Total
2334 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15565 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 6.1 MEDIUM | 8.8 HIGH |
| An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM guest OS users to cause a host OS denial of service or possibly gain privileges because of insufficient cache write-back under VT-d. When page tables are shared between IOMMU and CPU, changes to them require flushing of both TLBs. Furthermore, IOMMUs may be non-coherent, and hence prior to flushing IOMMU TLBs, a CPU cache also needs writing back to memory after changes were made. Such writing back of cached data was missing in particular when splitting large page mappings into smaller granularity ones. A malicious guest may be able to retain read/write DMA access to frames returned to Xen's free pool, and later reused for another purpose. Host crashes (leading to a Denial of Service) and privilege escalation cannot be ruled out. Xen versions from at least 3.2 onwards are affected. Only x86 Intel systems are affected. x86 AMD as well as Arm systems are not affected. Only x86 HVM guests using hardware assisted paging (HAP), having a passed through PCI device assigned, and having page table sharing enabled can leverage the vulnerability. Note that page table sharing will be enabled (by default) only if Xen considers IOMMU and CPU large page size support compatible. | |||||
| CVE-2020-15166 | 3 Debian, Fedoraproject, Zeromq | 3 Debian Linux, Fedora, Libzmq | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3. | |||||
| CVE-2020-15114 | 2 Fedoraproject, Redhat | 2 Fedora, Etcd | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. However, it is possible to include the gateway address as an endpoint. This results in a denial of service, since the endpoint can become stuck in a loop of requesting itself until there are no more available file descriptors to accept connections on the gateway. | |||||
| CVE-2020-15101 | 1 Schokokeks | 1 Freewvs | 2024-11-21 | 4.0 MEDIUM | 2.8 LOW |
| In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where an administrator scans the dirs of potentially untrusted users. This has been patched in 0.1.1. | |||||
| CVE-2020-15100 | 1 Schokokeks | 1 Freewvs | 2024-11-21 | 2.1 LOW | 2.8 LOW |
| In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1. | |||||
| CVE-2020-14522 | 1 Softing | 1 Opc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to uncontrolled resource consumption, which may allow an attacker to cause a denial-of-service condition. | |||||
| CVE-2020-14384 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jbossweb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-14340 | 2 Oracle, Redhat | 14 Communications Cloud Native Core Console, Communications Cloud Native Core Network Repository Function, Communications Cloud Native Core Policy and 11 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final. | |||||
| CVE-2020-14326 | 2 Netapp, Redhat | 3 Oncommand Insight, Integration Camel K, Resteasy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service. | |||||
| CVE-2020-14297 | 1 Redhat | 6 Amq, Jboss-ejb-client, Jboss Enterprise Application Platform Continuous Delivery and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable. | |||||
| CVE-2020-14190 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL. The affected versions are before version 4.8.4. | |||||
| CVE-2020-14152 | 2 Debian, Ijg | 2 Debian Linux, Libjpeg | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption. | |||||
| CVE-2020-13949 | 2 Apache, Oracle | 4 Hive, Thrift, Communications Cloud Native Core Network Slice Selection Function and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. | |||||
| CVE-2020-13849 | 1 Mqtt | 1 Mqtt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe. | |||||
| CVE-2020-13815 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference. | |||||
| CVE-2020-13809 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream. | |||||
| CVE-2020-13623 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation. | |||||
| CVE-2020-13354 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9. | |||||
| CVE-2020-13349 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-13333 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage. | |||||