CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2021(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-34555 DoS 2021-06-10 2021-06-10
0.0
None ??? ??? ??? ??? ??? ???
OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.
2 CVE-2021-33840 400 DoS 2021-06-04 2021-06-07
5.0
None Remote Low Not required None None Partial
The server in Luca through 1.1.14 allows remote attackers to cause a denial of service (insertion of many fake records related to COVID-19) because Phone Number data lacks a digital signature.
3 CVE-2021-33620 20 DoS 2021-05-28 2021-06-11
4.0
None Remote Low ??? None None Partial
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
4 CVE-2021-33574 416 DoS 2021-05-25 2021-06-03
7.5
None Remote Low Not required Partial Partial Partial
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
5 CVE-2021-33502 DoS 2021-05-24 2021-06-11
5.0
None Remote Low Not required None None Partial
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
6 CVE-2021-33500 DoS 2021-05-21 2021-05-27
5.0
None Remote Low Not required None None Partial
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons.
7 CVE-2021-33194 835 DoS 2021-05-26 2021-06-11
5.0
None Remote Low Not required None None Partial
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
8 CVE-2021-33176 DoS 2021-06-08 2021-06-08
0.0
None ??? ??? ??? ??? ??? ???
VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.
9 CVE-2021-33175 DoS 2021-06-08 2021-06-08
0.0
None ??? ??? ??? ??? ??? ???
EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by the operating system.
10 CVE-2021-32666 20 DoS 2021-06-03 2021-06-11
4.0
None Remote Low ??? None None Partial
wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has an invalid assetID for their profile picture and it contains the " character, it will cause the iOS client to crash. The vulnerability is patched in wire-ios version 3.8.1.
11 CVE-2021-32642 20 DoS 2021-05-28 2021-06-10
7.5
None Remote Low Not required Partial Partial Partial
radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy.
12 CVE-2021-32617 400 DoS 2021-05-17 2021-06-10
4.3
None Remote Medium Not required None None Partial
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An inefficient algorithm (quadratic complexity) was found in Exiv2 versions v0.27.3 and earlier. The inefficient algorithm is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a crafted image file. The bug is fixed in version v0.27.4. Note that this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as `rm`.
13 CVE-2021-32455 400 DoS 2021-05-17 2021-05-24
6.1
None Local Network Low Not required None None Complete
SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access to the device┬┤s network to cause a denial of service condition on the device. An attacker could exploit this vulnerability by sending HTTP requests massively.
14 CVE-2021-32238 787 DoS Exec Code Overflow 2021-05-18 2021-05-25
9.3
None Remote Medium Not required Complete Complete Complete
Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Overflow. Stack-based buffer overflow occurs when Rocket League handles UPK object files that can result in code execution and denial of service scenario.
15 CVE-2021-31978 DoS 2021-06-08 2021-06-11
2.1
None Local Low Not required None None Partial
Microsoft Defender Denial of Service Vulnerability
16 CVE-2021-31977 DoS 2021-06-08 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
Windows Hyper-V Denial of Service Vulnerability
17 CVE-2021-31974 DoS 2021-06-08 2021-06-11
5.0
None Remote Low Not required None None Partial
Server for NFS Denial of Service Vulnerability
18 CVE-2021-31968 DoS 2021-06-08 2021-06-11
5.0
None Remote Low Not required None None Partial
Windows Remote Desktop Services Denial of Service Vulnerability
19 CVE-2021-31957 DoS 2021-06-08 2021-06-09
0.0
None ??? ??? ??? ??? ??? ???
ASP.NET Denial of Service Vulnerability
20 CVE-2021-31876 863 DoS 2021-05-13 2021-05-26
6.4
None Remote Low Not required None Partial Partial
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff, spending an unconfirmed parent with nSequence <= 0xff_ff_ff_fd, should be replaceable because there is inherited signaling by the child transaction. However, the actual PreChecks implementation does not enforce this. Instead, mempool rejects the replacement attempt of the unconfirmed child transaction.
21 CVE-2021-31808 20 DoS 2021-05-27 2021-06-11
4.0
None Remote Low ??? None None Partial
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
22 CVE-2021-31807 DoS Overflow 2021-06-08 2021-06-11
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
23 CVE-2021-31806 116 DoS 2021-05-27 2021-06-11
4.0
None Remote Low ??? None None Partial
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
24 CVE-2021-31784 787 DoS Exec Code 2021-04-26 2021-05-04
7.5
None Remote Low Not required Partial Partial Partial
An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.
25 CVE-2021-31684 787 DoS 2021-06-01 2021-06-10
5.0
None Remote Low Not required None None Partial
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
26 CVE-2021-31642 190 DoS Overflow 2021-06-01 2021-06-08
6.8
None Remote Low ??? None None Complete
A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device.
