# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2021-45700 |
400 |
|
DoS |
2021-12-27 |
2022-01-06 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
An issue was discovered in the ckb crate before 0.40.0 for Rust. Attackers can cause a denial of service (Nervos CKB blockchain node crash) via a dead call that is used as a DepGroup. |
2 |
CVE-2021-45519 |
|
|
DoS |
2021-12-26 |
2022-01-03 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. |
3 |
CVE-2021-45518 |
|
|
DoS |
2021-12-26 |
2022-01-03 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. |
4 |
CVE-2021-45517 |
|
|
DoS |
2021-12-26 |
2022-01-03 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of service. |
5 |
CVE-2021-45516 |
|
|
DoS |
2021-12-26 |
2022-01-05 |
2.7 |
None |
Local Network |
Low |
??? |
None |
None |
Partial |
Certain NETGEAR devices are affected by denial of service. This affects R6400 before 1.0.1.70, R7000 before 1.0.11.126, R6900P before 1.3.3.140, R7000P before 1.3.3.140, R8000 before 1.0.4.74, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11. |
6 |
CVE-2021-45515 |
|
|
DoS |
2021-12-26 |
2022-01-05 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
Certain NETGEAR devices are affected by denial of service. This affects EX7500 before 1.0.0.72, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, RBRE960 before 6.0.3.68, RBSE960 before 6.0.3.68, RBR750 before 3.2.17.12, RBR850 before 3.2.17.12, RBS750 before 3.2.17.12, RBS850 before 3.2.17.12, RBK752 before 3.2.17.12, and RBK852 before 3.2.17.12. |
7 |
CVE-2021-45470 |
|
|
DoS |
2021-12-23 |
2021-12-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts. |
8 |
CVE-2021-45293 |
119 |
|
DoS Overflow |
2021-12-21 |
2022-02-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet. |
9 |
CVE-2021-45292 |
476 |
|
DoS |
2021-12-21 |
2021-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. |
10 |
CVE-2021-45291 |
416 |
|
DoS |
2021-12-21 |
2021-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. |
11 |
CVE-2021-45290 |
617 |
|
DoS |
2021-12-21 |
2022-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable. |
12 |
CVE-2021-45289 |
|
|
DoS |
2021-12-21 |
2021-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL. |
13 |
CVE-2021-45261 |
763 |
|
DoS |
2021-12-22 |
2021-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. |
14 |
CVE-2021-45105 |
20 |
|
DoS |
2021-12-18 |
2022-04-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. |
15 |
CVE-2021-45078 |
787 |
|
DoS Overflow |
2021-12-15 |
2022-03-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. |
16 |
CVE-2021-45042 |
|
|
DoS |
2021-12-17 |
2021-12-30 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8.6, and 1.9.x before 1.9.1, clusters using the Integrated Storage backend allowed an authenticated user (with write permissions to a kv secrets engine) to cause a panic and denial of service of the storage backend. The earliest affected version is 1.4.0. |
17 |
CVE-2021-44924 |
835 |
|
DoS |
2021-12-21 |
2021-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service. |
18 |
CVE-2021-44686 |
400 |
|
DoS |
2021-12-07 |
2022-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. |
19 |
CVE-2021-44429 |
120 |
|
DoS |
2021-11-29 |
2021-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145. |
20 |
CVE-2021-44428 |
120 |
|
DoS |
2021-11-29 |
2021-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1. |
21 |
CVE-2021-44199 |
427 |
|
DoS |
2021-11-29 |
2021-11-30 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612 |
22 |
CVE-2021-43976 |
|
|
DoS |
2021-11-17 |
2022-04-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). |
23 |
CVE-2021-43854 |
400 |
|
DoS |
2021-12-23 |
2022-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in PunktSentenceTokenizer, sent_tokenize and word_tokenize. Any users of this class, or these two functions, are vulnerable to the ReDoS attack. In short, a specifically crafted long input to any of these vulnerable functions will cause them to take a significant amount of execution time. If your program relies on any of the vulnerable functions for tokenizing unpredictable user input, then we would strongly recommend upgrading to a version of NLTK without the vulnerability. For users unable to upgrade the execution time can be bounded by limiting the maximum length of an input to any of the vulnerable functions. Our recommendation is to implement such a limit. |
24 |
CVE-2021-43843 |
400 |
|
DoS |
2021-12-20 |
2022-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service (ReDoS) attack. If an attacker can put a lot of JSX elements into `<blockquote>` tag _with including multibyte characters_, an internal regular expression for escaping characters may consume an excessive amount of computing resources. v4.5.1 passes the test against ASCII characters but misses the case of multibyte characters. jsx-slack v4.5.2 has updated regular expressions for escaping blockquote characters to prevent catastrophic backtracking. It is also including an updated test case to confirm rendering multiple tags in `<blockquote>` with multibyte characters. |
25 |
CVE-2021-43805 |
1333 |
|
DoS |
2021-12-07 |
