| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-34555 |
|
|
DoS |
2021-06-10 |
2021-06-10 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field. |
|
2 |
CVE-2021-33840 |
400 |
|
DoS |
2021-06-04 |
2021-06-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature. |
|
3 |
CVE-2021-33620 |
20 |
|
DoS |
2021-05-28 |
2021-06-11 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. |
|
4 |
CVE-2021-33574 |
416 |
|
DoS |
2021-05-25 |
2021-06-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. |
|
5 |
CVE-2021-33502 |
|
|
DoS |
2021-05-24 |
2021-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs. |
|
6 |
CVE-2021-33500 |
|
|
DoS |
2021-05-21 |
2021-05-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons. |
|
7 |
CVE-2021-33194 |
835 |
|
DoS |
2021-05-26 |
2021-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. |
|
8 |
CVE-2021-33176 |
|
|
DoS |
2021-06-08 |
2021-06-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system. |
|
9 |
CVE-2021-33175 |
|
|
DoS |
2021-06-08 |
2021-06-08 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system. |
|
10 |
CVE-2021-32666 |
20 |
|
DoS |
2021-06-03 |
2021-06-11 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has an invalid assetID for their profile picture and it contains the " character, it will cause the iOS client to crash. The vulnerability is patched in wire-ios version 3.8.1. |
|
11 |
CVE-2021-32642 |
20 |
|
DoS |
2021-05-28 |
2021-06-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy. |
|
12 |
CVE-2021-32617 |
400 |
|
DoS |
2021-05-17 |
2021-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`. |
|
13 |
CVE-2021-32455 |
400 |
|
DoS |
2021-05-17 |
2021-05-24 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access to the device´s network to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending HTTP requests massively. |
|
14 |
CVE-2021-32238 |
787 |
|
DoS Exec Code Overflow |
2021-05-18 |
2021-05-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Overflow. Stack-based buffer overflow occurs when Rocket League handles UPK object files that can result in code execution and denial of service scenario. |
|
15 |
CVE-2021-31978 |
|
|
DoS |
2021-06-08 |
2021-06-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Microsoft Defender Denial of Service Vulnerability |
|
16 |
CVE-2021-31977 |
|
|
DoS |
2021-06-08 |
2021-06-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Windows Hyper-V Denial of Service Vulnerability |
|
17 |
CVE-2021-31974 |
|
|
DoS |
2021-06-08 |
2021-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Server for NFS Denial of Service Vulnerability |
|
18 |
CVE-2021-31968 |
|
|
DoS |
2021-06-08 |
2021-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Windows Remote Desktop Services Denial of Service Vulnerability |
|
19 |
CVE-2021-31957 |
|
|
DoS |
2021-06-08 |
2021-06-09 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
ASP.NET Denial of Service Vulnerability |
|
20 |
CVE-2021-31876 |
863 |
|
DoS |
2021-05-13 |
2021-05-26 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff, spending an unconfirmed parent with nSequence <= 0xff_ff_ff_fd, should be replaceable because there is inherited signaling by the child transaction. However, the actual PreChecks implementation does not enforce this. Instead, mempool rejects the replacement attempt of the unconfirmed child transaction. |
|
21 |
CVE-2021-31808 |
20 |
|
DoS |
2021-05-27 |
2021-06-11 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this. |
|
22 |
CVE-2021-31807 |
|
|
DoS Overflow |
2021-06-08 |
2021-06-11 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent. |
|
23 |
CVE-2021-31806 |
116 |
|
DoS |
2021-05-27 |
2021-06-11 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. |
|
24 |
CVE-2021-31784 |
787 |
|
DoS Exec Code |
2021-04-26 |
2021-05-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. |
|
25 |
CVE-2021-31684 |
787 |
|
DoS |
2021-06-01 |
2021-06-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request. |
|
26 |
CVE-2021-31642 |
190 |
|
DoS Overflow |
2021-06-01 |
2021-06-08 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device. |
|
27 |
CVE-2021-31553 |
428 |
|
DoS |
