Security
Headlines
HeadlinesLatestCVEs

Tag

#dos

CVE-2021-36349: DSA-2021-262: Dell EMC Data Protection Central Security Update for Multiple Security Vulnerabilities

Dell EMC Data Protection Central versions 19.5 and prior contain a Server Side Request Forgery vulnerability in the DPC DNS client processing. A remote malicious user could potentially exploit this vulnerability, allowing port scanning of external hosts.

CVE
Open in Source
#vulnerability#dos#apache
CVE-2022-21708: Denial of Service caused by a bug in the MaxDepth schema option

graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended.

CVE-2021-39480: memory allocation of 18446744073709551610 bytes failed[1] · Issue #30 · m4b/bingrep

Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS).

CVE-2022-23837: Validate `days` parameter to avoid possible DoS in Web UI · sidekiq/sidekiq@7785ac1

In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.

CVE-2021-46313: A segmentation fault in MP4Box · Issue #2039 · gpac/gpac

The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46311: Null Pointer Dereference in gf_sg_destroy_routes()at scenegraph/vrml_route.c:126 · Issue #2038 · gpac/gpac

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46244: Divide By Zero in H5T__complete_copy () at /hdf5/src/H5T.c:3613 · Issue #1327 · HDFGroup/hdf5

A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).

CVE-2021-46234: Null Pointer Dereference in gf_node_unregister () at scenegraph/base_scenegraph.c:682 · Issue #2023 · gpac/gpac

A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46239: Invalid free in MP4Box · Issue #2026 · gpac/gpac

The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS).

CVE-2021-46238: stack overflow in gf_node_get_name () at scenegraph/base_scenegraph.c:1293 · Issue #2027 · gpac/gpac

GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service (DoS).