2021-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential backtracking through a fragment like `a.a.` Versions 3.1.4, 3.0.4, and 2.11.13 have been patched to use a different regular expression. The maintainers added a check for email addresses that are no longer valid that will print information about any affected orders that exist. If a prompt upgrade is not an option, a workaround is available. It is possible to edit the file `config/application.rb` manually (with code provided by the maintainers in the GitHub Security Advisory) to check email validity. |
26 |
CVE-2021-43801 |
754 |
|
DoS |
2021-12-13 |
2021-12-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Mercurius is a GraphQL adapter for Fastify. Any users from [email protected] to 8.11.1 are subjected to a denial of service attack by sending a malformed JSON to `/graphql` unless they are using a custom error handler. The vulnerability has been fixed in https://github.com/mercurius-js/mercurius/pull/678 and shipped as v8.11.2. As a workaround users may use a custom error handler. |
27 |
CVE-2021-43668 |
476 |
|
DoS |
2021-11-18 |
2021-11-23 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal. |
28 |
CVE-2021-43638 |
190 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
29 |
CVE-2021-43637 |
120 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
30 |
CVE-2021-43519 |
674 |
|
DoS Overflow |
2021-11-09 |
2022-05-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. |
31 |
CVE-2021-43518 |
120 |
|
DoS Exec Code Overflow |
2021-12-15 |
2021-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution. |
32 |
CVE-2021-43471 |
521 |
|
DoS |
2021-12-06 |
2021-12-07 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability. |
33 |
CVE-2021-43246 |
400 |
|
DoS |
2021-12-15 |
2022-05-23 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Windows Hyper-V Denial of Service Vulnerability |
34 |
CVE-2021-43228 |
400 |
|
DoS |
2021-12-15 |
2022-05-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
SymCrypt Denial of Service Vulnerability |
35 |
CVE-2021-43219 |
400 |
|
DoS |
2021-12-15 |
2022-05-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
DirectX Graphics Kernel File Denial of Service Vulnerability |
36 |
CVE-2021-43204 |
|
|
DoS |
2021-12-09 |
2021-12-10 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
A improper control of a resource through its lifetime in Fortinet FortiClientWindows version 6.4.1 and 6.4.0, version 6.2.9 and below, version 6.0.10 and below allows attacker to cause a complete denial of service of its components via changes of directory access permissions. |
37 |
CVE-2021-43017 |
379 |
|
DoS |
2021-11-18 |
2022-02-02 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
Adobe Creative Cloud version 5.5 (and earlier) are affected by an Application denial of service vulnerability in the Creative Cloud Desktop installer. An authenticated attacker with root privileges could leverage this vulnerability to achieve denial of service by planting a malicious file on the victim's local machine. User interaction is required before product installation to abuse this vulnerability. |
38 |
CVE-2021-43006 |
190 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal DVM Tools <= v3.3.148.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
39 |
CVE-2021-43003 |
190 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal Windows zClient <= v3.2.8180.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
40 |
CVE-2021-43002 |
120 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal DVM Tools <= v3.3.148.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
41 |
CVE-2021-43000 |
120 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amzetta zPortal Windows zClient <= v3.2.8180.148 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
42 |
CVE-2021-42996 |
190 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 below 1.7.14110 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
43 |
CVE-2021-42994 |
120 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Donglify above 1.0.12309 below 1.7.14110 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
44 |
CVE-2021-42993 |
190 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
45 |
CVE-2021-42990 |
120 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x22001B in the FlexiHub For Windows above 2.0.4340 below 5.3.14268 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
46 |
CVE-2021-42988 |
120 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler 0x22001B in the USB Network Gate above 7.0.1370 below 9.2.2420 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
47 |
CVE-2021-42987 |
190 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler 0x22001B in the USB Network Gate above 7.0.1370 below 9.2.2420 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
48 |
CVE-2021-42986 |
190 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
49 |
CVE-2021-42983 |
120 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Client above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |
50 |
CVE-2021-42980 |
120 |
|
DoS Exec Code Overflow Mem. Corr. |
2021-12-07 |
2021-12-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. |