Total
3419 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8557 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 5.5 Medium |
| The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail. | ||||
| CVE-2020-8552 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Kubernetes, Openshift | 2024-11-21 | 5.3 Medium |
| The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. | ||||
| CVE-2020-8551 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Kubernetes, Openshift | 2024-11-21 | 4.3 Medium |
| The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250. | ||||
| CVE-2020-8492 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 6.5 Medium |
| Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking. | ||||
| CVE-2020-8299 | 1 Citrix | 17 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 14 more | 2024-11-21 | 6.5 Medium |
| Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. Note that the attacker must be in the same Layer 2 network segment as the vulnerable appliance. | ||||
| CVE-2020-8295 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 7.5 High |
| A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user. | ||||
| CVE-2020-8293 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 6.5 Medium |
| A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules. | ||||
| CVE-2020-8246 | 1 Citrix | 5 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 2 more | 2024-11-21 | 7.5 High |
| Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network. | ||||
| CVE-2020-8237 | 2 Json-bigint Project, Redhat | 2 Json-bigint, Openshift Container Storage | 2024-11-21 | 7.5 High |
| Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack. | ||||
| CVE-2020-8229 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 5.5 Medium |
| A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. | ||||
| CVE-2020-8220 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 6.5 Medium |
| A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated attacker to perform command injection via the administrator web which can cause DOS. | ||||
| CVE-2020-8192 | 1 Fastify | 1 Fastify | 2024-11-21 | 6.5 Medium |
| A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas. | ||||
| CVE-2020-8185 | 3 Fedoraproject, Redhat, Rubyonrails | 3 Fedora, Satellite, Rails | 2024-11-21 | 6.5 Medium |
| A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. | ||||
| CVE-2020-8175 | 1 Jpeg-js Project | 1 Jpeg-js | 2024-11-21 | 5.5 Medium |
| Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image. | ||||
| CVE-2020-8136 | 1 Fastify | 1 Fastify-multipart | 2024-11-21 | 7.5 High |
| Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request. | ||||
| CVE-2020-8123 | 1 Strapi | 1 Strapi | 2024-11-21 | 4.9 Medium |
| A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application. | ||||
| CVE-2020-8037 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Macos, Debian Linux and 3 more | 2024-11-21 | 7.5 High |
| The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. | ||||
| CVE-2020-7793 | 2 Siemens, Ua-parser-js Project | 2 Sinec Ins, Ua-parser-js | 2024-11-21 | 7.5 High |
| The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). | ||||
| CVE-2020-7788 | 3 Debian, Ini Project, Redhat | 5 Debian Linux, Ini, Enterprise Linux and 2 more | 2024-11-21 | 7.3 High |
| This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. | ||||
| CVE-2020-7779 | 1 Djvalidator Project | 1 Djvalidator | 2024-11-21 | 5.3 Medium |
| All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!. | ||||