VYPR

CVEs

101,963 total · page 1423 of 2,040

  • CVE-2020-1671HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the…

  • CVE-2020-1667HigOct 16, 2020
    risk 0.54cvss 8.3epss 0.01

    When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this…

  • CVE-2020-1664HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.00

    A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. This issue affects Juniper…

  • CVE-2020-1662HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with…

  • CVE-2020-1660HigOct 16, 2020
    risk 0.54cvss 8.3epss 0.01

    When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may…

  • CVE-2020-1657HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel.…

  • CVE-2020-1656HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.01

    The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing…

  • CVE-2020-25214HigOct 16, 2020
    risk 0.53cvss 8.1epss 0.04

    In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint.

  • CVE-2020-9992HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.03

    This issue was addressed by encrypting communications over the network to devices running iOS 14, iPadOS 14, tvOS 14, and watchOS 7. This issue is fixed in iOS 14.0 and iPadOS 14.0, Xcode 12.0. An attacker in a privileged network position may be able to execute arbitrary code on…

  • CVE-2020-9983HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.02

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to code execution.

  • CVE-2020-9958HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory.

  • CVE-2020-9952HigOct 16, 2020
    risk 0.46cvss 7.1epss 0.01

    An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site…

  • CVE-2020-9951HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.02

    A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2020-9948HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.02

    A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution.

  • CVE-2020-9936HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously…

  • CVE-2020-9931HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.02

    A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may cause an unexpected application termination.

  • CVE-2020-9923HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges.

  • CVE-2020-9917HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.02

    This issue was addressed with improved checks. This issue is fixed in iOS 13.6 and iPadOS 13.6. A remote attacker may be able to cause a denial of service.

  • CVE-2020-9914HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed…

  • CVE-2020-9911HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. An issue in Safari Reader mode may allow a remote attacker to bypass the Same Origin Policy.

  • CVE-2020-9910HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.02

    Multiple issues were addressed with improved logic. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker with arbitrary read and write…

  • CVE-2020-9907HigKEVOct 16, 2020
    risk 0.63cvss 7.8epss 0.04

    A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-9903HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.6 and iPadOS 13.6, Safari 13.1.2. A malicious attacker may cause Safari to suggest a password for the wrong domain.

  • CVE-2020-9893HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.03

    A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause…

  • CVE-2020-9891HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2020-9890HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2020-9889HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.02

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2020-9888HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2020-9884HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution.

  • CVE-2020-9878HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code…

  • CVE-2020-9870HigOct 16, 2020
    risk 0.57cvss 8.8epss 0.02

    A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code.

  • CVE-2020-9865HigOct 16, 2020
    risk 0.56cvss 8.6epss 0.01

    A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to break out of its sandbox.

  • CVE-2020-9862HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.02

    A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying…

  • CVE-2020-9799HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.01

    An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges.

  • CVE-2020-4636HigOct 16, 2020
    risk 0.47cvss 7.2epss 0.01

    IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503.

  • CVE-2020-4254HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 175560.

  • CVE-2020-15258HigOct 16, 2020
    risk 0.00cvss 8.0epss 0.02

    In Wire before 3.20.x, `shell.openExternal` was used without checking the URL. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL…

  • CVE-2020-15255HigOct 16, 2020
    risk 0.03cvss 8.7epss 0.04

    In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equal sign). This is fixed in version…

  • CVE-2020-15254HigOct 16, 2020
    risk 0.00cvss 8.1epss 0.03

    Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not actually guarantee that…

  • CVE-2020-15252HigOct 16, 2020
    risk 0.56cvss 8.5epss 0.03

    In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code…

  • CVE-2020-27178HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.01

    Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.

  • CVE-2020-3991HigOct 16, 2020
    risk 0.46cvss 7.1epss 0.00

    VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a…

  • CVE-2020-26682HigOct 16, 2020
    risk 0.00cvss 8.8epss 0.02

    In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.

  • CVE-2020-15867HigOct 16, 2020
    risk 0.57cvss 7.2epss 0.87

    The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the…

  • CVE-2020-14144HigOct 16, 2020
    risk 0.03cvss 7.2epss 0.95

    The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the…

  • CVE-2020-26893HigOct 16, 2020
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client…

  • CVE-2020-25829HigOct 16, 2020
    risk 0.49cvss 7.5epss 0.07

    An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY…

  • CVE-2020-27176HigOct 16, 2020
    risk 0.54cvss 8.3epss 0.02

    Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML…

  • CVE-2020-27174HigOct 16, 2020
    risk 0.00cvss 7.5epss 0.02

    In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than…

  • CVE-2020-27173HigOct 16, 2020
    risk 0.00cvss 7.5epss 0.02

    In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory…