Total
2877 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-14152 | 2 Debian, Ijg | 2 Debian Linux, Libjpeg | 2024-08-04 | 7.1 High |
In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. | ||||
CVE-2020-13949 | 3 Apache, Oracle, Redhat | 6 Hive, Thrift, Communications Cloud Native Core Network Slice Selection Function and 3 more | 2024-08-04 | 7.5 High |
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. | ||||
CVE-2020-13934 | 7 Apache, Canonical, Debian and 4 more | 17 Tomcat, Ubuntu Linux, Debian Linux and 14 more | 2024-08-04 | 7.5 High |
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. | ||||
CVE-2020-13935 | 8 Apache, Canonical, Debian and 5 more | 23 Tomcat, Ubuntu Linux, Debian Linux and 20 more | 2024-08-04 | 7.5 High |
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. | ||||
CVE-2020-13849 | 1 Mqtt | 1 Mqtt | 2024-08-04 | 7.5 High |
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe. | ||||
CVE-2020-13623 | 1 Jerryscript | 1 Jerryscript | 2024-08-04 | 7.5 High |
JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation. | ||||
CVE-2020-13809 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-04 | 7.5 High |
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream. | ||||
CVE-2020-13757 | 4 Canonical, Fedoraproject, Python-rsa Project and 1 more | 4 Ubuntu Linux, Fedora, Python-rsa and 1 more | 2024-08-04 | 7.5 High |
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). | ||||
CVE-2020-13815 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-08-04 | 7.5 High |
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference. | ||||
CVE-2020-13354 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 4.3 Medium |
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9. | ||||
CVE-2020-13333 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 4.3 Medium |
A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage. | ||||
CVE-2020-13349 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 4.3 Medium |
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | ||||
CVE-2020-13281 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 6.5 Medium |
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature | ||||
CVE-2020-13280 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 6.5 Medium |
For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. | ||||
CVE-2020-13238 | 1 Mitsubishielectric | 42 Melsec Iq-r00cpu, Melsec Iq-r00cpu Firmware, Melsec Iq-r01cpu and 39 more | 2024-08-04 | 7.5 High |
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production. | ||||
CVE-2020-13164 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-08-04 | 7.5 High |
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. | ||||
CVE-2020-13114 | 4 Canonical, Libexif Project, Opensuse and 1 more | 4 Ubuntu Linux, Libexif, Leap and 1 more | 2024-08-04 | 7.5 High |
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. | ||||
CVE-2020-12866 | 3 Canonical, Opensuse, Sane-project | 3 Ubuntu Linux, Leap, Sane Backends | 2024-08-04 | 5.7 Medium |
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. | ||||
CVE-2020-12739 | 1 Fanuc | 32 Power Motion I-model A, Power Motion I-model A Firmware, Series 0i-mate D and 29 more | 2024-08-04 | 5.3 Medium |
A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. | ||||
CVE-2020-12695 | 22 Asus, Broadcom, Canon and 19 more | 218 Rt-n11, Adsl, Selphy Cp1200 and 215 more | 2024-08-04 | 7.5 High |
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. |