 Fedora, Imagemagick | 2023-11-07 | N/A | 3.3 LOW |
| A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. | |||||
| CVE-2021-39282 | 1 Live555 | 1 Live555 | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files. | |||||
| CVE-2021-3181 | 3 Debian, Fedoraproject, Mutt | 3 Debian Linux, Fedora, Mutt | 2023-11-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from the attacker can cause large memory consumption, and the victim may then be unable to see email messages from other persons. | |||||
| CVE-2021-34698 | 1 Cisco | 8 Asyncos, Web Security Appliance S170, Web Security Appliance S190 and 5 more | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the proxy service of an affected device. An attacker could exploit this vulnerability by establishing a large number of HTTPS connections to the affected device. A successful exploit could allow the attacker to cause the system to stop processing new connections, which could result in a DoS condition. Note: Manual intervention may be required to recover from this situation. | |||||
| CVE-2021-34792 | 1 Cisco | 18 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 15 more | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management when connection rates are high. An attacker could exploit this vulnerability by opening a significant number of connections on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2021-34740 | 1 Cisco | 71 1100-4g\/6g Integrated Services Router, 1100-4p Integrated Services Router, 1100-8p Integrated Services Router and 68 more | 2023-11-07 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device. | |||||
| CVE-2021-29649 | 2 Fedoraproject, Linux | 2 Fedora, Linux Kernel | 2023-11-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. | |||||
| CVE-2021-28651 | 4 Debian, Fedoraproject, Netapp and 1 more | 4 Debian Linux, Fedora, Cloud Manager and 1 more | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption. | |||||
| CVE-2021-28652 | 3 Debian, Fedoraproject, Squid-cache | 3 Debian Linux, Fedora, Squid | 2023-11-07 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege. | |||||
| CVE-2021-22173 | 3 Fedoraproject, Oracle, Wireshark | 3 Fedora, Zfs Storage Appliance, Wireshark | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2021-20209 | 1 Privoxy | 1 Privoxy | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| A memory leak vulnerability was found in Privoxy before 3.0.29 in the show-status CGI handler when no action files are configured. | |||||
| CVE-2021-1387 | 1 Cisco | 121 Nexus 3016, Nexus 3016q, Nexus 3048 and 118 more | 2023-11-07 | 4.3 MEDIUM | 8.6 HIGH |
| A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory. | |||||
| CVE-2021-1563 | 1 Cisco | 4 Video Surveillance 7070, Video Surveillance 7070 Firmware, Video Surveillance 7530pd and 1 more | 2023-11-07 | 6.1 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain Cisco Discovery Protocol and LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted Cisco Discovery Protocol or LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2021-1595 | 1 Cisco | 4 Video Surveillance 7070, Video Surveillance 7070 Firmware, Video Surveillance 7530pd and 1 more | 2023-11-07 | 3.3 LOW | 6.5 MEDIUM |
| Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2021-1353 | 1 Cisco | 5 Asr 5000, Asr 5500, Asr 5700 and 2 more | 2023-11-07 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the IPv4 protocol handling of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a memory leak that occurs during packet processing. An attacker could exploit this vulnerability by sending a series of crafted IPv4 packets through an affected device. A successful exploit could allow the attacker to exhaust the available memory and cause an unexpected restart of the npusim process, leading to a DoS condition on the affected device. | |||||
| CVE-2021-1596 | 1 Cisco | 4 Video Surveillance 7070, Video Surveillance 7070 Firmware, Video Surveillance 7530pd and 1 more | 2023-11-07 | 3.3 LOW | 6.5 MEDIUM |
| Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2021-1564 | 1 Cisco | 4 Video Surveillance 7070, Video Surveillance 7070 Firmware, Video Surveillance 7530pd and 1 more | 2023-11-07 | 6.1 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in the implementation of the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) for Cisco Video Surveillance 7000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device. These vulnerabilities are due to incorrect processing of certain Cisco Discovery Protocol and LLDP packets at ingress time. An attacker could exploit these vulnerabilities by sending crafted Cisco Discovery Protocol or LLDP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to continuously consume memory, which could cause the device to crash and reload, resulting in a DoS condition. Note: Cisco Discovery Protocol and LLDP are Layer 2 protocols. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||