Total
1047 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36049 | 1 Socket | 1 Socket.io-parser | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used. | |||||
| CVE-2020-36048 | 1 Socket | 1 Engine.io | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport. | |||||
| CVE-2020-35857 | 1 Trust-dns-server Project | 1 Trust-dns-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption. | |||||
| CVE-2020-29540 | 1 Systransoft | 1 Pure Neural Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| API calls in the Translation API feature in Systran Pure Neural Server before 9.7.0 allow a threat actor to use the Systran Pure Neural Server as a Denial-of-Service proxy by sending a large amount of translation requests to a destination host on any given TCP port regardless of whether a web service is running on the destination port. | |||||
| CVE-2020-29490 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Vsa Operating Environment, Emc Unity Xt Operating Environment | 2024-11-21 | 4.0 MEDIUM | 7.5 HIGH |
| Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests. | |||||
| CVE-2020-28944 | 1 Open-xchange | 1 Ox Guard | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data. | |||||
| CVE-2020-28723 | 1 Cloudavid | 1 Pparam | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. | |||||
| CVE-2020-28496 | 1 Three Project | 1 Three | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = "rgb(" for (var i = 0; i < n; i++) { ret += " " } return ret + ""; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() - time; console.log(time_cost+" ms") | |||||
| CVE-2020-28030 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. | |||||
| CVE-2020-27827 | 5 Fedoraproject, Lldpd Project, Openvswitch and 2 more | 27 Fedora, Lldpd, Openvswitch and 24 more | 2024-11-21 | 7.1 HIGH | 7.5 HIGH |
| A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-27813 | 2 Debian, Gorillatoolkit | 2 Debian Linux, Websocket | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections. | |||||
| CVE-2020-27782 | 1 Redhat | 3 Jboss Fuse, Openshift Application Runtimes, Undertow | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1. | |||||
| CVE-2020-27718 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. | |||||
| CVE-2020-27295 | 1 Honeywell | 1 Opc Ua Tunneller | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The affected product has uncontrolled resource consumption issues, which may allow an attacker to cause a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233). | |||||
| CVE-2020-26289 | 1 Date-and-time Project | 1 Date-and-time | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2. | |||||
| CVE-2020-25630 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14. | |||||
| CVE-2020-25242 | 1 Siemens | 6 Simatic Net Cp 343-1 Advanced, Simatic Net Cp 343-1 Advanced Firmware, Simatic Net Cp 343-1 Lean and 3 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS variants) (All versions). Specially crafted packets sent to TCP port 102 could cause a Denial-of-Service condition on the affected devices. A cold restart might be necessary in order to recover. | |||||
| CVE-2020-24686 | 1 Abb | 12 Pm554, Pm554 Firmware, Pm556 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet. | |||||
| CVE-2020-24573 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component. | |||||
| CVE-2020-21405 | 1 H96tvbox | 2 H96 Pro Plus, H96 Pro Plus Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.unk | |||||