Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-25224

Summary
Assigner-trendmicro
Assigner Org ID-7f7bd7df-cffe-4fdb-ab6d-859363b89272
Published At-27 Jan, 2021 | 19:10
Updated At-03 Aug, 2024 | 19:56
Rejected At-
Credits

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:trendmicro
Assigner Org ID:7f7bd7df-cffe-4fdb-ab6d-859363b89272
Published At:27 Jan, 2021 | 19:10
Updated At:03 Aug, 2024 | 19:56
Rejected At:
▼CVE Numbering Authority (CNA)

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Affected Products
Vendor
Trend Micro IncorporatedTrend Micro
Product
Trend Micro ServerProtect for Linux
Versions
Affected
  • 3.0
Problem Types
TypeCWE IDDescription
textN/AMemory Exhaustion DOS
Type: text
CWE ID: N/A
Description: Memory Exhaustion DOS
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://success.trendmicro.com/solution/000284207
x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-085/
x_refsource_MISC
Hyperlink: https://success.trendmicro.com/solution/000284207
Resource:
x_refsource_MISC
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-085/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://success.trendmicro.com/solution/000284207
x_refsource_MISC
x_transferred
https://www.zerodayinitiative.com/advisories/ZDI-21-085/
x_refsource_MISC
x_transferred
Hyperlink: https://success.trendmicro.com/solution/000284207
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-085/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@trendmicro.com
Published At:27 Jan, 2021 | 19:15
Updated At:01 Feb, 2021 | 19:20

A memory exhaustion vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow a local attacker to craft specific files that can cause a denial-of-service on the affected product. The specific flaw exists within a manual scan component. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
Trend Micro Incorporated
trendmicro
>>serverprotect>>3.0
cpe:2.3:a:trendmicro:serverprotect:3.0:*:*:*:*:linux:*:*
Weaknesses
CWE IDTypeSource
CWE-400Primarynvd@nist.gov
CWE ID: CWE-400
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://success.trendmicro.com/solution/000284207security@trendmicro.com
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-085/security@trendmicro.com
Third Party Advisory
VDB Entry
Hyperlink: https://success.trendmicro.com/solution/000284207
Source: security@trendmicro.com
Resource:
Patch
Vendor Advisory
Hyperlink: https://www.zerodayinitiative.com/advisories/ZDI-21-085/
Source: security@trendmicro.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

155Records found
CVE-2024-50354
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.63%
||
7 Day CHG~0.00%
Published-31 Oct, 2024 | 15:59
Updated-01 Nov, 2024 | 12:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out-of-memory during deserialization with crafted inputs

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory.

Action-Not Available
Vendor-Consensysconsensys
Product-gnarkgnark
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-32699
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.13% / 33.37%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 19:20
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings

Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based workaround for impacted versions of the software. Users running customized versions of this software can manually set a PID limit for containers created.

Action-Not Available
Vendor-Pterodactyl
Product-wingswings
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2013-4175
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.84%
||
7 Day CHG~0.00%
Published-23 Jan, 2020 | 14:17
Updated-06 Aug, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySecureShell 1.31 has a Local Denial of Service Vulnerability

Action-Not Available
Vendor-mysecureshell_projectMySecureShell
Product-mysecureshellMySecureShell
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-0238
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.83%
||
7 Day CHG~0.00%
Published-22 Apr, 2021 | 19:37
Updated-16 Sep, 2024 | 23:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: MX Series: Executing CLI command repetitively may cause the system to run out of disk space

When a MX Series is configured as a Broadband Network Gateway (BNG) based on Layer 2 Tunneling Protocol (L2TP), executing certain CLI command may cause the system to run out of disk space, excessive disk usage may cause other complications. An administrator can use the following CLI command to monitor the available disk space: user@device> show system storage Filesystem Size Used Avail Capacity Mounted on /dev/gpt/junos 19G 18G 147M 99% /.mount <<<<< running out of space tmpfs 21G 16K 21G 0% /.mount/tmp tmpfs 5.3G 1.7M 5.3G 0% /.mount/mfs This issue affects Juniper Networks Junos OS on MX Series: 17.3R1 and later versions prior to 17.4R3-S5, 18.1 versions prior to 18.1R3-S13, 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S7; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R3-S2; 19.4 versions prior to 19.4R2-S4, 19.4R3-S2; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R2-S3, 20.2R3; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R1-S1, 20.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 17.3R1.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-mx2010mx5mx2008mx960mx10000mx204mx480mx104mx150junosmx10mx80mx40mx2020mx10003Junos OS
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2020-9203
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-3.3||LOW
EPSS-0.02% / 4.34%
||
7 Day CHG~0.00%
Published-13 Jan, 2021 | 22:01
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-p30_firmwarep30HUAWEI P30
CWE ID-CWE-400
Uncontrolled Resource Consumption
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found