Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3738 | 1 Zabbix | 1 Zabbix | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2017-2314 | 1 Juniper | 1 Junos | 2020-02-20 | 5.0 MEDIUM | 7.5 HIGH |
| Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeatedly crash the rpd process causing prolonged denial of service. No other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS 12.3 prior to 12.3R12-S4, 12.3R13, 12.3R3-S4; 12.3X48 prior to 12.3X48-D50; 13.3 prior to 13.3R4-S11, 13.3R10; 14.1 prior to 14.1R8-S3, 14.1R9; 14.1X53 prior to 14.1X53-D40; 14.1X55 prior to 14.1X55-D35; 14.2 prior to 14.2R4-S7, 14.2R6-S4, 14.2R7; 15.1 prior to 15.1F2-S11, 15.1F4-S1-J1, 15.1F5-S3, 15.1F6, 15.1R4; 15.1X49 prior to 15.1X49-D100; 15.1X53 prior to 15.1X53-D33, 15.1X53-D50. | |||||
| CVE-2020-8815 | 1 Iktm | 1 Bearftp | 2020-02-19 | 5.0 MEDIUM | 7.5 HIGH |
| Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a remote attacker to achieve denial of service via a Slowloris approach by sending a large volume of small packets. | |||||
| CVE-2020-6177 | 1 Sap | 1 Mobile Platform | 2020-02-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server. | |||||
| CVE-2020-6192 | 1 Sap | 1 Landscape Management | 2020-02-19 | 9.0 HIGH | 7.2 HIGH |
| SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. | |||||
| CVE-2020-6191 | 1 Sap | 1 Landscape Management | 2020-02-19 | 9.0 HIGH | 7.2 HIGH |
| SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. | |||||
| CVE-2020-8843 | 1 Istio | 1 Istio | 2020-02-19 | 5.8 MEDIUM | 7.4 HIGH |
| An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to bypass a specifically configured Mixer policy. Istio-proxy accepts the x-istio-attributes header at ingress that can be used to affect policy decisions when Mixer policy selectively applies to a source equal to ingress. To exploit this vulnerability, someone has to encode a source.uid in this header. This feature is disabled by default in Istio 1.3 and 1.4. | |||||
| CVE-2013-5106 | 1 Python-mode Project | 1 Python-mode | 2020-02-19 | 6.8 MEDIUM | 8.8 HIGH |
| A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19. | |||||
| CVE-2020-8614 | 1 Askey | 2 Ap4000w, Ap4000w Firmware | 2020-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188. | |||||
| CVE-2018-10920 | 1 Nic | 1 Knot Resolver | 2020-02-18 | 4.3 MEDIUM | 6.8 MEDIUM |
| Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache. | |||||
| CVE-2020-8124 | 1 Url-parse Project | 1 Url-parse | 2020-02-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. | |||||
| CVE-2018-9242 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 6.6 MEDIUM | 5.5 MEDIUM |
| The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier may allow an attacker to delete files in the system via specific request parameters. | |||||
| CVE-2018-10140 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected. | |||||
| CVE-2017-8390 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name. | |||||
| CVE-2016-3655 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 10.0 HIGH | 9.8 CRITICAL |
| The management web interface in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to execute arbitrary OS commands via an unspecified API call. | |||||
| CVE-2016-3654 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 9.0 HIGH | 7.2 HIGH |
| The device management command line interface (CLI) in Palo Alto Networks PAN-OS before 5.0.18, 5.1.x before 5.1.11, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5H2 allows remote authenticated administrators to execute arbitrary OS commands via an SSH command parameter. | |||||
| CVE-2016-1712 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 7.2 HIGH | 7.8 HIGH |
| Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation. | |||||
| CVE-2012-6597 | 1 Paloaltonetworks | 1 Pan-os | 2020-02-17 | 6.3 MEDIUM | N/A |
| Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to cause a denial of service (management-server crash) by using the command-line interface for a crafted command, aka Ref ID 35254. | |||||
| CVE-2013-1607 | 1 Pdfkit Project | 1 Pdfkit | 2020-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability | |||||
| CVE-2020-0751 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2020-02-13 | 2.1 LOW | 6.0 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests., aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0661. | |||||