27 CVE-2021-31553 428 DoS 2021-04-22 2021-04-22
6.4
None Remote Low Not required None Partial Partial
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example, the attacker could turn off Special:CheckUserLog and thus interfere with usage tracking.
28 CVE-2021-31525 674 DoS 2021-05-27 2021-06-11
2.6
None Remote High Not required None None Partial
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
29 CVE-2021-31262 476 DoS 2021-04-19 2021-04-21
4.3
None Remote Medium Not required None None Partial
The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
30 CVE-2021-31260 476 DoS 2021-04-19 2021-04-21
4.3
None Remote Medium Not required None None Partial
The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
31 CVE-2021-31259 476 DoS 2021-04-19 2021-04-21
4.3
None Remote Medium Not required None None Partial
The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
32 CVE-2021-31258 476 DoS 2021-04-19 2021-04-21
4.3
None Remote Medium Not required None None Partial
The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
33 CVE-2021-31257 476 DoS 2021-04-19 2021-04-21
4.3
None Remote Medium Not required None None Partial
The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.
34 CVE-2021-31255 120 DoS Exec Code Overflow 2021-04-19 2021-04-21
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.
35 CVE-2021-31254 787 DoS Exec Code Overflow 2021-04-19 2021-04-22
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes.
36 CVE-2021-31185 DoS 2021-05-11 2021-05-17
2.1
None Local Low Not required None None Partial
Windows Desktop Bridge Denial of Service Vulnerability
37 CVE-2021-30501 20 DoS 2021-05-27 2021-06-08
4.3
None Remote Medium Not required None None Partial
An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.
38 CVE-2021-30500 476 DoS Exec Code 2021-05-27 2021-06-08
6.8
None Remote Medium Not required Partial Partial Partial
Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.
39 CVE-2021-30496 DoS 2021-04-20 2021-04-24
3.5
None Remote Medium ??? None None Partial
The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework.
40 CVE-2021-30469 416 DoS 2021-05-26 2021-06-08
4.3
None Remote Medium Not required None None Partial
A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.
41 CVE-2021-30464 400 DoS 2021-04-20 2021-04-23
5.0
None Remote Low Not required None None Partial
OMICRON StationGuard before 1.10 allows remote attackers to cause a denial of service (connectivity outage) via crafted tcp/20499 packets to the CTRL Ethernet port.
42 CVE-2021-30356 DoS 2021-04-22 2021-04-27
5.5
None Remote Low ??? None Partial Partial
A denial of service vulnerability was reported in Check Point Identity Agent before R81.018.0000, which could allow low privileged users to overwrite protected system files.
43 CVE-2021-30046 755 DoS 2021-04-06 2021-04-19
4.3
None Remote Medium Not required None None Partial
VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service.
44 CVE-2021-30027 DoS 2021-04-29 2021-04-29
0.0
None ??? ??? ??? ??? ??? ???
md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document.
45 CVE-2021-29932 400 DoS 2021-04-01 2021-04-05
5.0
None Remote Low Not required None None Partial
An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent.
46 CVE-2021-29650 DoS 2021-03-30 2021-04-05
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.
47 CVE-2021-29629 20 DoS 2021-05-28 2021-06-10
5.0
None Remote Low Not required None None Partial
In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively.
48 CVE-2021-29617 755 DoS 2021-05-14 2021-05-17
2.1
None Local Low Not required None None Partial
TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service via `CHECK`-fail in `tf.strings.substr` with invalid arguments. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
49 CVE-2021-29611 20 DoS 2021-05-14 2021-05-18
2.1
None Local Low Not required None None Partial
TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseReshape` results in a denial of service based on a `CHECK`-failure. The implementation(https://github.com/tensorflow/tensorflow/blob/e87b51ce05c3eb172065a6ea5f48415854223285/tensorflow/core/kernels/sparse_reshape_op.cc#L40) has no validation that the input arguments specify a valid sparse tensor. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2 and TensorFlow 2.3.3, as these are the only affected versions.
50 CVE-2021-29584 190 DoS Overflow 2021-05-14 2021-05-20
2.1
None Local Low Not required None None Partial
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a `CHECK`-fail in caused by an integer overflow in constructing a new tensor shape. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/0908c2f2397c099338b901b067f6495a5b96760b/tensorflow/core/kernels/sparse_split_op.cc#L66-L70) builds a dense shape without checking that the dimensions would not result in overflow. The `TensorShape` constructor(https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L183-L188) uses a `CHECK` operation which triggers when `InitDims`(https://github.com/tensorflow/tensorflow/blob/6f9896890c4c703ae0a0845394086e2e1e523299/tensorflow/core/framework/tensor_shape.cc#L212-L296) returns a non-OK status. This is a legacy implementation of the constructor and operations should use `BuildTensorShapeBase` or `AddDimWithStatus` to prevent `CHECK`-failures in the presence of overflows. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
Total number of vulnerabilities : 854   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.