Total
2764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9702 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.
|
|||||
| CVE-2020-9611 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service.
|
|||||
| CVE-2020-9481 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack.
|
|||||
| CVE-2020-9464 | 1 Beckhoff | 2 Bk9000, Bk9000 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP Bus Coupler BK9000. After an attack has occurred, the device's functionality can be restored by rebooting.
|
|||||
| CVE-2020-9369 | 3 Debian, Fedoraproject, Sympa | 3 Debian Linux, Fedora, Sympa | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
|
|||||
| CVE-2020-9203 | 1 Huawei | 2 P30, P30 Firmware | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience.
|
|||||
| CVE-2020-9060 | 4 Aeotec, Fibaro, Silabs and 1 more | 6 Zw090-a, Fgwpb-111, 500 Series Firmware and 3 more | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
|
Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.
|
|||||
| CVE-2020-9059 | 2 Schlage, Silabs | 2 Be468, 500 Series Firmware | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
|
Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level.
|
|||||
| CVE-2020-9000 | 1 Iportalis | 1 Iportalis Control Portal | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in iPortalis iCS 7.1.13.0. Attackers can send a sequence of requests to rapidly cause .NET Input Validation errors. This increases the size of the log file on the remote server until memory is exhausted, therefore consuming the maximum amount of resources (triggering a denial of service condition).
|
|||||
| CVE-2020-8992 | 4 Canonical, Linux, Netapp and 1 more | 11 Ubuntu Linux, Linux Kernel, Active Iq Unified Manager and 8 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.
|
|||||
| CVE-2020-8663 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections.
|
|||||
| CVE-2020-8661 | 2 Cncf, Redhat | 2 Envoy, Openshift Service Mesh | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipelined requests.
|
|||||
| CVE-2020-8616 | 2 Debian, Isc | 2 Debian Linux, Bind | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
|
A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this be ...
Show More |
|||||
| CVE-2020-8557 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.
|
|||||
| CVE-2020-8492 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
|
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
|
|||||
| CVE-2020-8299 | 1 Citrix | 17 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 14 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance.
|
|||||
| CVE-2020-8295 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.
|
|||||
| CVE-2020-8293 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.
|
|||||
| CVE-2020-8277 | 4 C-ares Project, Fedoraproject, Nodejs and 1 more | 8 C-ares, Fedora, Node.js and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.
|
|||||
| CVE-2020-8251 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.
|
|||||
| CVE-2020-8246 | 1 Citrix | 5 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.
|
|||||
| CVE-2020-8237 | 1 Json-bigint Project | 1 Json-bigint | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.
|
|||||
| CVE-2020-8229 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
|
|||||
| CVE-2020-8220 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS.
|
|||||
| CVE-2020-8192 | 1 Fastify | 1 Fastify | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.
|
|||||
| CVE-2020-8185 | 2 Fedoraproject, Rubyonrails | 2 Fedora, Rails | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
|
|||||
| CVE-2020-8175 | 1 Jpeg-js Project | 1 Jpeg-js | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image.
|
|||||
| CVE-2020-8136 | 1 Fastify | 1 Fastify-multipart | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request.
|
|||||
| CVE-2020-8123 | 1 Strapi | 1 Strapi | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.
|
|||||
| CVE-2020-7779 | 1 Djvalidator Project | 1 Djvalidator | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.
|
|||||
| CVE-2020-7767 | 1 Express-validators Project | 1 Express-validators | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls.
|
|||||
| CVE-2020-7760 | 2 Codemirror, Oracle | 6 Codemirror, Application Express, Enterprise Manager Express User Interface and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*
|
|||||
| CVE-2020-7753 | 1 Trim Project | 1 Trim | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
|
|||||
| CVE-2020-7733 | 2 Oracle, Ua-parser-js Project | 2 Communications Cloud Native Core Network Function Cloud Native Environment, Ua-parser-js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA.
|
|||||
| CVE-2020-7661 | 1 Url-regex Project | 1 Url-regex | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service.
|
|||||
| CVE-2020-7587 | 1 Siemens | 13 Opcenter Execution Discrete, Opcenter Execution Foundation, Opcenter Execution Process and 10 more | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 ...
Show More |
|||||
| CVE-2020-7584 | 1 Siemens | 4 Simatic S7-200 Smart Sr Cpu, Simatic S7-200 Smart Sr Cpu Firmware, Simatic S7-200 Smart St Cpu and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability has been identified in SIMATIC S7-200 SMART CPU family (All versions >= V2.2 < V2.5.1). Affected devices do not properly handle large numbers of new incomming connections and could crash under certain circumstances. An attacker may leverage this to cause a Denial-of-Service situation.
|
|||||
| CVE-2020-7507 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service.
|
|||||
| CVE-2020-7486 | 1 Schneider-electric | 12 Tricon Tcm 4351, Tricon Tcm 4351 Firmware, Tricon Tcm 4351a and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this behavior.
|
|||||
| CVE-2020-7212 | 1 Python | 1 Urllib3 | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings w ...
Show More |
|||||