Total
1621 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8557 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail. | |||||
| CVE-2020-8492 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
| Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. | |||||
| CVE-2020-8299 | 1 Citrix | 17 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 14 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance. | |||||
| CVE-2020-8295 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user. | |||||
| CVE-2020-8293 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules. | |||||
| CVE-2020-8277 | 4 C-ares Project, Fedoraproject, Nodejs and 1 more | 8 C-ares, Fedora, Node.js and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. | |||||
| CVE-2020-8251 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. | |||||
| CVE-2020-8246 | 1 Citrix | 5 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network. | |||||
| CVE-2020-8237 | 1 Json-bigint Project | 1 Json-bigint | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack. | |||||
| CVE-2020-8220 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS. | |||||
| CVE-2020-8192 | 1 Fastify | 1 Fastify | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas. | |||||
| CVE-2020-8185 | 2 Fedoraproject, Rubyonrails | 2 Fedora, Rails | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. | |||||
| CVE-2020-8175 | 1 Jpeg-js Project | 1 Jpeg-js | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image. | |||||
| CVE-2020-8136 | 1 Fastify | 1 Fastify-multipart | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request. | |||||
| CVE-2020-8123 | 1 Strapi | 1 Strapi | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application. | |||||
| CVE-2020-7779 | 1 Djvalidator Project | 1 Djvalidator | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!. | |||||
| CVE-2020-7767 | 1 Express-validators Project | 1 Express-validators | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls. | |||||
| CVE-2020-7760 | 2 Codemirror, Oracle | 6 Codemirror, Application Express, Enterprise Manager Express User Interface and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)* | |||||
| CVE-2020-7755 | 1 Dat.gui Project | 1 Dat.gui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values. | |||||
| CVE-2020-7753 | 1 Trim Project | 1 Trim | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim(). | |||||