Total
2764 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1600 | 1 Juniper | 1 Junos | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D90; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 1 ...
Show More |
|||||
| CVE-2020-19726 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.
|
|||||
| CVE-2020-16850 | 1 Mitsubishielectric | 38 R00cpu, R00cpu Firmware, R01cpu and 35 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2.
|
|||||
| CVE-2020-15783 | 1 Siemens | 24 Simatic S7-300 Cpu 312, Simatic S7-300 Cpu 312 Firmware, Simatic S7-300 Cpu 314 and 21 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
A vulnerability has been identified in SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC TDC CPU555 (All versions), SINUMERIK 840D sl (All versions). Sending multiple specially crafted packets to the affected devices could cause a Denial-of-Service on port 102. A cold restart is required to recover the service.
|
|||||
| CVE-2020-15565 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 6.1 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in ...
Show More |
|||||
| CVE-2020-15166 | 3 Debian, Fedoraproject, Zeromq | 3 Debian Linux, Fedora, Libzmq | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.
|
|||||
| CVE-2020-15114 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
|
In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway.
|
|||||
| CVE-2020-15101 | 1 Schokokeks | 1 Freewvs | 2024-11-21 | 4.0 MEDIUM | 2.8 LOW |
|
In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. This has been patched in 0.1.1.
|
|||||
| CVE-2020-15100 | 1 Schokokeks | 1 Freewvs | 2024-11-21 | 2.1 LOW | 2.8 LOW |
|
In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1.
|
|||||
| CVE-2020-14522 | 1 Softing | 1 Opc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition.
|
|||||
| CVE-2020-14384 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jbossweb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability.
|
|||||
| CVE-2020-14340 | 2 Oracle, Redhat | 14 Communications Cloud Native Core Console, Communications Cloud Native Core Network Repository Function, Communications Cloud Native Core Policy and 11 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.
|
|||||
| CVE-2020-14326 | 2 Netapp, Redhat | 3 Oncommand Insight, Integration Camel K, Resteasy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.
|
|||||
| CVE-2020-14297 | 1 Redhat | 6 Amq, Jboss-ejb-client, Jboss Enterprise Application Platform Continuous Delivery and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.
|
|||||
| CVE-2020-14190 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4.
|
|||||
| CVE-2020-14152 | 2 Debian, Ijg | 2 Debian Linux, Libjpeg | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.
|
|||||
| CVE-2020-13949 | 2 Apache, Oracle | 4 Hive, Thrift, Communications Cloud Native Core Network Slice Selection Function and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
|
|||||
| CVE-2020-13849 | 1 Mqtt | 1 Mqtt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.
|
|||||
| CVE-2020-13815 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference.
|
|||||
| CVE-2020-13809 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.
|
|||||
| CVE-2020-13623 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.
|
|||||
| CVE-2020-13354 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9.
|
|||||
| CVE-2020-13349 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
|
|||||
| CVE-2020-13333 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.
|
|||||
| CVE-2020-13281 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
|
|||||
| CVE-2020-13280 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.
|
|||||
| CVE-2020-13238 | 1 Mitsubishielectric | 42 Melsec Iq-r00cpu, Melsec Iq-r00cpu Firmware, Melsec Iq-r01cpu and 39 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.
|
|||||
| CVE-2020-12739 | 1 Fanuc | 32 Power Motion I-model A, Power Motion I-model A Firmware, Series 0i-mate D and 29 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices.
|
|||||
| CVE-2020-12667 | 1 Nic | 1 Knot Resolver | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
|
|||||
| CVE-2020-12662 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
|
|||||
| CVE-2020-12603 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames.
|
|||||
| CVE-2020-12524 | 1 Phoenixcontact | 6 Btp 2043w, Btp 2043w Firmware, Btp 2070w and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service).
|
|||||
| CVE-2020-12516 | 1 Wago | 20 750-331, 750-331 Firmware, 750-352 and 17 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack.
|
|||||
| CVE-2020-12296 | 1 Intel | 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2020-12291 | 1 Intel | 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2020-11937 | 1 Canonical | 2 Ubuntu Linux, Whoopsie | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. The DoS is caused by resource exhaustion due to a memory leak. Fixed in 0.2.52.5ubuntu0.5, 0.2.62ubuntu0.5 and 0.2.69ubuntu0.1.
|
|||||
| CVE-2020-11645 | 1 Br-automation | 6 Gatemanager 4260, Gatemanager 4260 Firmware, Gatemanager 8250 and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances.
|
|||||
| CVE-2020-11270 | 1 Qualcomm | 830 Aqt1000, Aqt1000 Firmware, Ar7420 and 827 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
|
|||||
| CVE-2020-11090 | 1 Linuxfoundation | 1 Indy-node | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3.
|
|||||
| CVE-2020-11080 | 6 Debian, Fedoraproject, Nghttp2 and 3 more | 10 Debian Linux, Fedora, Nghttp2 and 7 more | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
|
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame ...
Show More |
|||||