Total
3474 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2100 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.8 Medium |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848. | ||||
| CVE-2020-2039 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 5.3 Medium |
| An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uploading files until available disk space is exhausted. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. | ||||
| CVE-2020-29490 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Vsa Operating Environment, Emc Unity Xt Operating Environment | 2024-11-21 | 7.5 High |
| Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests. | ||||
| CVE-2020-29260 | 2 Debian, Libvncserver Project | 2 Debian Linux, Libvncserver | 2024-11-21 | 7.5 High |
| libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). | ||||
| CVE-2020-28944 | 1 Open-xchange | 1 Ox Guard | 2024-11-21 | 7.5 High |
| OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data. | ||||
| CVE-2020-28500 | 4 Lodash, Oracle, Redhat and 1 more | 25 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 22 more | 2024-11-21 | 5.3 Medium |
| Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. | ||||
| CVE-2020-28496 | 1 Three Project | 1 Three | 2024-11-21 | 7.5 High |
| This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = "rgb(" for (var i = 0; i < n; i++) { ret += " " } return ret + ""; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() - time; console.log(time_cost+" ms") | ||||
| CVE-2020-28493 | 3 Fedoraproject, Palletsprojects, Redhat | 4 Fedora, Jinja, Enterprise Linux and 1 more | 2024-11-21 | 5.3 Medium |
| This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. | ||||
| CVE-2020-28491 | 4 Fasterxml, Oracle, Quarkus and 1 more | 11 Jackson-dataformats-binary, Weblogic Server, Quarkus and 8 more | 2024-11-21 | 7.5 High |
| This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. | ||||
| CVE-2020-28469 | 3 Gulpjs, Oracle, Redhat | 8 Glob-parent, Communications Cloud Native Core Policy, Acm and 5 more | 2024-11-21 | 5.3 Medium |
| This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator. | ||||
| CVE-2020-28458 | 2 Datatables, Redhat | 3 Datatables.net, Rhev Hypervisor, Rhev Manager | 2024-11-21 | 7.3 High |
| All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806. | ||||
| CVE-2020-28200 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2024-11-21 | 4.3 Medium |
| The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. | ||||
| CVE-2020-27827 | 5 Fedoraproject, Lldpd Project, Openvswitch and 2 more | 28 Fedora, Lldpd, Openvswitch and 25 more | 2024-11-21 | 7.5 High |
| A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-27813 | 3 Debian, Gorillatoolkit, Redhat | 4 Debian Linux, Websocket, Container Native Virtualization and 1 more | 2024-11-21 | 7.5 High |
| An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections. | ||||
| CVE-2020-27782 | 1 Redhat | 8 Camel Quarkus, Integration, Jboss Enterprise Application Platform and 5 more | 2024-11-21 | 7.5 High |
| A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1. | ||||
| CVE-2020-27724 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 6.5 Medium |
| In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel. | ||||
| CVE-2020-27722 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 6.5 Medium |
| In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption. | ||||
| CVE-2020-27673 | 4 Debian, Linux, Opensuse and 1 more | 4 Debian Linux, Linux Kernel, Leap and 1 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. | ||||
| CVE-2020-27295 | 1 Honeywell | 1 Opc Ua Tunneller | 2024-11-21 | 7.5 High |
| The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233). | ||||
| CVE-2020-26652 | 2 Aircrack-ng, Realtek | 3 Aircrack-ng, Rtl8812au, Rtl8812au Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service. | ||||