CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43976 DoS 2021-11-17 2021-11-27
2.1
None Local Low Not required None None Partial
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
2 CVE-2021-43668 476 DoS 2021-11-18 2021-11-23
2.1
None Local Low Not required None None Partial
Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal.
3 CVE-2021-43519 787 DoS Overflow 2021-11-09 2021-11-12
4.3
None Remote Medium Not required None None Partial
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
4 CVE-2021-43017 DoS 2021-11-18 2021-11-23
3.5
None Remote Medium ??? None None Partial
Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker could leverage this vulnerability to achieve denial of service in the context of the user. User interaction is required before product installation to abuse this vulnerability.
5 CVE-2021-42917 120 DoS Overflow 2021-11-01 2021-11-02
4.3
None Remote Medium Not required None None Partial
Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.
6 CVE-2021-42836 697 DoS 2021-10-22 2021-10-28
5.0
None Remote Low Not required None None Partial
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.
7 CVE-2021-42766 DoS 2021-10-20 2021-10-26
6.4
None Remote Low Not required None Partial Partial
The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (long-range consensus chain reorganizations), even when this adversary has little stake and cannot influence network message propagation. This can cause a protocol stall, or an increase in the profits of individual validators.
8 CVE-2021-42765 DoS 2021-10-20 2021-10-26
5.0
None Remote Low Not required None None Partial
The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to leverage network delay to cause a denial of service (indefinite stalling of consensus decisions).
9 CVE-2021-42764 DoS 2021-10-20 2021-10-26
6.4
None Remote Low Not required None Partial Partial
The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (delayed consensus decisions), and also increase the profits of individual validators, via short-range reorganizations of the underlying consensus chain.
10 CVE-2021-42715 835 DoS 2021-10-21 2021-11-26
4.3
None Remote Medium Not required None None Partial
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
11 CVE-2021-42697 787 DoS 2021-11-02 2021-11-04
5.0
None Remote Low Not required None None Partial
Akka HTTP 10.1.x and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments.
12 CVE-2021-42386 416 DoS Exec Code 2021-11-15 2021-11-25
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function
13 CVE-2021-42385 416 DoS Exec Code 2021-11-15 2021-11-25
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
14 CVE-2021-42384 416 DoS Exec Code 2021-11-15 2021-11-25
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function
15 CVE-2021-42383 416 DoS Exec Code 2021-11-15 2021-11-25
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function
16 CVE-2021-42382 416 DoS Exec Code 2021-11-15 2021-11-25
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function
17 CVE-2021-42381 416 DoS Exec Code 2021-11-15 2021-11-25
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function
18 CVE-2021-42380 416 DoS Exec Code 2021-11-15 2021-11-25
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function
19 CVE-2021-42379 416 DoS Exec Code 2021-11-15 2021-11-25
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function
20 CVE-2021-42378 416 DoS Exec Code 2021-11-15 2021-11-25
6.5
None Remote Low ??? Partial Partial Partial
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function
21 CVE-2021-42377 763 DoS Exec Code 2021-11-15 2021-11-25
6.8
None Remote Medium Not required Partial Partial Partial
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.
22 CVE-2021-42376 476 DoS 2021-11-15 2021-11-25
1.9
None Local Medium Not required None None Partial
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
23 CVE-2021-42375 DoS 2021-11-15 2021-11-25
1.9
None Local Medium Not required None None Partial
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
24 CVE-2021-42374 125 DoS +Info 2021-11-15 2021-11-25
3.3
None Local Medium Not required Partial None Partial
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
25 CVE-2021-42373 476 DoS 2021-11-15 2021-11-25
2.1
None Local Low Not required None None Partial
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
26 CVE-2021-42340 772 DoS 2021-10-14 2021-11-12
5.0
None Remote Low Not required None None Partial
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
27 CVE-2021-42284 400 DoS 2021-11-10 2021-11-13
7.1
None Remote Medium Not required None None Complete
Windows Hyper-V Denial of Service Vulnerability
28 CVE-2021-42274 DoS 2021-11-10 2021-11-12
2.1
None Local Low Not required None None Partial
Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability
29 CVE-2021-42260 835 DoS 2021-10-11 2021-10-19
5.0
None Remote Low Not required None None Partial
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
30 CVE-2021-42084 835 DoS 2021-10-07 2021-10-14
4.0
None Remote Low ??? None None Partial
An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.
31 CVE-2021-42075 400 DoS 2021-11-08 2021-11-09
5.0
None Remote Low Not required None None Partial
An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote attacker can thus cause file descriptor exhaustion in the server process, leading to denial of service.
32 CVE-2021-41872 DoS 2021-10-27 2021-11-01
5.0
None Remote Low Not required None None Partial
Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
33 CVE-2021-41865 DoS 2021-10-07 2021-10-15
4.0
None Remote Low ??? None None Partial
HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.
34 CVE-2021-41821 191 DoS 2021-09-29 2021-10-12
4.0
None Remote Low ??? None None Partial
Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated agent to the manager.
35 CVE-2021-41800 770 DoS 2021-10-11 2021-11-17
5.0
None Remote Low Not required None None Partial
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled.
36 CVE-2021-41799 770 DoS 2021-10-11 2021-11-26
5.0
None Remote Low Not required None None Partial
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan.
37 CVE-2021-41459 787 DoS Overflow 2021-10-01 2021-10-07
5.0
None Remote Low Not required None None Partial
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.
38 CVE-2021-41457 787 DoS Overflow 2021-10-01 2021-10-07
5.0
None Remote Low Not required None None Partial
There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability.
