Export limit exceeded: 364861 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364861 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6993 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12768 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will | ||||
| CVE-2020-12758 | 1 Hashicorp | 1 Consul | 2024-11-21 | 7.5 High |
| HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4. | ||||
| CVE-2020-12757 | 1 Hashicorp | 1 Vault | 2024-11-21 | 9.8 Critical |
| HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2. | ||||
| CVE-2020-12739 | 1 Fanuc | 32 Power Motion I-model A, Power Motion I-model A Firmware, Series 0i-mate D and 29 more | 2024-11-21 | 5.3 Medium |
| A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. | ||||
| CVE-2020-12695 | 22 Asus, Broadcom, Canon and 19 more | 218 Rt-n11, Adsl, Selphy Cp1200 and 215 more | 2024-11-21 | 7.5 High |
| The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue. | ||||
| CVE-2020-12667 | 1 Nic | 1 Knot Resolver | 2024-11-21 | 7.5 High |
| Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | ||||
| CVE-2020-12662 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 7.5 High |
| Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | ||||
| CVE-2020-12656 | 3 Canonical, Linux, Opensuse | 3 Ubuntu Linux, Linux Kernel, Leap | 2024-11-21 | 5.5 Medium |
| gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug | ||||
| CVE-2020-12605 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | 7.5 High |
| Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs. | ||||
| CVE-2020-12604 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | 7.5 High |
| Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to increased memory usage in the case where an HTTP/2 client requests a large payload but does not send enough window updates to consume the entire stream and does not reset the stream. | ||||
| CVE-2020-12603 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-11-21 | 7.5 High |
| Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when proxying HTTP/2 requests or responses with many small (i.e. 1 byte) data frames. | ||||
| CVE-2020-12524 | 1 Phoenixcontact | 6 Btp 2043w, Btp 2043w Firmware, Btp 2070w and 3 more | 2024-11-21 | 7.5 High |
| Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service). | ||||
| CVE-2020-12516 | 1 Wago | 20 750-331, 750-331 Firmware, 750-352 and 17 more | 2024-11-21 | 7.5 High |
| Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88x and 750-352 are vulnerable for a special denial of service attack. | ||||
| CVE-2020-12439 | 1 Grin | 1 Grin | 2024-11-21 | 5.3 Medium |
| Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain. | ||||
| CVE-2020-12430 | 1 Redhat | 2 Enterprise Linux, Libvirt | 2024-11-21 | 6.5 Medium |
| An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service. | ||||
| CVE-2020-12296 | 1 Intel | 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more | 2024-11-21 | 5.5 Medium |
| Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-12291 | 1 Intel | 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more | 2024-11-21 | 5.5 Medium |
| Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-12243 | 9 Apple, Broadcom, Canonical and 6 more | 28 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 25 more | 2024-11-21 | 7.5 High |
| In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | ||||
| CVE-2020-12114 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2024-11-21 | 4.7 Medium |
| A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. | ||||
| CVE-2020-12049 | 3 Canonical, Freedesktop, Redhat | 5 Ubuntu Linux, Dbus, Enterprise Linux and 2 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients. | ||||