Total
3392 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2830 | 8 Canonical, Debian, Fedoraproject and 5 more | 24 Ubuntu Linux, Debian Linux, Fedora and 21 more | 2024-11-21 | 5.3 Medium |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| CVE-2020-2574 | 6 Canonical, Mariadb, Netapp and 3 more | 12 Ubuntu Linux, Mariadb, Active Iq Unified Manager and 9 more | 2024-11-21 | 5.9 Medium |
| Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2020-2573 | 4 Canonical, Netapp, Oracle and 1 more | 10 Ubuntu Linux, Active Iq Unified Manager, Oncommand Insight and 7 more | 2024-11-21 | 5.9 Medium |
| Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2020-2570 | 3 Canonical, Oracle, Redhat | 6 Ubuntu Linux, Mysql, Enterprise Linux and 3 more | 2024-11-21 | 5.9 Medium |
| Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2020-2100 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.8 Medium |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848. | ||||
| CVE-2020-2039 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 5.3 Medium |
| An uncontrolled resource consumption vulnerability in Palo Alto Networks PAN-OS allows for a remote unauthenticated user to upload temporary files through the management web interface that are not properly deleted after the request is finished. It is possible for an attacker to disrupt the availability of the management web interface by repeatedly uploading files until available disk space is exhausted. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.10; PAN-OS 9.1 versions earlier than PAN-OS 9.1.4; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. | ||||
| CVE-2020-29651 | 3 Fedoraproject, Oracle, Pytest | 3 Fedora, Zfs Storage Appliance Kit, Py | 2024-11-21 | 7.5 High |
| A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. | ||||
| CVE-2020-29490 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Vsa Operating Environment, Emc Unity Xt Operating Environment | 2024-11-21 | 7.5 High |
| Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests. | ||||
| CVE-2020-29260 | 2 Debian, Libvncserver Project | 2 Debian Linux, Libvncserver | 2024-11-21 | 7.5 High |
| libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). | ||||
| CVE-2020-28944 | 1 Open-xchange | 1 Ox Guard | 2024-11-21 | 7.5 High |
| OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data. | ||||
| CVE-2020-28500 | 4 Lodash, Oracle, Redhat and 1 more | 25 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 22 more | 2024-11-21 | 5.3 Medium |
| Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. | ||||
| CVE-2020-28496 | 1 Three Project | 1 Three | 2024-11-21 | 7.5 High |
| This affects the package three before 0.125.0. This can happen when handling rgb or hsl colors. PoC: var three = require('three') function build_blank (n) { var ret = "rgb(" for (var i = 0; i < n; i++) { ret += " " } return ret + ""; } var Color = three.Color var time = Date.now(); new Color(build_blank(50000)) var time_cost = Date.now() - time; console.log(time_cost+" ms") | ||||
| CVE-2020-28493 | 3 Fedoraproject, Palletsprojects, Redhat | 4 Fedora, Jinja, Enterprise Linux and 1 more | 2024-11-21 | 5.3 Medium |
| This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. | ||||
| CVE-2020-28491 | 4 Fasterxml, Oracle, Quarkus and 1 more | 11 Jackson-dataformats-binary, Weblogic Server, Quarkus and 8 more | 2024-11-21 | 7.5 High |
| This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. | ||||
| CVE-2020-28469 | 3 Gulpjs, Oracle, Redhat | 8 Glob-parent, Communications Cloud Native Core Policy, Acm and 5 more | 2024-11-21 | 5.3 Medium |
| This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator. | ||||
| CVE-2020-28458 | 2 Datatables, Redhat | 3 Datatables.net, Rhev Hypervisor, Rhev Manager | 2024-11-21 | 7.3 High |
| All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806. | ||||
| CVE-2020-28200 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2024-11-21 | 4.3 Medium |
| The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. | ||||
| CVE-2020-27827 | 5 Fedoraproject, Lldpd Project, Openvswitch and 2 more | 28 Fedora, Lldpd, Openvswitch and 25 more | 2024-11-21 | 7.5 High |
| A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-27813 | 3 Debian, Gorillatoolkit, Redhat | 4 Debian Linux, Websocket, Container Native Virtualization and 1 more | 2024-11-21 | 7.5 High |
| An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections. | ||||
| CVE-2020-27782 | 1 Redhat | 8 Camel Quarkus, Integration, Jboss Enterprise Application Platform and 5 more | 2024-11-21 | 7.5 High |
| A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1. | ||||