Total
882 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28030 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. | |||||
| CVE-2020-27978 | 1 Shibboleth | 1 Identity Provider | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session. | |||||
| CVE-2020-27173 | 1 Vm-superio Project | 1 Vm-superio | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host. | |||||
| CVE-2020-27029 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In TextView of TextView.java, there is a possible app hang due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140218875 | |||||
| CVE-2020-25652 | 3 Debian, Fedoraproject, Spice-space | 3 Debian Linux, Fedora, Spice-vdagent | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`. Any unprivileged local guest user could use this flaw to prevent legitimate agents from connecting to the spice-vdagentd daemon, resulting in a denial of service. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and prior. | |||||
| CVE-2020-25650 | 3 Debian, Fedoraproject, Spice-space | 3 Debian Linux, Fedora, Spice-vdagent | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service for spice-vdagentd or even other processes in the VM system. The highest threat from this vulnerability is to system availability. This flaw affects spice-vdagent versions 0.20 and previous versions. | |||||
| CVE-2020-25648 | 4 Fedoraproject, Mozilla, Oracle and 1 more | 6 Fedora, Network Security Services, Communications Offline Mediation Controller and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. | |||||
| CVE-2020-24994 | 1 Libass Project | 1 Libass | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file. | |||||
| CVE-2020-24685 | 1 Abb | 3 Ac500 Cpu Firmware, Pm573-eth, Pm583-eth | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions. | |||||
| CVE-2020-24658 | 1 Arm | 1 Arm Compiler | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a guard value to the stack prior to (above) any vulnerable arrays in the stack. The guard value is checked for corruption on function return; corruption leads to an error-handler call. In certain circumstances, the reference value that is compared against the guard value is itself also written to the stack (after any vulnerable arrays). The reference value is written to the stack when the function runs out of registers to use for other temporary data. If both the reference value and the guard value are written to the stack, then the stack protection will fail to spot corruption when both values are overwritten with the same value. For both the reference value and the guard value to be corrupted, there would need to be both a buffer overflow and a buffer underflow in the vulnerable arrays (or some other vulnerability that causes two separated stack entries to be corrupted). | |||||
| CVE-2020-22785 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check. | |||||
| CVE-2020-19464 | 1 Flowpaper | 1 Pdf2json | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow . | |||||
| CVE-2020-19463 | 1 Flowpaper | 1 Pdf2json | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in function vfprintf in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow. | |||||
| CVE-2020-18899 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input. | |||||
| CVE-2020-15570 | 1 Whoopsie Project | 1 Whoopsie | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 mishandles memory allocation failures, which allows an attacker to cause a denial of service via a malformed crash file. | |||||
| CVE-2020-15213 | 1 Google | 1 Tensorflow | 2024-11-21 | 4.3 MEDIUM | 4.0 MEDIUM |
| In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code. | |||||
| CVE-2020-15168 | 1 Node-fetch Project | 1 Node-fetch | 2024-11-21 | 5.0 MEDIUM | 2.6 LOW |
| node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing. | |||||
| CVE-2020-15100 | 1 Schokokeks | 1 Freewvs | 2024-11-21 | 2.1 LOW | 2.8 LOW |
| In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. This has been patched in 0.1.1. | |||||
| CVE-2020-14405 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size. | |||||
| CVE-2020-14336 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in the Restricted Security Context Constraints (SCC), where it allows pods to craft custom network packets. This flaw allows an attacker to cause a denial of service attack on an OpenShift Container Platform cluster if they can deploy pods. The highest threat from this vulnerability is to system availability. | |||||