CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-06-19
Medium
CVE-2017-18899

Vendor: Mattermost
Software: Mattermost s...
 

 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.

 
2020-06-17
Medium
CVE-2020-14405

Vendor: Libvncserver project
Software: Libvncserver
 

 
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.

 
2020-05-13
Medium
CVE-2020-12697

Vendor: DKD
Software: Direct mail
 

 
The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries.

 
2020-03-27
Medium
CVE-2020-8552

Vendor: Kubernetes
Software: Kubernetes
 

 
The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

 
Low
CVE-2020-8551

Vendor: Kubernetes
Software: Kubernetes
 

 
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.

 
2020-03-20
Low
CVE-2020-9345

Updating...
 

 
An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the application doesn't limit the number of opened WebSocket sockets. If a victim visits an attacker-controlled website, this vulnerability can be exploited.

 
2020-03-18
Medium
CVE-2019-11939

Vendor: Facebook
Software: Thrift
 

 
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00.

 
2020-03-10
Medium
CVE-2019-3553

Vendor: Facebook
Software: Thrift
 

 
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00.

 
Medium
CVE-2019-11938

Vendor: Facebook
Software: Thrift
 

 
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00.

 
2020-01-24
Medium
CVE-2020-7226

Vendor: VT
Software: Cryptacular
 

 
CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top