Total
1574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13354 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9. | |||||
| CVE-2021-21369 | 1 Linuxfoundation | 1 Besu | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Hyperledger Besu is an open-source, MainNet compatible, Ethereum client written in Java. In Besu before version 1.5.1 there is a denial-of-service vulnerability involving the HTTP JSON-RPC API service. If username and password authentication is enabled for the HTTP JSON-RPC API service, then prior to making any requests to an API endpoint the requestor must use the login endpoint to obtain a JSON web token (JWT) using their credentials. A single user can readily overload the login endpoint with invalid requests (incorrect password). As the supplied password is checked for validity on the main vertx event loop and takes a relatively long time this can cause the processing of other valid requests to fail. A valid username is required for this vulnerability to be exposed. This has been fixed in version 1.5.1. | |||||
| CVE-2020-4766 | 1 Ibm | 1 Mq Internet Pass-thru | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093. | |||||
| CVE-2020-27827 | 5 Fedoraproject, Lldpd Project, Openvswitch and 2 more | 27 Fedora, Lldpd, Openvswitch and 24 more | 2024-02-28 | 7.1 HIGH | 7.5 HIGH |
| A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-24686 | 1 Abb | 12 Pm554, Pm554 Firmware, Pm556 and 9 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet. | |||||
| CVE-2020-3527 | 1 Cisco | 13 Catalyst C9200l-24p-4g, Catalyst C9200l-24p-4x, Catalyst C9200l-24pxg-2y and 10 more | 2024-02-28 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger than the configured MTU size to the management interface of this device. A successful exploit could allow the attacker to crash the device fully before an automatic recovery. | |||||
| CVE-2020-8237 | 1 Json-bigint Project | 1 Json-bigint | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack. | |||||
| CVE-2020-7753 | 1 Trim Project | 1 Trim | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim(). | |||||
| CVE-2021-21240 | 1 Httplib2 Project | 1 Httplib2 | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| httplib2 is a comprehensive HTTP client library for Python. In httplib2 before version 0.19.0, a malicious server which responds with long series of "\xa0" characters in the "www-authenticate" header may cause Denial of Service (CPU burn while parsing header) of the httplib2 client accessing said server. This is fixed in version 0.19.0 which contains a new implementation of auth headers parsing using the pyparsing library. | |||||
| CVE-2020-25630 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14. | |||||
| CVE-2021-22166 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method | |||||
| CVE-2020-5936 | 1 F5 | 1 Big-ip Local Traffic Manager | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile. | |||||
| CVE-2020-5666 | 1 Mitsubishielectric | 16 Melsec Iq-r00, Melsec Iq-r00 Firmware, Melsec Iq-r01 and 13 more | 2024-02-28 | 7.1 HIGH | 7.5 HIGH |
| Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication. | |||||
| CVE-2020-0441 | 1 Google | 1 Android | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| In Message and toBundle of Notification.java, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service requiring a device reset to fix with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-158304295 | |||||
| CVE-2020-26264 | 1 Ethereum | 1 Go Ethereum | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25. | |||||
| CVE-2021-28089 | 2 Fedoraproject, Torproject | 2 Fedora, Tor | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. | |||||
| CVE-2020-7755 | 1 Dat.gui Project | 1 Dat.gui | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values. | |||||
| CVE-2018-4381 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| A resource exhaustion issue was addressed with improved input validation. This issue is fixed in tvOS 12.1, iOS 12.1. Processing a maliciously crafted message may lead to a denial of service. | |||||
| CVE-2018-1000892 | 1 Bitcoinsv | 1 Bitcoin Sv | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving sendheaders messages. | |||||
| CVE-2020-3563 | 1 Cisco | 1 Firepower Threat Defense | 2024-02-28 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of TCP packets to a specific port on an affected device. A successful exploit could allow the attacker to exhaust system memory, which could cause the device to reload unexpectedly. No manual intervention is needed to recover the device after it has reloaded. | |||||