Skip to main content
CVE-2020-16899 HIGH PATCH This Week

<p>A denial of service vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.5
EPSS
13.3%
CVE-2020-16896 HIGH PATCH This Week

<p>An information disclosure vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Windows 10 Windows 7 Windows 8 1 Windows Rt 8 1 +4
NVD
CVSS 3.1
7.5
EPSS
10.5%
CVE-2020-16863 HIGH PATCH This Week

<p>A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 7 Windows Server 2008
NVD
CVSS 3.1
7.5
EPSS
5.8%
CVE-2020-1686 HIGH This Week

On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-1684 HIGH This Week

On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-1683 HIGH This Week

On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2020-1679 HIGH This Week

On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-1672 HIGH This Week

On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-1671 HIGH This Week

On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-1662 HIGH This Week

On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-1657 HIGH This Week

On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-9931 HIGH This Week

A denial of service issue was addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-9917 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-9914 HIGH This Week

An input validation issue existed in Bluetooth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os Tvos
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-9911 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Safari Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-9903 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-4254 HIGH This Week

IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-27178 HIGH PATCH This Week

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Central Authentication Service
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-25829 HIGH This Week

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recursor Backports Sle Leap
NVD
CVSS 3.1
7.5
EPSS
6.5%
CVE-2020-27174 HIGH PATCH This Week

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Firecracker
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-27173 HIGH PATCH This Week

In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Vm Superio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-1677 HIGH This Week

When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Mist Cloud Ui
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2020-1676 HIGH This Week

When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Mist Cloud Ui
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2020-4636 HIGH This Week

IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-16969 HIGH PATCH This Week

<p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
7.1
EPSS
2.7%
CVE-2020-16877 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2020-16876 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-9952 HIGH This Week

An input validation issue was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Safari +5
NVD
CVSS 3.1
7.1
EPSS
1.5%
CVE-2020-3991 HIGH PATCH This Week

VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Microsoft VMware Horizon Client
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-16977 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Python Visual Studio Code
NVD
CVSS 3.1
7.0
EPSS
3.4%
CVE-2020-16934 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Microsoft Information Disclosure 365 Apps Office Office 2013 Click To Run
NVD
CVSS 3.1
7.0
EPSS
2.7%
CVE-2020-16933 HIGH PATCH This Week

<p>A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Microsoft Authentication Bypass Windows 10 Windows 7 Windows 8 1 +8
NVD
CVSS 3.1
7.0
EPSS
2.7%
CVE-2020-16900 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2020-16905 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2020-9946 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os Watchos
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2020-1666 MEDIUM This Month

The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos Os Evolved
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2020-16953 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2020-16948 MEDIUM PATCH This Month

<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sharepoint Enterprise Server Sharepoint Foundation Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2020-16943 MEDIUM PATCH This Month

<p>An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Commerce. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Dynamics 365
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-1689 MEDIUM This Month

On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-1688 MEDIUM This Month

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-1687 MEDIUM This Month

On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-1681 MEDIUM This Month

Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-1678 MEDIUM This Month

On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2020-1670 MEDIUM This Month

On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-1668 MEDIUM This Month

On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-26183 MEDIUM This Month

Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Emc Networker
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-26182 MEDIUM This Month

Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Emc Networker
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2020-9915 MEDIUM This Month

An access issue existed in Content Security Policy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Apple Icloud Itunes +5
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2020-14299 MEDIUM This Month

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Application Platform Openshift Application Runtimes Single Sign On
NVD
CVSS 3.1
6.5
EPSS
1.4%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy