Total
1413 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4766 | 1 Ibm | 1 Mq Internet Pass-thru | 2021-01-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cause a denial of service by sending malformed MQ data requests which would consume all available resources. IBM X-Force ID: 188093. | |||||
| CVE-2021-22168 | 1 Gitlab | 1 Gitlab | 2021-01-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8. | |||||
| CVE-2021-22166 | 1 Gitlab | 1 Gitlab | 2021-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method | |||||
| CVE-2020-9203 | 1 Huawei | 2 P30, P30 Firmware | 2021-01-19 | 2.1 LOW | 3.3 LOW |
| There is a resource management errors vulnerability in Huawei P30. Local attackers construct broadcast message for some application, causing this application to send this broadcast message and impact the customer's use experience. | |||||
| CVE-2021-21236 | 1 Courtbouillon | 1 Cairosvg | 2021-01-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time. This is fixed in version 2.5.1. See Referenced GitHub advisory for more information. | |||||
| CVE-2020-29490 | 1 Dell | 3 Emc Unity Operating Environment, Emc Unity Vsa Operating Environment, Emc Unity Xt Operating Environment | 2021-01-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service vulnerability on NAS Servers with NFS exports. A remote authenticated attacker could potentially exploit this vulnerability and cause Denial of Service (Storage Processor Panic) by sending specially crafted UDP requests. | |||||
| CVE-2011-4838 | 1 Jruby | 1 Jruby | 2021-01-12 | 5.0 MEDIUM | N/A |
| JRuby before 1.6.5.1 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. | |||||
| CVE-2020-36048 | 1 Socket | 1 Engine.io | 2021-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| Engine.IO before 4.0.0 allows attackers to cause a denial of service (resource consumption) via a POST request to the long polling transport. | |||||
| CVE-2020-35916 | 1 Image-rs | 1 Image | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.) | |||||
| CVE-2020-26289 | 1 Date-and-time Project | 1 Date-and-time | 2020-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2. | |||||
| CVE-2020-27724 | 1 F5 | 1 Big-ip Access Policy Manager | 2020-12-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel. | |||||
| CVE-2020-27722 | 1 F5 | 1 Big-ip Access Policy Manager | 2020-12-28 | 3.5 LOW | 6.5 MEDIUM |
| In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption. | |||||
| CVE-2018-1000891 | 1 Bitcoinsv | 1 Bitcoin Sv | 2020-12-23 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving messages with invalid checksums. | |||||
| CVE-2018-1000892 | 1 Bitcoinsv | 1 Bitcoin Sv | 2020-12-23 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving sendheaders messages. | |||||
| CVE-2018-1000893 | 1 Bitcoinsv | 1 Bitcoin Sv | 2020-12-23 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when deserializing transactions. | |||||
| CVE-2020-26264 | 1 Ethereum | 1 Go Ethereum | 2020-12-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only concerns users explicitly enabling les server; disabling les prevents the exploit. The vulnerability was patched in version 1.9.25. | |||||
| CVE-2020-25630 | 1 Moodle | 1 Moodle | 2020-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14. | |||||
| CVE-2020-12524 | 1 Phoenixcontact | 6 Btp 2043w, Btp 2043w Firmware, Btp 2070w and 3 more | 2020-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service). | |||||
| CVE-2020-5423 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2020-12-04 | 7.8 HIGH | 7.5 HIGH |
| CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM. | |||||
| CVE-2020-5666 | 1 Mitsubishielectric | 16 Melsec Iq-r00, Melsec Iq-r00 Firmware, Melsec Iq-r01 and 13 more | 2020-12-03 | 7.1 HIGH | 7.5 HIGH |
| Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication. | |||||