Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2314 | 1 Juniper | 1 Junos | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7; 15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D33, 15.1X53-D50. | |||||
| CVE-2020-8815 | 1 Iktm | 1 Bearftp | 2020-02-19 | 5.0 MEDIUM | 7.5 HIGH |
| Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of small packets. | |||||
| CVE-2020-6177 | 1 Sap | 1 Mobile Platform | 2020-02-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server. | |||||
| CVE-2020-6192 | 1 Sap | 1 Landscape Management | 2020-02-19 | 9.0 HIGH | 7.2 HIGH |
| SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. | |||||
| CVE-2020-6191 | 1 Sap | 1 Landscape Management | 2020-02-19 | 9.0 HIGH | 7.2 HIGH |
| SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. | |||||
| CVE-2020-8843 | 1 Istio | 1 Istio | 2020-02-19 | 5.8 MEDIUM | 7.4 HIGH |
| An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4. | |||||
| CVE-2013-5106 | 1 Python-mode Project | 1 Python-mode | 2020-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19. | |||||
| CVE-2020-8614 | 1 Askey | 2 Ap4000w, Ap4000w Firmware | 2020-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188. | |||||
| CVE-2018-10920 | 1 Nic | 1 Knot Resolver | 2020-02-18 | 4.3 MEDIUM | 6.8 MEDIUM |
| Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache. | |||||
| CVE-2020-8124 | 1 Url-parse Project | 1 Url-parse | 2020-02-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. | |||||
| CVE-2018-10140 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected. | |||||
| CVE-2016-3654 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | 7.2 HIGH |
| The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter. | |||||
| CVE-2016-3655 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call. | |||||
| CVE-2016-1712 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 7.2 HIGH | 7.8 HIGH |
| Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation. | |||||
| CVE-2017-8390 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name. | |||||
| CVE-2018-9242 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 6.6 MEDIUM | 5.5 MEDIUM |
| The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. | |||||
| CVE-2012-6597 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 6.3 MEDIUM | N/A |
| Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254. | |||||
| CVE-2020-6401 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2020-6412 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2020-6399 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||