Total
2877 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26289 | 2 Date-and-time Project, Redhat | 2 Date-and-time, Openshift Container Storage | 2024-08-04 | 7.5 High |
| date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2. | ||||
| CVE-2020-26264 | 1 Ethereum | 1 Go Ethereum | 2024-08-04 | 6.5 Medium |
| Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25. | ||||
| CVE-2020-26257 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-08-04 | 6.5 Medium |
| Matrix is an ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix. A malicious or poorly-implemented homeserver can inject malformed events into a room by specifying a different room id in the path of a `/send_join`, `/send_leave`, `/invite` or `/exchange_third_party_invite` request. This can lead to a denial of service in which future events will not be correctly sent to other servers over federation. This affects any server which accepts federation requests from untrusted servers. The Matrix Synapse reference implementation before version 1.23.1 the implementation is vulnerable to this injection attack. Issue is fixed in version 1.23.1. As a workaround homeserver administrators could limit access to the federation API to trusted servers (for example via `federation_domain_whitelist`). | ||||
| CVE-2020-26256 | 1 C2fo | 1 Fast-csv | 2024-08-04 | 5.7 Medium |
| Fast-csv is an npm package for parsing and formatting CSVs or any other delimited value file in node. In fast-cvs before version 4.3.6 there is a possible ReDoS vulnerability (Regular Expression Denial of Service) when using ignoreEmpty option when parsing. This has been patched in `v4.3.6` You will only be affected by this if you use the `ignoreEmpty` parsing option. If you do use this option it is recommended that you upgrade to the latest version `v4.3.6` This vulnerability was found using a CodeQL query which identified `EMPTY_ROW_REGEXP` regular expression as vulnerable. | ||||
| CVE-2020-26164 | 2 Kde, Opensuse | 3 Kdeconnect, Backports Sle, Leap | 2024-08-04 | 5.5 Medium |
| In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. | ||||
| CVE-2020-25673 | 3 Fedoraproject, Linux, Netapp | 22 Fedora, Linux Kernel, Active Iq Unified Manager and 19 more | 2024-08-04 | 5.5 Medium |
| A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. | ||||
| CVE-2020-25630 | 1 Moodle | 1 Moodle | 2024-08-04 | 7.5 High |
| A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14. | ||||
| CVE-2020-25601 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-08-04 | 5.5 Medium |
| An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics. | ||||
| CVE-2020-25242 | 1 Siemens | 6 Simatic Net Cp 343-1 Advanced, Simatic Net Cp 343-1 Advanced Firmware, Simatic Net Cp 343-1 Lean and 3 more | 2024-08-04 | 7.5 High |
| A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions). Specially crafted packets sent to TCP port 102 could cause a Denial-of-Service condition on the affected devices. A cold restart might be necessary in order to recover. | ||||
| CVE-2020-24736 | 2 Ghost, Redhat | 3 Sqlite3, Enterprise Linux, Rhel Eus | 2024-08-04 | 5.5 Medium |
| Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script. | ||||
| CVE-2020-24686 | 1 Abb | 12 Pm554, Pm554 Firmware, Pm556 and 9 more | 2024-08-04 | 7.5 High |
| The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet. | ||||
| CVE-2020-24573 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2024-08-04 | 7.5 High |
| BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component. | ||||
| CVE-2020-24504 | 2 Intel, Redhat | 11 Ethernet Network Adapter E810-cqda1, Ethernet Network Adapter E810-cqda1 For Ocp, Ethernet Network Adapter E810-cqda1 For Ocp 3.0 and 8 more | 2024-08-04 | 5.5 Medium |
| Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-23804 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-08-04 | 7.5 High |
| Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | ||||
| CVE-2020-21573 | 1 Image-processing Project | 1 Image-processing | 2024-08-04 | 5.5 Medium |
| An issue was discoverered in in abhijitnathwani image-processing v0.1.0, allows local attackers to cause a denial of service via a crafted image file. | ||||
| CVE-2020-21405 | 1 H96tvbox | 2 H96 Pro Plus, H96 Pro Plus Firmware | 2024-08-04 | 7.5 High |
| An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.unk | ||||
| CVE-2020-20230 | 1 Mikrotik | 1 Routeros | 2024-08-04 | 6.5 Medium |
| Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | ||||
| CVE-2020-20217 | 1 Mikrotik | 1 Routeros | 2024-08-04 | 6.5 Medium |
| Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | ||||
| CVE-2020-20248 | 1 Mikrotik | 1 Routeros | 2024-08-04 | 6.5 Medium |
| Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | ||||
| CVE-2020-20221 | 1 Mikrotik | 1 Routeros | 2024-08-04 | 6.5 Medium |
| Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | ||||