Skip to main content
CVE-2020-1629 MEDIUM This Month

A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message.1 versions. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2020-1630 MEDIUM This Month

A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-1624 MEDIUM This Month

A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files.1R1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-1623 MEDIUM This Month

A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file.2R1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-1622 MEDIUM This Month

A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore.1R1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-1621 MEDIUM This Month

A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces.3R1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-1620 MEDIUM This Month

A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log.3R1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-1986 MEDIUM This Month

Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Secdo
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-11601 MEDIUM This Month

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-4290 MEDIUM PATCH This Month

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Information Queue
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-4252 MEDIUM PATCH This Month

IBM DOORS Next Generation (DNG/RRC) 6.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Doors Next Generation Rational Doors Next Generation
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-1628 MEDIUM This Month

Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-1616 MEDIUM This Month

Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Advanced Threat Protection Virtual Advanced Threat Protection
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-10978 MEDIUM This Month

GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-11576 MEDIUM PATCH This Month

Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
5.3
EPSS
1.9%
CVE-2020-11607 MEDIUM This Month

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-4289 MEDIUM PATCH This Month

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

IBM Information Disclosure Security Information Queue
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-4284 MEDIUM PATCH This Month

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Information Queue
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-11628 MEDIUM This Month

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ejbca
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-1978 MEDIUM This Month

TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Microsoft Authentication Bypass Vm Series Pan Os
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-10981 MEDIUM This Month

GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-10979 MEDIUM This Month

GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-10975 MEDIUM This Month

GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-4291 MEDIUM PATCH This Month

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Session Fixation Information Disclosure Security Information Queue
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2020-4282 MEDIUM PATCH This Month

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

IBM Authentication Bypass Security Information Queue
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-1987 LOW Monitor

An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Paloalto Information Disclosure Globalprotect
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2020-4164 LOW PATCH Monitor

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Information Queue
NVD
CVSS 3.1
2.7
EPSS
1.0%
CVE-2020-11606 LOW Monitor

An issue was discovered on Samsung mobile devices with Q(10.0) software. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2020-11602 LOW Monitor

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Samsung Information Disclosure Android
NVD
CVSS 3.1
2.4
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy