Filtered by CWE-400
Total 2877 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-14152 2 Debian, Ijg 2 Debian Linux, Libjpeg 2024-08-04 7.1 High
In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.
CVE-2020-13949 3 Apache, Oracle, Redhat 6 Hive, Thrift, Communications Cloud Native Core Network Slice Selection Function and 3 more 2024-08-04 7.5 High
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
CVE-2020-13934 7 Apache, Canonical, Debian and 4 more 17 Tomcat, Ubuntu Linux, Debian Linux and 14 more 2024-08-04 7.5 High
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
CVE-2020-13935 8 Apache, Canonical, Debian and 5 more 23 Tomcat, Ubuntu Linux, Debian Linux and 20 more 2024-08-04 7.5 High
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
CVE-2020-13849 1 Mqtt 1 Mqtt 2024-08-04 7.5 High
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.
CVE-2020-13623 1 Jerryscript 1 Jerryscript 2024-08-04 7.5 High
JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.
CVE-2020-13809 1 Foxitsoftware 2 Phantompdf, Reader 2024-08-04 7.5 High
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream.
CVE-2020-13757 4 Canonical, Fedoraproject, Python-rsa Project and 1 more 4 Ubuntu Linux, Fedora, Python-rsa and 1 more 2024-08-04 7.5 High
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
CVE-2020-13815 1 Foxitsoftware 2 Phantompdf, Reader 2024-08-04 7.5 High
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference.
CVE-2020-13354 1 Gitlab 1 Gitlab 2024-08-04 4.3 Medium
A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9.
CVE-2020-13333 1 Gitlab 1 Gitlab 2024-08-04 4.3 Medium
A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.
CVE-2020-13349 1 Gitlab 1 Gitlab 2024-08-04 4.3 Medium
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
CVE-2020-13281 1 Gitlab 1 Gitlab 2024-08-04 6.5 Medium
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
CVE-2020-13280 1 Gitlab 1 Gitlab 2024-08-04 6.5 Medium
For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message.
CVE-2020-13238 1 Mitsubishielectric 42 Melsec Iq-r00cpu, Melsec Iq-r00cpu Firmware, Melsec Iq-r01cpu and 39 more 2024-08-04 7.5 High
Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production.
CVE-2020-13164 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2024-08-04 7.5 High
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.
CVE-2020-13114 4 Canonical, Libexif Project, Opensuse and 1 more 4 Ubuntu Linux, Libexif, Leap and 1 more 2024-08-04 7.5 High
An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data.
CVE-2020-12866 3 Canonical, Opensuse, Sane-project 3 Ubuntu Linux, Leap, Sane Backends 2024-08-04 5.7 Medium
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
CVE-2020-12739 1 Fanuc 32 Power Motion I-model A, Power Motion I-model A Firmware, Series 0i-mate D and 29 more 2024-08-04 5.3 Medium
A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices.
CVE-2020-12695 22 Asus, Broadcom, Canon and 19 more 218 Rt-n11, Adsl, Selphy Cp1200 and 215 more 2024-08-04 7.5 High
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.