ReportizFlow
Filtered by vendor
Subscriptions
Total
3424 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8175 | 1 Jpeg-js Project | 1 Jpeg-js | 2024-11-21 | 5.5 Medium |
| Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of service attacks using specially a crafted JPEG image. | ||||
| CVE-2020-8136 | 1 Fastify | 1 Fastify-multipart | 2024-11-21 | 7.5 High |
| Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify applications parsing multipart requests by sending a specially crafted request. | ||||
| CVE-2020-8123 | 1 Strapi | 1 Strapi | 2024-11-21 | 4.9 Medium |
| A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application. | ||||
| CVE-2020-8037 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Macos, Debian Linux and 3 more | 2024-11-21 | 7.5 High |
| The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. | ||||
| CVE-2020-7793 | 2 Siemens, Ua-parser-js Project | 2 Sinec Ins, Ua-parser-js | 2024-11-21 | 7.5 High |
| The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). | ||||
| CVE-2020-7788 | 3 Debian, Ini Project, Redhat | 5 Debian Linux, Ini, Enterprise Linux and 2 more | 2024-11-21 | 7.3 High |
| This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. | ||||
| CVE-2020-7779 | 1 Djvalidator Project | 1 Djvalidator | 2024-11-21 | 5.3 Medium |
| All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!. | ||||
| CVE-2020-7768 | 1 Grpc | 1 Grpc | 2024-11-21 | 7.5 High |
| The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. | ||||
| CVE-2020-7767 | 1 Express-validators Project | 1 Express-validators | 2024-11-21 | 5.3 Medium |
| All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls. | ||||
| CVE-2020-7760 | 2 Codemirror, Oracle | 6 Codemirror, Application Express, Enterprise Manager Express User Interface and 3 more | 2024-11-21 | 5.3 Medium |
| This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)* | ||||
| CVE-2020-7754 | 2 Npmjs, Redhat | 3 Npm-user-validate, Enterprise Linux, Rhel Software Collections | 2024-11-21 | 7.5 High |
| This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. | ||||
| CVE-2020-7753 | 1 Trim Project | 1 Trim | 2024-11-21 | 7.5 High |
| All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim(). | ||||
| CVE-2020-7743 | 2 Mathjs, Redhat | 2 Mathjs, Ansible Tower | 2024-11-21 | 7.3 High |
| The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. | ||||
| CVE-2020-7733 | 3 Oracle, Redhat, Ua-parser-js Project | 3 Communications Cloud Native Core Network Function Cloud Native Environment, Rhev Manager, Ua-parser-js | 2024-11-21 | 7.5 High |
| The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phones and Mi Pad Tablets UA. | ||||
| CVE-2020-7720 | 2 Digitalbazaar, Redhat | 3 Forge, Ansible Tower, Openshift Container Storage | 2024-11-21 | 9.8 Critical |
| The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions. | ||||
| CVE-2020-7693 | 1 Sockjs Project | 1 Sockjs | 2024-11-21 | 5.3 Medium |
| Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20. | ||||
| CVE-2020-7663 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Satellite and 2 more | 2024-11-21 | 7.5 High |
| websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other character. This could be abused by an attacker to conduct Regex Denial Of Service (ReDoS) on a single-threaded server by providing a malicious payload with the Sec-WebSocket-Extensions header. | ||||
| CVE-2020-7661 | 1 Url-regex Project | 1 Url-regex | 2024-11-21 | 7.5 High |
| all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker providing a very long string in String.test can cause a Denial of Service. | ||||
| CVE-2020-7587 | 1 Siemens | 13 Opcenter Execution Discrete, Opcenter Execution Foundation, Opcenter Execution Process and 10 more | 2024-11-21 | 8.2 High |
| A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending multiple specially crafted packets to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. On some cases the vulnerability could leak random information from the remote service. | ||||
| CVE-2020-7584 | 1 Siemens | 4 Simatic S7-200 Smart Sr Cpu, Simatic S7-200 Smart Sr Cpu Firmware, Simatic S7-200 Smart St Cpu and 1 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIMATIC S7-200 SMART CPU family (All versions >= V2.2 < V2.5.1). Affected devices do not properly handle large numbers of new incomming connections and could crash under certain circumstances. An attacker may leverage this to cause a Denial-of-Service situation. | ||||