Skip to main content
CVE-2020-1657 HIGH This Week

On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-9931 HIGH This Week

A denial of service issue was addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-9917 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-9914 HIGH This Week

An input validation issue existed in Bluetooth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os Tvos
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-9911 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Safari Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-9903 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2020-4254 HIGH This Week

IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Security Guardium Big Data Intelligence
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2020-27178 HIGH PATCH This Week

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Central Authentication Service
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-25829 HIGH This Week

An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recursor Backports Sle Leap
NVD
CVSS 3.1
7.5
EPSS
6.5%
CVE-2020-27174 HIGH PATCH This Week

In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Firecracker
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2020-27173 HIGH PATCH This Week

In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Vm Superio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2020-1677 HIGH This Week

When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Mist Cloud Ui
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2020-1676 HIGH This Week

When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Mist Cloud Ui
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2020-4636 HIGH This Week

IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Command Injection Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2020-16969 HIGH PATCH This Week

<p>An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.1
7.1
EPSS
2.7%
CVE-2020-16877 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2020-16876 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows Server 2016 Windows Server 2019
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-9952 HIGH This Week

An input validation issue was addressed with improved input validation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Apple Icloud Safari +5
NVD
CVSS 3.1
7.1
EPSS
1.5%
CVE-2020-3991 HIGH PATCH This Week

VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Microsoft VMware Horizon Client
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2020-16977 HIGH PATCH This Week

<p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

RCE Python Visual Studio Code
NVD
CVSS 3.1
7.0
EPSS
3.4%
CVE-2020-16934 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) AppVLP handles certain files. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Microsoft Information Disclosure 365 Apps Office Office 2013 Click To Run
NVD
CVSS 3.1
7.0
EPSS
2.7%
CVE-2020-16933 HIGH PATCH This Week

<p>A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Microsoft Authentication Bypass Windows 10 Windows 7 Windows 8 1 +8
NVD
CVSS 3.1
7.0
EPSS
2.7%
CVE-2020-16900 HIGH PATCH This Week

<p>An elevation of privilege vulnerability exists when the Windows Event System improperly handles objects in memory.</p> <p>To exploit this vulnerability, an attacker would first have to gain. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.1
7.0
EPSS
0.7%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy