Total
2764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27724 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel.
|
|||||
| CVE-2020-27722 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption.
|
|||||
| CVE-2020-27295 | 1 Honeywell | 1 Opc Ua Tunneller | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).
|
|||||
| CVE-2020-26652 | 1 Realtek | 2 Rtl8812au, Rtl8812au Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.
|
|||||
| CVE-2020-26409 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.
|
|||||
| CVE-2020-26302 | 1 Is.js Project | 1 Is.js | 2024-11-21 | N/A | 7.5 HIGH |
|
is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to loop “forever." This vulnerability was found using a CodeQL query which identifies inefficient regular expressions. is.js has no patch for this issue.
|
|||||
| CVE-2020-26289 | 1 Date-and-time Project | 1 Date-and-time | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2.
|
|||||
| CVE-2020-26264 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25.
|
|||||
| CVE-2020-26257 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which ...
Show More |
|||||
| CVE-2020-26256 | 1 C2fo | 1 Fast-csv | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
|
Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when using ignoreEmpty option when parsing. This has been patched in `v4.3.6` You will only be affected by this if you use the `ignoreEmpty` parsing option. If you do use this option it is recommended that you upgrade to the latest version `v4.3.6` This vulnerability was found using a ...
Show More |
|||||
| CVE-2020-26164 | 2 Kde, Opensuse | 3 Kdeconnect, Backports Sle, Leap | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
|
|||||
| CVE-2020-25673 | 3 Fedoraproject, Linux, Netapp | 22 Fedora, Linux Kernel, Active Iq Unified Manager and 19 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system.
|
|||||
| CVE-2020-25630 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.
|
|||||
| CVE-2020-25242 | 1 Siemens | 6 Simatic Net Cp 343-1 Advanced, Simatic Net Cp 343-1 Advanced Firmware, Simatic Net Cp 343-1 Lean and 3 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions). Specially crafted packets sent to TCP port 102 could cause a Denial-of-Service condition on the affected devices. A cold restart might be necessary in order to recover.
|
|||||
| CVE-2020-24686 | 1 Abb | 12 Pm554, Pm554 Firmware, Pm556 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet.
|
|||||
| CVE-2020-24573 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component.
|
|||||
| CVE-2020-24504 | 1 Intel | 10 Ethernet Network Adapter E810-cqda1, Ethernet Network Adapter E810-cqda1 For Ocp, Ethernet Network Adapter E810-cqda1 For Ocp 3.0 and 7 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2020-24089 | 2 Iobit, Microsoft | 2 Malware Fighter, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).
|
|||||
| CVE-2020-21573 | 1 Image-processing Project | 1 Image-processing | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discoverered in in abhijitnathwani image-processing v0.1.0, allows local attackers to cause a denial of service via a crafted image file.
|
|||||
| CVE-2020-21405 | 1 H96tvbox | 2 H96 Pro Plus, H96 Pro Plus Firmware | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.unk
|
|||||
| CVE-2020-20813 | 1 Openvpn | 1 Openvpn | 2024-11-21 | N/A | 7.5 HIGH |
|
Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.
|
|||||
| CVE-2020-20248 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
|
|||||
| CVE-2020-20230 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
|
|||||
| CVE-2020-20221 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
|
|||||
| CVE-2020-20217 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.
|
|||||
| CVE-2020-20021 | 1 Mikrotik | 1 Routeros | 2024-11-21 | N/A | 7.5 HIGH |
|
An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.
|
|||||
| CVE-2020-1950 | 4 Apache, Canonical, Debian and 1 more | 6 Tika, Ubuntu Linux, Debian Linux and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.
|
|||||
| CVE-2020-1903 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. This issue would have required the receiver to explicitly open the attachment if it was received from a number not in the receiver's WhatsApp contacts.
|
|||||
| CVE-2020-1901 | 1 Whatsapp | 1 Whatsapp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Receiving a large text message containing URLs in WhatsApp for iOS prior to v2.20.91.4 could have caused the application to freeze while processing the message.
|
|||||
| CVE-2020-1750 | 1 Redhat | 1 Machine-config-operator | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A flaw was found in the machine-config-operator that causes an OpenShift node to become unresponsive when a container consumes a large amount of memory. An attacker could use this flaw to deny access to schedule new pods in the OpenShift cluster. This was fixed in openshift/machine-config-operator 4.4.3, openshift/machine-config-operator 4.3.25, openshift/machine-config-operator 4.2.36.
|
|||||
| CVE-2020-1722 | 2 Freeipa, Redhat | 2 Freeipa, Enterprise Linux | 2024-11-21 | 5.4 MEDIUM | 5.3 MEDIUM |
|
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability.
|
|||||
| CVE-2020-1702 | 2 Containers-image Project, Redhat | 2 Containers-image, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.
|
|||||
| CVE-2020-1700 | 4 Canonical, Ceph, Opensuse and 1 more | 4 Ubuntu Linux, Ceph, Leap and 1 more | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system.
|
|||||
| CVE-2020-1689 | 1 Juniper | 6 Ex4300-mp, Junos, Qfx5100 and 3 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone configuration. The offending layer 2 frame packets can originate only from within the broadcast domain where the device is connected. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4 ...
Show More |
|||||
| CVE-2020-1687 | 1 Juniper | 1 Junos | 2024-11-21 | 2.9 LOW | 6.5 MEDIUM |
|
On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. This issue affects devices that are configured as a Layer 2 or Layer 3 gateway of an EVPN-VXLAN deployment. The offending layer 2 frames that cause the issue originate from a differen ...
Show More |
|||||
| CVE-2020-1684 | 1 Juniper | 1 Junos | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack is configured. Thus, this issue might occur when IDP, AppFW, AppQoS, or AppTrack is configured. This issue affects Juniper Networks Junos OS ...
Show More |
|||||
| CVE-2020-1678 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 2.9 LOW | 6.5 MEDIUM |
|
On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the "show task memory detail | match policy | match evpn" command multiple times to check if memory (Alloc Blocks value) is increasing. root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Mem ...
Show More |
|||||
| CVE-2020-1670 | 1 Juniper | 2 Ex4300, Junos | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. This issue occurs when the packets enter to the IRB interface. Only IPv4 packets can trigger this issue. IPv6 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS o ...
Show More |
|||||
| CVE-2020-1668 | 1 Juniper | 2 Ex2300, Junos | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. This issue occurs when multicast packets are received by the layer 2 interface. To check if the device has high CPU load due to this issue, the administrator can issue the following command: user@host> show chassis routing-engine Routing Engine status: ... Idle 2 percent the "Idle" value shows as low (2 % in the example ab ...
Show More |
|||||
| CVE-2020-1625 | 1 Juniper | 1 Junos | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps. This memory leak can affect running daemons (processes), leading to an extended Denial of Service (DoS) condition. Usage of "temp" virtual memory, shown here by a constantly increasing value of outstanding Requests, can be monitored by executing the 'show system virtual- ...
Show More |
|||||