VYPR

CVEs

100,082 total · page 1385 of 2,002

  • CVE-2020-16894HigOct 16, 2020
    risk 0.50cvss 7.7epss 0.05

    A denial of service vulnerability exists when Windows Network Address Translation (NAT) on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server…

  • CVE-2020-16892HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally…

  • CVE-2020-16891HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating…

  • CVE-2020-16890HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or…

  • CVE-2020-16887HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a…

  • CVE-2020-16885HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need…

  • CVE-2020-16877HigOct 16, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions. To exploit…

  • CVE-2020-16876HigOct 16, 2020
    risk 0.46cvss 7.1epss 0.01

    An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an…

  • CVE-2020-16863HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.05

    A denial of service vulnerability exists in Windows Remote Desktop Service when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the Remote Desktop Service on the…

  • CVE-2020-0764HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit the vulnerability, an attacker would first need code…

  • CVE-2020-1686HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine. An attacker can repeatedly send the offending packet resulting in an…

  • CVE-2020-1684HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically…

  • CVE-2020-1683HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can…

  • CVE-2020-1679HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that…

  • CVE-2020-1677HigOct 16, 2020
    risk 0.47cvss 7.2epss 0.00

    When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security…

  • CVE-2020-1676HigOct 16, 2020
    risk 0.47cvss 7.2epss 0.01

    When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue…

  • CVE-2020-1675HigOct 16, 2020
    risk 0.54cvss 8.3epss 0.01

    When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper…

  • CVE-2020-1673HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.02

    Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This…

  • CVE-2020-1672HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly…

  • CVE-2020-1671HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the…

  • CVE-2020-1667HigOct 16, 2020
    risk 0.54cvss 8.3epss 0.01

    When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this…

  • CVE-2020-1664HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.00

    A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. This issue affects Juniper…

  • CVE-2020-1662HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with…

  • CVE-2020-1660HigOct 16, 2020
    risk 0.54cvss 8.3epss 0.01

    When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may…

  • CVE-2020-1657HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel.…

  • CVE-2020-1656HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.01

    The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing…

  • CVE-2020-25214HigOct 16, 2020
    risk 0.53cvss 8.1epss 0.04

    In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint.

  • CVE-2020-9992HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.03

    This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on…

  • CVE-2020-9983HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.02

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.

  • CVE-2020-9958HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory.

  • CVE-2020-9952HigOct 16, 2020
    risk 0.46cvss 7.1epss 0.01

    An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site…

  • CVE-2020-9951HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.02

    A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2020-9948HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.02

    A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2020-9936HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously…

  • CVE-2020-9931HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.02

    A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination.

  • CVE-2020-9923HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.

  • CVE-2020-9917HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.02

    This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service.

  • CVE-2020-9914HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed…

  • CVE-2020-9911HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy.

  • CVE-2020-9910HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.02

    Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write…

  • CVE-2020-9907HigKEVOct 16, 2020
    risk 0.63cvss 7.8epss 0.04

    A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-9903HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain.

  • CVE-2020-9893HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.03

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause…

  • CVE-2020-9891HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2020-9890HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2020-9889HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.02

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2020-9888HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2020-9884HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2020-9878HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code…

  • CVE-2020-9870HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.02

    A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code.