Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1847 | 1 Huawei | 12 Nip6300, Nip6300 Firmware, Nip6600 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attackers can construct attack scenarios, which leads to denial of service.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500 ...
Show More |
|||||
| CVE-2020-1845 | 1 Huawei | 1 Pcmanager | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
Huawei PCManager product with versions earlier than 10.0.5.53 have a local privilege escalation vulnerability. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.
|
|||||
| CVE-2020-1844 | 1 Huawei | 1 Pcmanager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products. An authenticated, local attacker can perform specific operation to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege.
|
|||||
| CVE-2020-1843 | 1 Huawei | 10 Hege-560, Hege-560 Firmware, Osca-550 and 7 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation.
|
|||||
| CVE-2020-1841 | 1 Huawei | 8 Cloudlink Board, Cloudlink Board Firmware, Dp300 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6500 versions V100R001C00, V500R002C00, and V500R002C00SPC900; and TE60 versions V500R002C00, V600R006C00, V600R006C00SPC200, V600R006C00SPC300, V600R006C10, V600R019C00, and V600R019C00SPC100 have an information leak vulnerability. An unauthenticated, remote attacker can make a large number of attempts to guess information. Successful exploitation may cause information leak.
|
|||||
| CVE-2020-1837 | 1 Huawei | 2 Changxiang 8 Plus, Changxiang 8 Plus Firmware | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
|
ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) have a denial of service vulnerability. The device does not properly handle certain message from base station, the attacker could craft a fake base station to launch the attack. Successful exploit could cause a denial of signal service condition.
|
|||||
| CVE-2020-1836 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
|
HUAWEI P30 with versions earlier than 10.1.0.160(C00E160R2P11) and HUAWEI P30 Pro with versions earlier than 10.1.0.160(C00E160R2P8) have an information disclosure vulnerability. Certain function's default configuration in the system seems insecure, an attacker should craft a WI-FI hotspot to launch the attack. Successful exploit could cause information disclosure.
|
|||||
| CVE-2020-1835 | 1 Huawei | 2 Mate 30, Mate 30 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure.
|
|||||
| CVE-2020-1817 | 1 Huawei | 1 Pcmanager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Huawei PCManager with versions earlier than 10.0.1.36 has a privilege escalation vulnerability. Due to improper permission management of specific files, local attackers with low permissions can inject commands to exploit this vulnerability. Successful exploit may cause privilege escalation.
|
|||||
| CVE-2020-1816 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Denial of Service (DoS) vulnerability. Due to improper processing of specific IPSEC packets, remote attackers can send constructed IPSEC packets to affected devices to exploit this vulnerability. Successful exploit could cause the IPSec function of the affected device abnormal.
|
|||||
| CVE-2020-1809 | 1 Huawei | 2 Mate 10, Mate 10 Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure.
|
|||||
| CVE-2020-1807 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2024-11-21 | 3.6 LOW | 3.5 LOW |
|
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E74R3P8) have an improper authorization vulnerability. The software does not properly restrict certain user's modification of certain configuration file, successful exploit could allow the attacker to bypass app lock after a series of operation in ADB mode.
|
|||||
| CVE-2020-1800 | 1 Huawei | 2 P30, P30 Firmware | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. The software incorrectly restricts access to a function interface from an unauthorized actor, the attacker tricks the user into installing a crafted application, successful exploit could allow the attacker do certain unauthenticated operations.
|
|||||
| CVE-2020-1797 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function.
|
|||||
| CVE-2020-1791 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system has a logic judging error under certain scenario, successful exploit could allow the attacker to switch to third desktop after a series of operation in ADB mode.
|
|||||
| CVE-2020-1785 | 1 Huawei | 8 Honor 10, Honor 10 Firmware, Honor V10 and 5 more | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
|
Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of service vulnerability. The system does not properly check the status of certain module during certain operations, an attacker should trick the user into installing a malicious application, successful exploit could cause reboot of the smartphone.
|
|||||
| CVE-2020-1772 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue affects: ((OTRS)) Community Edition 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
|
|||||
| CVE-2020-1769 | 2 Opensuse, Otrs | 3 Backports Sle, Leap, Otrs | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions.
|
|||||
| CVE-2020-1748 | 1 Redhat | 3 Decision Manager, Process Automation, Wildfly Elytron | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.
|
|||||
| CVE-2020-1745 | 1 Redhat | 1 Undertow | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
|
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerabilit ...
Show More |
|||||
| CVE-2020-1692 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.0 MEDIUM | 8.1 HIGH |
|
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
|
|||||
| CVE-2020-1689 | 1 Juniper | 6 Ex4300-mp, Junos, Qfx5100 and 3 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone configuration. The offending layer 2 frame packets can originate only from within the broadcast domain where the device is connected. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4 ...
Show More |
|||||
| CVE-2020-1688 | 1 Juniper | 17 Junos, Nfx150, Nfx250 and 14 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. This Web API service is used for authentication services such as the Juniper Identity Management Service, ...
Show More |
|||||
| CVE-2020-1687 | 1 Juniper | 1 Junos | 2024-11-21 | 2.9 LOW | 6.5 MEDIUM |
|
On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. This issue affects devices that are configured as a Layer 2 or Layer 3 gateway of an EVPN-VXLAN deployment. The offending layer 2 frames that cause the issue originate from a differen ...
Show More |
|||||
| CVE-2020-1686 | 1 Juniper | 1 Junos | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versio ...
Show More |
|||||
| CVE-2020-1684 | 1 Juniper | 1 Junos | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack is configured. Thus, this issue might occur when IDP, AppFW, AppQoS, or AppTrack is configured. This issue affects Juniper Networks Junos OS ...
Show More |
|||||
| CVE-2020-1679 | 1 Juniper | 20 Junos, Ptx1000, Ptx10001-36mr and 17 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected ...
Show More |
|||||
| CVE-2020-1676 | 1 Juniper | 1 Mist Cloud Ui | 2024-11-21 | 4.3 MEDIUM | 7.2 HIGH |
|
When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.
|
|||||
| CVE-2020-1672 | 1 Juniper | 1 Junos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. Only DHCPv6 packet can trigger this issue. DHCPv4 packet cannot trigger this issue. This issue affects Juniper Networks Junos OS: 17.3 versions prior ...
Show More |
|||||
| CVE-2020-1671 | 1 Juniper | 1 Junos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. This issue only affects DHCPv6, it does not affect DHCPv4. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R ...
Show More |
|||||
| CVE-2020-1670 | 1 Juniper | 2 Ex4300, Junos | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. This issue occurs when the packets enter to the IRB interface. Only IPv4 packets can trigger this issue. IPv6 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS o ...
Show More |
|||||
| CVE-2020-1668 | 1 Juniper | 2 Ex2300, Junos | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. This issue occurs when multicast packets are received by the layer 2 interface. To check if the device has high CPU load due to this issue, the administrator can issue the following command: user@host> show chassis routing-engine Routing Engine status: ... Idle 2 percent the "Idle" value shows as low (2 % in the example ab ...
Show More |
|||||
| CVE-2020-1665 | 1 Juniper | 17 Ex9200, Junos, Mx10 and 14 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. The DDoS protection allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack. When this issue occurs, the RE and/or the FPC can become overwhelmed, which could disrupt network protocol oper ...
Show More |
|||||
| CVE-2020-1662 | 1 Juniper | 1 Junos | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit thre ...
Show More |
|||||
| CVE-2020-1661 | 1 Juniper | 32 Ex2300, Ex2300-c, Ex3400 and 29 more | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forward specified DHCP client packets, without creating a new subscriber session. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed DHCP packet will repea ...
Show More |
|||||
| CVE-2020-1660 | 1 Juniper | 1 Junos | 2024-11-21 | 6.8 MEDIUM | 8.3 HIGH |
|
When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. Thi ...
Show More |
|||||
| CVE-2020-1657 | 1 Juniper | 1 Junos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel. Sustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 implementations. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 version ...
Show More |
|||||
| CVE-2020-1655 | 1 Juniper | 16 Junos, Mx10, Mx10000 and 13 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of large packets requiring fragmentation, generating the following error messages: [LOG: Err] MQSS(0): WO: Packet Error - Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[0:0]: HMCIF Rx: Injected checksum error det ...
Show More |
|||||
| CVE-2020-1652 | 1 Opennms | 1 Opennms | 2024-11-21 | 7.5 HIGH | 5.6 MEDIUM |
|
OpenNMS is accessible via port 9443
|
|||||
| CVE-2020-1650 | 1 Juniper | 16 Junos, Mx10, Mx10000 and 13 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. By continuously sending these specific packets, an attacker can repeatedly bring down MS-PIC on MS-MIC/MS-MPC causing a prolonged Denial of Service. This issue affects MX Series devices using MS-PIC, MS-MIC or MS-MPC service cards with any service configured. This issue affects Juniper Networks Junos OS on MX Series: 17.2R2-S7; 17.3R3-S4, 1 ...
Show More |
|||||