2021-04-22 |
2021-04-22 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking. |
|
28 |
CVE-2021-31525 |
674 |
|
DoS |
2021-05-27 |
2021-06-11 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. |
|
29 |
CVE-2021-31262 |
476 |
|
DoS |
2021-04-19 |
2021-04-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. |
|
30 |
CVE-2021-31260 |
476 |
|
DoS |
2021-04-19 |
2021-04-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. |
|
31 |
CVE-2021-31259 |
476 |
|
DoS |
2021-04-19 |
2021-04-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. |
|
32 |
CVE-2021-31258 |
476 |
|
DoS |
2021-04-19 |
2021-04-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. |
|
33 |
CVE-2021-31257 |
476 |
|
DoS |
2021-04-19 |
2021-04-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command. |
|
34 |
CVE-2021-31255 |
120 |
|
DoS Exec Code Overflow |
2021-04-19 |
2021-04-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file. |
|
35 |
CVE-2021-31254 |
787 |
|
DoS Exec Code Overflow |
2021-04-19 |
2021-04-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes. |
|
36 |
CVE-2021-31185 |
|
|
DoS |
2021-05-11 |
2021-05-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Windows Desktop Bridge Denial of Service Vulnerability |
|
37 |
CVE-2021-30501 |
20 |
|
DoS |
2021-05-27 |
2021-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file. |
|
38 |
CVE-2021-30500 |
476 |
|
DoS Exec Code |
2021-05-27 |
2021-06-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file. |
|
39 |
CVE-2021-30496 |
|
|
DoS |
2021-04-20 |
2021-04-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. |
|
40 |
CVE-2021-30469 |
416 |
|
DoS |
2021-05-26 |
2021-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file. |
|
41 |
CVE-2021-30464 |
400 |
|
DoS |
2021-04-20 |
2021-04-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
OMICRON StationGuard before 1.10 allows remote attackers to cause a denial of service (connectivity outage) via crafted tcp/20499 packets to the CTRL Ethernet port. |
|
42 |
CVE-2021-30356 |
|
|
DoS |
2021-04-22 |
2021-04-27 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files. |
|
43 |
CVE-2021-30046 |
755 |
|
DoS |
2021-04-06 |
2021-04-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service. |
|
44 |
CVE-2021-30027 |
|
|
DoS |
2021-04-29 |
2021-04-29 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document. |
|
45 |
CVE-2021-29932 |
400 |
|
DoS |
2021-04-01 |
2021-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent. |
|
46 |
CVE-2021-29650 |
|
|
DoS |
2021-03-30 |
2021-04-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. |
|
47 |
CVE-2021-29629 |
20 |
|
DoS |
2021-05-28 |
2021-06-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively. |
|
48 |
CVE-2021-29617 |
755 |
|
DoS |
2021-05-14 |
2021-05-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. |
|
49 |
CVE-2021-29611 |
20 |
|
DoS |
2021-05-14 |
2021-05-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseReshape` results in a denial of service based on a `CHECK`-failure. The implementation(https://github.com/tensorflow/tensorflow/blob/e87b51ce05c3eb172065a6ea5f48415854223285/tensorflow/core/kernels/sparse_reshape_op.cc#L40) has no validation that the input arguments specify a valid sparse tensor. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3, as these are the only affected versions. |
|
50 |
CVE-2021-29584 |
190 |
|
DoS Overflow |
2021-05-14 |
2021-05-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in caused by an integer overflow in constructing a new tensor shape. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/0908c2f2397c099338b901b067f6495a5b96760b/tensorflow/core/kernels/sparse_split_op.cc#L66-L70) builds a dense shape without checking that the dimensions would not result in overflow. The `TensorShape` constructor(https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L183-L188) uses a `CHECK` operation which triggers when `InitDims`(https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should use `BuildTensorShapeBase` or `AddDimWithStatus` to prevent `CHECK`-failures in the presence of overflows. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range. |
