Total
3426 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25252 | 7 Apple, Emc, Linux and 4 more | 25 Macos, Celerra Network Attached Storage, Linux Kernel and 22 more | 2024-11-21 | 5.5 Medium |
| Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file. | ||||
| CVE-2021-25227 | 1 Trendmicro | 1 Antivirus | 2024-11-21 | 3.3 Low |
| Trend Micro Antivirus for Mac 2021 (Consumer) is vulnerable to a memory exhaustion vulnerability that could lead to disabling all the scanning functionality within the application. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability - i.e. the attacker must already have access to the target system (either legitimately or via another exploit). | ||||
| CVE-2021-25226 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 5.5 Medium |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scan engine component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-25225 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 5.5 Medium |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a scheduled scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-25224 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 5.5 Medium |
| A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-24893 | 1 Stars Rating Project | 1 Stars Rating | 2024-11-21 | 7.5 High |
| The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated. | ||||
| CVE-2021-23852 | 1 Bosch | 10 Cpp13, Cpp13 Firmware, Cpp4 and 7 more | 2024-11-21 | 4.9 Medium |
| An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS). | ||||
| CVE-2021-23437 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 7.5 High |
| The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. | ||||
| CVE-2021-23425 | 2 Redhat, Trim-off-newlines Project | 2 Rhev Manager, Trim-off-newlines | 2024-11-21 | 5.3 Medium |
| All versions of package trim-off-newlines are vulnerable to Regular Expression Denial of Service (ReDoS) via string processing. | ||||
| CVE-2021-23424 | 1 Ansi-html Project | 1 Ansi-html | 2024-11-21 | 7.5 High |
| This affects all versions of package ansi-html. If an attacker provides a malicious string, it will get stuck processing the input for an extremely long time. | ||||
| CVE-2021-23413 | 1 Jszip Project | 1 Jszip | 2024-11-21 | 5.3 Medium |
| This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance. | ||||
| CVE-2021-23382 | 2 Postcss, Redhat | 4 Postcss, Acm, Openshift and 1 more | 2024-11-21 | 5.3 Medium |
| The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/\*\s* sourceMappingURL=(.*). | ||||
| CVE-2021-23368 | 2 Postcss, Redhat | 4 Postcss, Acm, Openshift and 1 more | 2024-11-21 | 5.3 Medium |
| The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing. | ||||
| CVE-2021-23364 | 2 Browserslist Project, Redhat | 3 Browserslist, Acm, Quay | 2024-11-21 | 5.3 Medium |
| The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries. | ||||
| CVE-2021-23362 | 3 Npmjs, Redhat, Siemens | 7 Hosted-git-info, Acm, Enterprise Linux and 4 more | 2024-11-21 | 5.3 Medium |
| The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity. | ||||
| CVE-2021-23346 | 2 Html-parse-stringify Project, Redhat | 2 Html-parse-stringify, Acm | 2024-11-21 | 4.8 Medium |
| This affects the package html-parse-stringify before 2.0.1; all versions of package html-parse-stringify2. Sending certain input could cause one of the regular expressions that is used for parsing to backtrack, freezing the process. | ||||
| CVE-2021-23343 | 2 Path-parse Project, Redhat | 7 Path-parse, Acm, Advanced Cluster Security and 4 more | 2024-11-21 | 5.3 Medium |
| All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity. | ||||
| CVE-2021-23341 | 1 Prismjs | 1 Prism | 2024-11-21 | 7.5 High |
| The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components. | ||||
| CVE-2021-23215 | 3 Debian, Fedoraproject, Openexr | 3 Debian Linux, Fedora, Openexr | 2024-11-21 | 5.5 Medium |
| An integer overflow leading to a heap-buffer overflow was found in the DwaCompressor of OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR. | ||||
| CVE-2021-23053 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2024-11-21 | 5.3 Medium |
| On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||