Total
3391 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13281 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature | ||||
| CVE-2020-13280 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. | ||||
| CVE-2020-13238 | 1 Mitsubishielectric | 42 Melsec Iq-r00cpu, Melsec Iq-r00cpu Firmware, Melsec Iq-r01cpu and 39 more | 2024-11-21 | 7.5 High |
| Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production. | ||||
| CVE-2020-13164 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. | ||||
| CVE-2020-13114 | 4 Canonical, Libexif Project, Opensuse and 1 more | 4 Ubuntu Linux, Libexif, Leap and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. | ||||
| CVE-2020-12866 | 3 Canonical, Opensuse, Sane-project | 3 Ubuntu Linux, Leap, Sane Backends | 2024-11-21 | 5.7 Medium |
| A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. | ||||
| CVE-2020-12739 | 1 Fanuc | 32 Power Motion I-model A, Power Motion I-model A Firmware, Series 0i-mate D and 29 more | 2024-11-21 | 5.3 Medium |
| A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. | ||||
| CVE-2020-12695 | 22 Asus, Broadcom, Canon and 19 more | 218 Rt-n11, Adsl, Selphy Cp1200 and 215 more | 2024-11-21 | 7.5 High |
| The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | ||||
| CVE-2020-12667 | 1 Nic | 1 Knot Resolver | 2024-11-21 | 7.5 High |
| Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | ||||
| CVE-2020-12662 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 7.5 High |
| Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | ||||
| CVE-2020-12605 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | 7.5 High |
| Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs. | ||||
| CVE-2020-12604 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | 7.5 High |
| Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream. | ||||
| CVE-2020-12603 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | 7.5 High |
| Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames. | ||||
| CVE-2020-12524 | 1 Phoenixcontact | 6 Btp 2043w, Btp 2043w Firmware, Btp 2070w and 3 more | 2024-11-21 | 7.5 High |
| Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service). | ||||
| CVE-2020-12516 | 1 Wago | 20 750-331, 750-331 Firmware, 750-352 and 17 more | 2024-11-21 | 7.5 High |
| Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack. | ||||
| CVE-2020-12296 | 1 Intel | 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more | 2024-11-21 | 5.5 Medium |
| Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-12291 | 1 Intel | 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more | 2024-11-21 | 5.5 Medium |
| Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-12243 | 9 Apple, Broadcom, Canonical and 6 more | 28 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 25 more | 2024-11-21 | 7.5 High |
| In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | ||||
| CVE-2020-12114 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2024-11-21 | 4.7 Medium |
| A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. | ||||
| CVE-2020-12049 | 3 Canonical, Freedesktop, Redhat | 5 Ubuntu Linux, Dbus, Enterprise Linux and 2 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. | ||||