CVE & Exploit Intelligence Database

CVE-2021-40114 6.8 MEDIUM EPSS 0.03

Multiple Cisco products are affected by a vulnerability in the way the Snort detection engine processes ICMP traffic that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper memory resource management while the Snort detection engine is processing ICMP packets. An attacker could exploit this vulnerability by sending a series of ICMP packets through an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device, causing the device to reload.

CWE-770 Oct 27, 2021

CVE-2021-34792 8.6 HIGH EPSS 0.00

A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management when connection rates are high. An attacker could exploit this vulnerability by opening a significant number of connections on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CWE-401 Oct 27, 2021

CVE-2021-41145 8.6 HIGH EPSS 0.01

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. FreeSWITCH prior to version 1.10.7 is susceptible to Denial of Service via SIP flooding. When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion. By abusing this vulnerability, an attacker is able to crash any FreeSWITCH instance by flooding it with SIP messages, leading to Denial of Service. The attack does not require authentication and can be carried out over UDP, TCP or TLS. This issue was patched in version 1.10.7.

CWE-401 Oct 25, 2021

CVE-2021-31367 6.5 MEDIUM EPSS 0.00

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Service (DoS) by sending genuine BGP flowspec packets which cause an FPC heap memory leak. Once having run out of memory the FPC will crash and restart along with a core dump. Continued receipted of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos Evolved is not affected.

CWE-401 Oct 19, 2021

CVE-2021-30844 7.5 HIGH EPSS 0.01

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory.

CWE-401 Oct 19, 2021

CVE-2020-22679 5.5 MEDIUM EPSS 0.00

Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.

CWE-401 Oct 12, 2021

CVE-2020-22673 5.5 MEDIUM EPSS 0.00

Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.

CWE-401 Oct 12, 2021

CVE-2021-34698 8.6 HIGH EPSS 0.01

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper memory management in the proxy service of an affected device. An attacker could exploit this vulnerability by establishing a large number of HTTPS connections to the affected device. A successful exploit could allow the attacker to cause the system to stop processing new connections, which could result in a DoS condition. Note: Manual intervention may be required to recover from this situation.

CWE-401 Oct 06, 2021

CVE-2020-20665 7.5 HIGH EPSS 0.00

rudp v0.6 was discovered to contain a memory leak in the component main.c.

CWE-401 Sep 30, 2021

CVE-2021-34740 7.4 HIGH EPSS 0.00

A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device.

CWE-401 Sep 23, 2021

CVE-2021-33365 5.5 MEDIUM 1 Writeup EPSS 0.00

Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

CWE-401 Sep 13, 2021

CVE-2021-33363 5.5 MEDIUM 1 Writeup EPSS 0.00

Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

CWE-401 Sep 13, 2021

CVE-2021-33361 5.5 MEDIUM 1 Writeup EPSS 0.00

Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

CWE-401 Sep 13, 2021

CVE-2021-33366 5.5 MEDIUM 1 Writeup EPSS 0.00

Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

CWE-401 Sep 13, 2021

CVE-2021-33364 5.5 MEDIUM 1 Writeup EPSS 0.00

Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.

CWE-401 Sep 13, 2021

CVE-2021-39176 7.5 HIGH 1 Writeup EPSS 0.01

detect-character-encoding is a package for detecting character encoding using ICU. In detect-character-encoding v0.3.0 and earlier, allocated memory is not released. The problem has been patched in detect-character-encoding v0.3.1.

CWE-401 Aug 31, 2021

CVE-2021-39282 7.5 HIGH EPSS 0.00

Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.

CWE-401 Aug 18, 2021

CVE-2021-22424 5.5 MEDIUM EPSS 0.00

A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service.

CWE-401 Aug 03, 2021

CVE-2021-34431 6.5 MEDIUM EPSS 0.00

In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client that had connected with MQTT v5 sent a crafted CONNECT message to the broker a memory leak would occur, which could be used to provide a DoS attack against the broker.

CWE-401 Jul 22, 2021

CVE-2021-25701 5.5 MEDIUM EPSS 0.00

The fUSBHub driver in the PCoIP Software Client prior to version 21.07.0 had an error in object management during the handling of a variety of IOCTLs, which allowed an attacker to cause a denial of service.

CWE-401 Jul 21, 2021