Total
1460 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-20858 | 1 Mattermost | 1 Mattermost Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint. | |||||
CVE-2020-9702 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service. | |||||
CVE-2018-21238 | 1 Foxitsoftware | 1 Phantompdf | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | |||||
CVE-2020-12662 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | |||||
CVE-2020-3946 | 1 Vmware | 1 Installbuilder | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
InstallBuilder AutoUpdate tool and regular installers enabling <checkForUpdates> built with versions earlier than 19.11 are vulnerable to Billion laughs attack (denial-of-service). | |||||
CVE-2020-7661 | 1 Url-regex Project | 1 Url-regex | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service. | |||||
CVE-2020-3196 | 1 Cisco | 26 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 23 more | 2023-12-10 | 5.0 MEDIUM | 8.6 HIGH |
A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to exhaust memory resources on the affected device, leading to a denial of service (DoS) condition. The vulnerability is due to improper resource management for inbound SSL/TLS connections. An attacker could exploit this vulnerability by establishing multiple SSL/TLS connections with specific conditions to the affected device. A successful exploit could allow the attacker to exhaust the memory on the affected device, causing the device to stop accepting new SSL/TLS connections and resulting in a DoS condition for services on the device that process SSL/TLS traffic. Manual intervention is required to recover an affected device. | |||||
CVE-2020-8543 | 1 Open-xchange | 1 Open-xchange Appsuite | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
OX App Suite through 7.10.3 has Improper Input Validation. | |||||
CVE-2020-10745 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest threat from this vulnerability is to system availability. | |||||
CVE-2014-8937 | 1 Piwigo | 1 Lexiglot | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources. | |||||
CVE-2020-7486 | 1 Schneider-electric | 12 Tricon Tcm 4351, Tricon Tcm 4351 Firmware, Tricon Tcm 4351a and 9 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under high network load in TCM v10.4.x and in system v10.3.x. This vulnerability was discovered and remediated in version v10.5.x on August 13, 2009. TCMs from v10.5.x and on will no longer exhibit this behavior. | |||||
CVE-2020-11090 | 1 Linuxfoundation | 1 Indy-node | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3. | |||||
CVE-2020-3306 | 1 Cisco | 13 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 10 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the DHCP module of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. The vulnerability is due to incorrect processing of certain DHCP packets. An attacker could exploit this vulnerability by sending a crafted DHCP packet to the affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. | |||||
CVE-2020-13815 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. It allows stack consumption via a loop of an indirect object reference. | |||||
CVE-2020-13809 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows resource consumption via long strings in the content stream. | |||||
CVE-2020-3260 | 1 Cisco | 12 Aironet 1542d, Aironet 1542d Firmware, Aironet 1542i and 9 more | 2023-12-10 | 3.3 LOW | 6.5 MEDIUM |
A vulnerability in Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of client packets that are sent to an affected access point (AP). An attacker could exploit this vulnerability by sending a large number of sustained client packets to the affected AP. A successful exploit could allow the attacker to cause the affected AP to crash, resulting in a DoS condition. | |||||
CVE-2020-1626 | 1 Juniper | 1 Junos Os Evolved | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash. The pfemand process is responsible for packet forwarding on the device. By continuously sending the packet flood, an attacker can repeatedly crash the pfemand process causing a sustained Denial of Service. This issue can only be triggered by traffic sent to the device. Transit traffic does not cause this issue. This issue affects all version of Junos OS Evolved prior to 19.1R1-EVO. | |||||
CVE-2019-20818 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows memory consumption because data is created for each page of an application level. | |||||
CVE-2019-14941 | 1 Ushareit | 1 Shareit | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. | |||||
CVE-2019-20812 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067. |