Total
1934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8295 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user. | |||||
| CVE-2020-8293 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules. | |||||
| CVE-2020-8277 | 4 C-ares Project, Fedoraproject, Nodejs and 1 more | 8 C-ares, Fedora, Node.js and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. | |||||
| CVE-2020-8251 | 2 Fedoraproject, Nodejs | 2 Fedora, Node.js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections. | |||||
| CVE-2020-8246 | 1 Citrix | 5 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network. | |||||
| CVE-2020-8237 | 1 Json-bigint Project | 1 Json-bigint | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack. | |||||
| CVE-2020-8220 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS. | |||||
| CVE-2020-8192 | 1 Fastify | 1 Fastify | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas. | |||||
| CVE-2020-8185 | 2 Fedoraproject, Rubyonrails | 2 Fedora, Rails | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. | |||||
| CVE-2020-8175 | 1 Jpeg-js Project | 1 Jpeg-js | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image. | |||||
| CVE-2020-8136 | 1 Fastify | 1 Fastify-multipart | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request. | |||||
| CVE-2020-8123 | 1 Strapi | 1 Strapi | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application. | |||||
| CVE-2020-7779 | 1 Djvalidator Project | 1 Djvalidator | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!. | |||||
| CVE-2020-7767 | 1 Express-validators Project | 1 Express-validators | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls. | |||||
| CVE-2020-7760 | 2 Codemirror, Oracle | 6 Codemirror, Application Express, Enterprise Manager Express User Interface and 3 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)* | |||||
| CVE-2020-7753 | 1 Trim Project | 1 Trim | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim(). | |||||
| CVE-2020-7733 | 2 Oracle, Ua-parser-js Project | 2 Communications Cloud Native Core Network Function Cloud Native Environment, Ua-parser-js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. | |||||
| CVE-2020-7661 | 1 Url-regex Project | 1 Url-regex | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service. | |||||
| CVE-2020-7587 | 1 Siemens | 13 Opcenter Execution Discrete, Opcenter Execution Foundation, Opcenter Execution Process and 10 more | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service. | |||||
| CVE-2020-7584 | 1 Siemens | 4 Simatic S7-200 Smart Sr Cpu, Simatic S7-200 Smart Sr Cpu Firmware, Simatic S7-200 Smart St Cpu and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-200 SMART CPU family (All versions >= V2.2 < V2.5.1). Affected devices do not properly handle large numbers of new incomming connections and could crash under certain circumstances. An attacker may leverage this to cause a Denial-of-Service situation. | |||||