Total
1274 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9494 | 2 Apache, Debian | 2 Traffic Server, Debian Linux | 2024-11-21 | 7.5 High |
| Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8.0.7 is vulnerable to certain types of HTTP/2 HEADERS frames that can cause the server to allocate a large amount of memory and spin the thread. | ||||
| CVE-2020-9345 | 2 Microsoft, Signotec | 2 Windows, Signopad-api\/web | 2024-11-21 | 6.5 Medium |
| An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this vulnerability can be exploited. | ||||
| CVE-2020-9059 | 2 Schlage, Silabs | 2 Be468, 500 Series Firmware | 2024-11-21 | 6.5 Medium |
| Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion. As an example, the Schlage BE468 version 3.42 door lock is vulnerable and fails open at a low battery level. | ||||
| CVE-2020-8659 | 3 Cncf, Debian, Redhat | 4 Envoy, Debian Linux, Openshift Service Mesh and 1 more | 2024-11-21 | 7.5 High |
| CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or responses with many small (i.e. 1 byte) chunks. | ||||
| CVE-2020-8552 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Kubernetes, Openshift | 2024-11-21 | 5.3 Medium |
| The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. | ||||
| CVE-2020-8551 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Kubernetes, Openshift | 2024-11-21 | 4.3 Medium |
| The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250. | ||||
| CVE-2020-8416 | 1 Iktm | 1 Bearftp | 2024-11-21 | 7.5 High |
| IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port. | ||||
| CVE-2020-8203 | 3 Lodash, Oracle, Redhat | 24 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 21 more | 2024-11-21 | 7.4 High |
| Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. | ||||
| CVE-2020-8037 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Macos, Debian Linux and 3 more | 2024-11-21 | 7.5 High |
| The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. | ||||
| CVE-2020-7226 | 3 Oracle, Redhat, Vt | 7 Communications Services Gatekeeper, Webcenter Sites, Weblogic Server and 4 more | 2024-11-21 | 7.5 High |
| CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data. | ||||
| CVE-2020-7219 | 1 Hashicorp | 1 Consul | 2024-11-21 | 7.5 High |
| HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3. | ||||
| CVE-2020-7218 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 7.5 High |
| HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3. | ||||
| CVE-2020-7052 | 1 Codesys | 15 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 12 more | 2024-11-21 | 6.5 Medium |
| CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition. | ||||
| CVE-2020-6610 | 2 Gnu, Opensuse | 3 Libredwg, Backports, Leap | 2024-11-21 | 6.5 Medium |
| GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation in read_sections_map in decode_r2007.c. | ||||
| CVE-2020-5982 | 1 Nvidia | 1 Virtual Gpu Manager | 2024-11-21 | 4.4 Medium |
| NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests, which may lead to denial of service. | ||||
| CVE-2020-5806 | 1 Rockwellautomation | 1 Factorytalk Linx | 2024-11-21 | 5.5 Medium |
| An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. | ||||
| CVE-2020-5802 | 1 Rockwellautomation | 1 Factorytalk Linx | 2024-11-21 | 7.5 High |
| An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected. | ||||
| CVE-2020-36049 | 1 Socket | 1 Socket.io-parser | 2024-11-21 | 7.5 High |
| socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used. | ||||
| CVE-2020-35896 | 1 Ws-rs Project | 1 Ws-rs | 2024-11-21 | 7.5 High |
| An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack. | ||||
| CVE-2020-35534 | 1 Libraw | 1 Libraw | 2024-11-21 | 5.5 Medium |
| In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files. | ||||