39 CVE-2021-41456 787 DoS Overflow 2021-10-01 2021-10-07
5.0
None Remote Low Not required None None Partial
There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.
40 CVE-2021-41380 20 DoS 2021-09-17 2021-09-28
4.3
None Remote Medium Not required None None Partial
** DISPUTED ** RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data. NOTE: It is asserted that this issue requires social engineering a user into connecting to a fake VNC Server. The VNC Viewer application they are using will then hang, until terminated, but no memory leak occurs - the resources are freed once the hung process is terminated and the resource usage is constant during the hang. Only the process that is connected to the fake Server is affected. This is an application bug, not a security issue.
41 CVE-2021-41356 DoS 2021-11-10 2021-11-10
5.0
None Remote Low Not required None None Partial
Windows Denial of Service Vulnerability
42 CVE-2021-41294 22 DoS Dir. Trav. 2021-09-30 2021-10-07
6.4
None Remote Low Not required None Partial Partial
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET parameter, unauthenticated attackers can remotely delete arbitrary files on the affected device and cause denial of service scenario.
43 CVE-2021-41213 667 DoS 2021-11-05 2021-11-09
4.3
None Remote Medium Not required None None Partial
TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object. Loading any model which contains mutually recursive functions is vulnerable. An attacker can cause denial of service by causing users to load such models and calling a recursive `tf.function`, although this is not a frequent scenario. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
44 CVE-2021-41208 476 DoS 2021-11-05 2021-11-09
4.6
None Local Low Not required Partial Partial Partial
TensorFlow is an open source platform for machine learning. In affected versions the code for boosted trees in TensorFlow is still missing validation. As a result, attackers can trigger denial of service (via dereferencing `nullptr`s or via `CHECK`-failures) as well as abuse undefined behavior (binding references to `nullptr`s). An attacker can also read and write from heap buffers, depending on the API that gets used and the arguments that are passed to the call. Given that the boosted trees implementation in TensorFlow is unmaintained, it is recommend to no longer use these APIs. We will deprecate TensorFlow's boosted trees APIs in subsequent releases. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
45 CVE-2021-41195 190 DoS Overflow 2021-11-05 2021-11-09
2.1
None Local Low Not required None None Partial
TensorFlow is an open source platform for machine learning. In affected versions the implementation of `tf.math.segment_*` operations results in a `CHECK`-fail related abort (and denial of service) if a segment id in `segment_ids` is large. This is similar to CVE-2021-29584 (and similar other reported vulnerabilities in TensorFlow, localized to specific APIs): the implementation (both on CPU and GPU) computes the output shape using `AddDim`. However, if the number of elements in the tensor overflows an `int64_t` value, `AddDim` results in a `CHECK` failure which provokes a `std::abort`. Instead, code should use `AddDimWithStatus`. The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
46 CVE-2021-41186 400 DoS 2021-10-29 2021-11-03
5.0
None Remote Low Not required None None Partial
Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).
47 CVE-2021-41168 327 DoS 2021-10-21 2021-10-28
4.0
None Remote Low ??? None None Partial
Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. In affected versions snudown was found to be vulnerable to denial of service attacks to its reference table implementation. References written in markdown ` [reference_name]: https://www.example.com` are inserted into a hash table which was found to have a weak hash function, meaning that an attacker can reliably generate a large number of collisions for it. This makes the hash table vulnerable to a hash-collision DoS attack, a type of algorithmic complexity attack. Further the hash table allowed for duplicate entries resulting in long retrieval times. Proofs of concept and further discussion of the hash collision issue are discussed on the snudown GHSA(https://github.com/reddit/snudown/security/advisories/GHSA-6gvv-9q92-w5f6). Users are advised to update to version 1.7.0.
48 CVE-2021-41145 400 DoS 2021-10-25 2021-11-17
5.0
None Remote Low Not required None None Partial
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion. By abusing this vulnerability, an attacker is able to crash any FreeSWITCH instance by flooding it with SIP messages, leading to Denial of Service. The attack does not require authentication and can be carried out over UDP, TCP or TLS. This issue was patched in version 1.10.7.
49 CVE-2021-41118 400 DoS 2021-10-04 2021-10-12
5.0
None Remote Low Not required None None Partial
The DynamicPageList3 extension is a reporting tool for MediaWiki, listing category members and intersections with various formats and details. In affected versions unsanitised input of regular expression date within the parameters of the DPL parser function, allowed for the possibility of ReDoS (Regex Denial of Service). This has been resolved in version 3.3.6. If you are unable to update you may also set `$wgDplSettings['functionalRichness'] = 0;` or disable DynamicPageList3 to mitigate.
50 CVE-2021-41105 DoS 2021-10-25 2021-10-28
5.0
None Remote Low Not required None None Partial
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When handling SRTP calls, FreeSWITCH prior to version 1.10.7 is susceptible to a DoS where calls can be terminated by remote attackers. This attack can be done continuously, thus denying encrypted calls during the attack. When a media port that is handling SRTP traffic is flooded with a specially crafted SRTP packet, the call is terminated leading to denial of service. This issue was reproduced when using the SDES key exchange mechanism in a SIP environment as well as when using the DTLS key exchange mechanism in a WebRTC environment. The call disconnection occurs due to line 6331 in the source file `switch_rtp.c`, which disconnects the call when the total number of SRTP errors reach a hard-coded threshold (100). By abusing this vulnerability, an attacker is able to disconnect any ongoing calls that are using SRTP. The attack does not require authentication or any special foothold in the caller's or the callee's network. This issue is patched in version 1.10.7.
Total number of vulnerabilities : 1720   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.