Total
1255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3351 | 1 Cisco | 10 Sd-wan Firmware, Vedge 100, Vedge 1000 and 7 more | 2020-07-23 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of fields in Cisco SD-WAN peering messages that are encapsulated in UDP packets. An attacker could exploit this vulnerability by sending crafted UDP messages to the targeted system. A successful exploit could allow the attacker to cause services on the device to fail, resulting in a DoS condition that could impact the targeted device and other devices that depend on it. | |||||
| CVE-2020-7584 | 1 Siemens | 4 Simatic S7-200 Smart Sr Cpu, Simatic S7-200 Smart Sr Cpu Firmware, Simatic S7-200 Smart St Cpu and 1 more | 2020-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-200 SMART CPU family (All versions >= V2.2 < V2.5.1). Affected devices do not properly handle large numbers of new incomming connections and could crash under certain circumstances. An attacker may leverage this to cause a Denial-of-Service situation. | |||||
| CVE-2020-5603 | 1 Mitsubishielectric | 20 Cpu Module Logging Configuration Tool, Cw Configurator, Em Configurator and 17 more | 2020-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA-Works Ver. 4.3 and earlier, MELSEC-L Flexible High-Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to cause a denial of service (DoS) condition attacks via unspecified vectors. | |||||
| CVE-2020-12603 | 1 Envoyproxy | 1 Envoy | 2020-07-09 | 5.0 MEDIUM | 7.5 HIGH |
| Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames. | |||||
| CVE-2020-8663 | 1 Envoyproxy | 1 Envoy | 2020-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when accepting too many connections. | |||||
| CVE-2020-9611 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a stack exhaustion vulnerability. Successful exploitation could lead to application denial-of-service. | |||||
| CVE-2018-21250 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions. | |||||
| CVE-2015-9548 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed. | |||||
| CVE-2020-13238 | 1 Mitsubishielectric | 42 Melsec Iq-r00cpu, Melsec Iq-r00cpu Firmware, Melsec Iq-r01cpu and 39 more | 2020-06-23 | 7.8 HIGH | 7.5 HIGH |
| Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to halt the industrial process by sending an unauthenticated crafted packet over the network, because this denial of service attack consumes excessive CPU time. After halting, physical access to the PLC is required in order to restore production. | |||||
| CVE-2019-20858 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint. | |||||
| CVE-2020-11090 | 1 Linuxfoundation | 1 Indy-node | 2020-06-22 | 5.0 MEDIUM | 7.5 HIGH |
| In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3. | |||||
| CVE-2016-7426 | 4 Canonical, Hpe, Ntp and 1 more | 9 Ubuntu Linux, Hpux-ntp, Ntp and 6 more | 2020-06-18 | 4.3 MEDIUM | 7.5 HIGH |
| NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address. | |||||
| CVE-2020-7507 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2020-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service. | |||||
| CVE-2018-16848 | 1 Redhat | 1 Openstack-mistral | 2020-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service. | |||||
| CVE-2019-13232 | 2 Debian, Unzip Project | 2 Debian Linux, Unzip | 2020-06-16 | 2.1 LOW | 3.3 LOW |
| Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. | |||||
| CVE-2016-6171 | 1 Knot-dns | 1 Knot Dns | 2020-06-11 | 5.0 MEDIUM | 8.6 HIGH |
| Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR. | |||||
| CVE-2018-20030 | 1 Libexif Project | 1 Libexif | 2020-06-11 | 7.8 HIGH | 7.5 HIGH |
| An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources. | |||||
| CVE-2020-13849 | 1 Mqtt | 1 Mqtt | 2020-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe. | |||||
| CVE-2020-7661 | 1 Url-regex Project | 1 Url-regex | 2020-06-10 | 7.8 HIGH | 7.5 HIGH |
| all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service. | |||||
| CVE-2018-21238 | 1 Foxitsoftware | 1 Phantompdf | 2020-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows memory consumption via an ArrayBuffer(0xfffffffe) call. | |||||