Total
2877 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35498 | 4 Debian, Fedoraproject, Openvswitch and 1 more | 5 Debian Linux, Fedora, Openvswitch and 2 more | 2024-08-04 | 7.5 High |
| A vulnerability was found in openvswitch. A limitation in the implementation of userspace packet parsing can allow a malicious user to send a specially crafted packet causing the resulting megaflow in the kernel to be too wide, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-35534 | 1 Libraw | 1 Libraw | 2024-08-04 | 5.5 Medium |
| In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files. | ||||
| CVE-2020-35510 | 1 Redhat | 5 Jboss-remoting, Jboss Enterprise Application Platform, Jboss Fuse and 2 more | 2024-08-04 | 5.9 Medium |
| A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-35233 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-08-04 | 6.5 Medium |
| The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack. | ||||
| CVE-2020-35210 | 1 Atomix | 1 Atomix | 2024-08-04 | 6.5 Medium |
| A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages. | ||||
| CVE-2020-35213 | 1 Atomix | 1 Atomix | 2024-08-04 | 8.1 High |
| An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node. | ||||
| CVE-2020-29651 | 3 Fedoraproject, Oracle, Pytest | 3 Fedora, Zfs Storage Appliance Kit, Py | 2024-08-04 | 7.5 High |
| A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. | ||||
| CVE-2020-29260 | 2 Debian, Libvncserver Project | 2 Debian Linux, Libvncserver | 2024-08-04 | 7.5 High |
| libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). | ||||
| CVE-2020-28944 | 1 Open-xchange | 1 Ox Guard | 2024-08-04 | 7.5 High |
| OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data. | ||||
| CVE-2020-28200 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2024-08-04 | 4.3 Medium |
| The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. | ||||
| CVE-2020-27813 | 3 Debian, Gorillatoolkit, Redhat | 4 Debian Linux, Websocket, Container Native Virtualization and 1 more | 2024-08-04 | 7.5 High |
| An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections. | ||||
| CVE-2020-27827 | 5 Fedoraproject, Lldpd Project, Openvswitch and 2 more | 28 Fedora, Lldpd, Openvswitch and 25 more | 2024-08-04 | 7.5 High |
| A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-27782 | 1 Redhat | 7 Camel Quarkus, Integration, Jboss Enterprise Application Platform and 4 more | 2024-08-04 | 7.5 High |
| A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1. | ||||
| CVE-2020-27722 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-08-04 | 6.5 Medium |
| In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption. | ||||
| CVE-2020-27724 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-08-04 | 6.5 Medium |
| In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel. | ||||
| CVE-2020-27673 | 4 Debian, Linux, Opensuse and 1 more | 4 Debian Linux, Linux Kernel, Leap and 1 more | 2024-08-04 | 5.5 Medium |
| An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. | ||||
| CVE-2020-27295 | 1 Honeywell | 1 Opc Ua Tunneller | 2024-08-04 | 7.5 High |
| The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233). | ||||
| CVE-2020-27223 | 6 Apache, Debian, Eclipse and 3 more | 22 Nifi, Solr, Spark and 19 more | 2024-08-04 | 5.3 Medium |
| In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. | ||||
| CVE-2020-26409 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 4.3 Medium |
| A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields. | ||||
| CVE-2020-26555 | 4 Bluetooth, Fedoraproject, Intel and 1 more | 33 Bluetooth Core Specification, Fedora, Ac 3165 and 30 more | 2024-08-04 | 5.4 Medium |
| Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. | ||||