Total
940 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5802 | 1 Rockwellautomation | 1 Factorytalk Linx | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected. | |||||
| CVE-2021-43662 | 1 Totolink | 4 A720r, A720r Firmware, Ex300 V2 and 1 more | 2022-07-12 | 3.3 LOW | 6.5 MEDIUM |
| totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption. | |||||
| CVE-2021-41593 | 1 Lightning Network Daemon Project | 1 Lightning Network Daemon | 2022-07-12 | 7.5 HIGH | 8.6 HIGH |
| Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure. | |||||
| CVE-2021-44590 | 1 Libming | 1 Libming | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability. | |||||
| CVE-2021-33831 | 1 Th-wildau | 1 Covid-19 Contact Tracing | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has Incorrect Access Control. An attacker can interfere with tracing of infection chains by creating 500 random users within 2500 seconds. | |||||
| CVE-2021-34415 | 1 Zoom | 1 Meeting Connector | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash. | |||||
| CVE-2021-41592 | 1 Elementsproject | 1 C-lightning | 2022-07-12 | 7.5 HIGH | 9.4 CRITICAL |
| Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. | |||||
| CVE-2021-35492 | 1 Wowza | 1 Streaming Engine | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, remote attacker to exhaust filesystem resources via the /enginemanager/server/vhost/historical.jsdata vhost parameter. This is due to the insufficient management of available filesystem resources. An attacker could exploit this vulnerability through the Virtual Host Monitoring section by requesting random virtual-host historical data and exhausting available filesystem resources. A successful exploit could allow the attacker to cause database errors and cause the device to become unresponsive to web-based management. (Manual intervention is required to free filesystem resources and return the application to an operational state.) | |||||
| CVE-2021-28994 | 2 Kopano, Zarafa | 2 Groupware Core, Zarafa | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers. | |||||
| CVE-2021-41591 | 1 Acinq | 1 Eclair | 2022-07-12 | 7.5 HIGH | 9.4 CRITICAL |
| ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. | |||||
| CVE-2020-35210 | 1 Atomix | 1 Atomix | 2022-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages. | |||||
| CVE-2021-40607 | 1 Gpac | 1 Gpac | 2022-07-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | |||||
| CVE-2021-40941 | 1 Axiosys | 1 Bento4 | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS). | |||||
| CVE-2022-34750 | 1 Mediawiki | 1 Mediawiki | 2022-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty. | |||||
| CVE-2022-27871 | 1 Autodesk | 14 3ds Max, Advance Steel, Autocad and 11 more | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code. | |||||
| CVE-2022-22979 | 1 Vmware | 1 Spring Cloud Function | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework. | |||||
| CVE-2021-0424 | 2 Google, Mediatek | 54 Android, Mt6580, Mt6582 90 and 51 more | 2022-06-28 | 2.1 LOW | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05393787. | |||||
| CVE-2021-0338 | 1 Google | 1 Android | 2022-06-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| In SystemSettingsValidators, there is a possible permanent denial of service due to missing bounds checks on UI settings. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-156260178 | |||||
| CVE-2021-0422 | 2 Google, Mediatek | 54 Android, Mt6580, Mt6582 90 and 51 more | 2022-06-28 | 2.1 LOW | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381071. | |||||
| CVE-2021-0420 | 1 Google | 1 Android | 2022-06-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381065. | |||||