Total
3392 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-3195 | 1 Cisco | 26 Adaptive Security Appliance Software, Asa 5505, Asa 5505 Firmware and 23 more | 2024-11-21 | 7.5 High |
| A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition. | ||||
| CVE-2020-3190 | 1 Cisco | 1 Ios Xr | 2024-11-21 | 5.8 Medium |
| A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected device. The vulnerability is due to improper handling of packets by the IPsec packet processor. An attacker could exploit this vulnerability by sending malicious ICMP error messages to an affected device that get punted to the IPsec packet processor. A successful exploit could allow the attacker to deplete IPsec memory, resulting in all future IPsec packets to an affected device being dropped by the device. Manual intervention is required to recover from this situation. | ||||
| CVE-2020-3189 | 1 Cisco | 25 Asa 5505, Asa 5505 Firmware, Asa 5510 and 22 more | 2024-11-21 | 8.6 High |
| A vulnerability in the VPN System Logging functionality for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak that can deplete system memory over time, which can cause unexpected system behaviors or device crashes. The vulnerability is due to the system memory not being properly freed for a VPN System Logging event generated when a VPN session is created or deleted. An attacker could exploit this vulnerability by repeatedly creating or deleting a VPN tunnel connection, which could leak a small amount of system memory for each logging event. A successful exploit could allow the attacker to cause system memory depletion, which can lead to a systemwide denial of service (DoS) condition. The attacker does not have any control of whether VPN System Logging is configured or not on the device, but it is enabled by default. | ||||
| CVE-2020-3181 | 1 Cisco | 1 Email Security Appliance | 2024-11-21 | 6.5 Medium |
| A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection (AMP) in Cisco AsyncOS Software for Cisco Email Security Appliances (ESAs) could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient control over system memory allocation. An attacker could exploit this vulnerability by sending a crafted email through the targeted device. A successful exploit could allow the attacker to cause an email attachment that contains malware to be delivered to a user and cause email processing delays. | ||||
| CVE-2020-3175 | 1 Cisco | 14 Mds 9132t, Mds 9148s, Mds 9148t and 11 more | 2024-11-21 | 8.6 High |
| A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource usage control. An attacker could exploit this vulnerability by sending traffic to the management interface (mgmt0) of an affected device at very high rates. An exploit could allow the attacker to cause unexpected behaviors such as high CPU usage, process crashes, or even full system reboots of an affected device. | ||||
| CVE-2020-3168 | 1 Cisco | 2 Nexus 1000v, Nx-os | 2024-11-21 | 7.5 High |
| A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI. The vulnerability is due to improper resource allocation during failed CLI login attempts when login parameters that are part of the Secure Login Enhancements capability are configured on an affected device. An attacker could exploit this vulnerability by performing a high amount of login attempts against the affected device. A successful exploit could cause the affected device to become inaccessible to other users, resulting in a denial of service (DoS) condition requiring a manual power cycle of the VSM to recover. | ||||
| CVE-2020-3132 | 1 Cisco | 2 Cloud Email Security, Email Security Appliance | 2024-11-21 | 5.9 Medium |
| A vulnerability in the email message scanning feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a temporary denial of service (DoS) condition on an affected device. The vulnerability is due to inadequate parsing mechanisms for specific email body components. An attacker could exploit this vulnerability by sending a malicious email containing a high number of shortened URLs through an affected device. A successful exploit could allow the attacker to consume processing resources, causing a DoS condition on an affected device. To successfully exploit this vulnerability, certain conditions beyond the control of the attacker must occur. | ||||
| CVE-2020-3131 | 2 Cisco, Microsoft | 2 Webex Teams, Windows | 2024-11-21 | 6.5 Medium |
| A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131. | ||||
| CVE-2020-36332 | 4 Debian, Netapp, Redhat and 1 more | 4 Debian Linux, Ontap Select Deploy Administration Utility, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. | ||||
| CVE-2020-36320 | 1 Vaadin | 1 Vaadin | 2024-11-21 | 7.5 High |
| Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-server versions 7.0.0 through 7.7.21 (Vaadin 7.0.0 through 7.7.21) allows attackers to cause uncontrolled resource consumption by submitting malicious email addresses. | ||||
| CVE-2020-36049 | 1 Socket | 1 Socket.io-parser | 2024-11-21 | 7.5 High |
| socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used. | ||||
| CVE-2020-36048 | 1 Socket | 1 Engine.io | 2024-11-21 | 7.5 High |
| Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport. | ||||
| CVE-2020-35916 | 1 Image-rs | 1 Image | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.) | ||||
| CVE-2020-35857 | 1 Trust-dns-server Project | 1 Trust-dns-server | 2024-11-21 | 7.5 High |
| An issue was discovered in the trust-dns-server crate before 0.18.1 for Rust. DNS MX and SRV null targets are mishandled, causing stack consumption. | ||||
| CVE-2020-35559 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 4.3 Medium |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users. | ||||
| CVE-2020-35534 | 1 Libraw | 1 Libraw | 2024-11-21 | 5.5 Medium |
| In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files. | ||||
| CVE-2020-35510 | 1 Redhat | 5 Jboss-remoting, Jboss Enterprise Application Platform, Jboss Fuse and 2 more | 2024-11-21 | 5.9 Medium |
| A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-35233 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 6.5 Medium |
| The TFTP server fails to handle multiple connections on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices, and allows external attackers to force device reboots by sending concurrent connections, aka a denial of service attack. | ||||
| CVE-2020-35213 | 1 Atomix | 1 Atomix | 2024-11-21 | 8.1 High |
| An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node. | ||||
| CVE-2020-35210 | 1 Atomix | 1 Atomix | 2024-11-21 | 6.5 Medium |
| A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages. | ||||