Skip to main content
CVE-2020-1653 HIGH This Week

On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-1650 HIGH This Week

On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-1649 HIGH This Week

When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-1648 HIGH This Week

On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-1646 HIGH This Week

On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-1644 HIGH This Week

On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-1640 HIGH This Week

An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-15108 HIGH PATCH This Week

In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

SQLi Glpi
NVD GitHub
CVSS 3.1
7.1
EPSS
1.2%
CVE-2020-0122 MEDIUM PATCH This Month

In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Google Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2020-9259 MEDIUM This Month

Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00E210R5P1) have an improper authentication vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Authentication Bypass Information Disclosure Honor V30 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-1651 MEDIUM This Month

On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-1641 MEDIUM This Month

A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Race Condition Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-0305 MEDIUM PATCH This Month

In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. Rated medium severity (CVSS 6.4).

Google Race Condition Privilege Escalation Android Leap
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2020-15803 MEDIUM PATCH This Month

Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zabbix Fedora Debian Linux Backports +1
NVD
CVSS 3.1
6.1
EPSS
32.3%
CVE-2020-9485 MEDIUM PATCH This Month

An issue was found in Apache Airflow versions 1.10.10 and below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apache Airflow
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-15586 MEDIUM PATCH This Month

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Go Cf Deployment Routing Release +3
NVD
CVSS 3.1
5.9
EPSS
2.9%
CVE-2020-9255 MEDIUM This Month

Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E178R1P4) have a denial of service vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Huawei Honor 10 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-9227 MEDIUM This Month

Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Moana Al00B Firmware
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-0107 MEDIUM PATCH This Month

In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Authentication Bypass Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2020-1643 MEDIUM This Month

Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Juniper Amd Junos
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-9649 MEDIUM This Month

Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Adobe Information Disclosure Media Encoder
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2020-4104 MEDIUM This Month

HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bigfix Webui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-11983 MEDIUM PATCH This Month

An issue was found in Apache Airflow versions 1.10.10 and below. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apache Airflow
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-1655 MEDIUM This Month

When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2020-5130 MEDIUM This Month

SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicos
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2020-14039 MEDIUM PATCH This Month

In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Go Leap
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2020-9102 LOW Monitor

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Huawei Information Disclosure Cloudengine 12800 Firmware Cloudengine 5800 Firmware Cloudengine 6800 Firmware +1
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2020-9252 LOW Monitor

HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Huawei Path Traversal Mate 20 Firmware Mate 20 X Firmware Mate 20 Rs Firmware +1
NVD
CVSS 3.1
2.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy