Les dernières vulnérabilités publiées sur la National Vulnerability Database (NVD)

CVE-2019-13633 - Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-13633
Partager : LinkedIn / Twitter / Facebook

CVE-2020-10746 - A flaw was found in Infinispan version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-10746
Partager : LinkedIn / Twitter / Facebook

CVE-2020-11496 - Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-11496
Partager : LinkedIn / Twitter / Facebook

CVE-2020-13778 - rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-13778
Partager : LinkedIn / Twitter / Facebook

CVE-2020-13937 - Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-13937
Partager : LinkedIn / Twitter / Facebook

CVE-2020-15245 - In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any existing account (guest or normal one). The issue has been patched in Sylius 1.6.9, 1.7.9 and 1.8.3. As a workaround, you may resolve this issue on your own by creating a custom event listener, which will listen to the sylius.customer.pre_update event. You can determine that email has been changed if customer email and user username are different. They are synchronized later on. Pay attention, to email changing behavior for administrators. You may need to skip this logic for them. In order to achieve this, you should either check master request path info, if it does not contain /admin prefix or adjust event triggered during customer update in the shop. You can find more information on how to customize the event here.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-15245
Partager : LinkedIn / Twitter / Facebook

CVE-2020-15256 - A prototype pollution vulnerability has been found in `object-path` = 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and setting the option `includeInheritedProps: true`, or by using the default `withInheritedProps` instance. The default operating mode is not affected by the vulnerability if version >= 0.11.0 is used. Any usage of `set()` in versions < 0.11.0 is vulnerable. The issue is fixed in object-path version 0.11.5 As a workaround, don't use the `includeInheritedProps: true` options or the `withInheritedProps` instance if using a version >= 0.11.0.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-15256
Partager : LinkedIn / Twitter / Facebook

CVE-2020-15261 - On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users (both students and teachers) usually don't have administrative privileges, this vulnerability is only dangerous in anyway unsafe setups. The problem has been fixed in version 4.4.2. As a workaround, the exploitation of the vulnerability can be prevented by revoking administrative privileges from all potentially untrustworthy users.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-15261
Partager : LinkedIn / Twitter / Facebook

CVE-2020-15262 - In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. This issue is patched in version 1.5.1.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-15262
Partager : LinkedIn / Twitter / Facebook

CVE-2020-15263 - In platform before version 9.4.4, inline attributes are not properly escaped. If the data that came from users was not escaped, then an XSS vulnerability is possible. The issue was introduced in 9.0.0 and fixed in 9.4.4.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-15263
Partager : LinkedIn / Twitter / Facebook

CVE-2020-15822 - In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-15822
Partager : LinkedIn / Twitter / Facebook

CVE-2020-15909 - SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take advantage of this, cookie could be stolen and the JSESSIONID can be captured. On its own this is not a surprising result; low security tools allow the cookie to roam from machine to machine. The JSESSION cookie can then be used on the attackers' workstation by browsing to the victim's NCentral server URL and replacing the JSESSIONID attribute value by the captured value. Expected behavior would be to check this against a second source and enforce at least a reauthentication or multi factor request as N-Central is a highly privileged service.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-15909
Partager : LinkedIn / Twitter / Facebook

CVE-2020-15910 - SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be forwarded to the attacker.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-15910
Partager : LinkedIn / Twitter / Facebook

CVE-2020-16158 - GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE(). Parsing malicious input can result in a crash or potentially arbitrary code execution.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-16158
Partager : LinkedIn / Twitter / Facebook

CVE-2020-16159 - GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Parsing malicious input can result in a crash or information disclosure.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-16159
Partager : LinkedIn / Twitter / Facebook

CVE-2020-16160 - GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress(). Parsing malicious input can result in a crash.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-16160
Partager : LinkedIn / Twitter / Facebook

CVE-2020-16161 - GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData(). Parsing malicious input can result in a crash.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-16161
Partager : LinkedIn / Twitter / Facebook

CVE-2020-24265 - An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-24265
Partager : LinkedIn / Twitter / Facebook

CVE-2020-24266 - An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-24266
Partager : LinkedIn / Twitter / Facebook

CVE-2020-24375 - A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-24375
Partager : LinkedIn / Twitter / Facebook

CVE-2020-24387 - An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-24387
Partager : LinkedIn / Twitter / Facebook

CVE-2020-24388 - An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-24388
Partager : LinkedIn / Twitter / Facebook

CVE-2020-24629 - A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-24629
Partager : LinkedIn / Twitter / Facebook

CVE-2020-24630 - A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-24630
Partager : LinkedIn / Twitter / Facebook

CVE-2020-24646 - A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-24646
Partager : LinkedIn / Twitter / Facebook

CVE-2020-24647 - A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-24647
Partager : LinkedIn / Twitter / Facebook

CVE-2020-24648 - A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-24648
Partager : LinkedIn / Twitter / Facebook

CVE-2020-24649 - A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-24649
Partager : LinkedIn / Twitter / Facebook

CVE-2020-24650 - A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-24650
Partager : LinkedIn / Twitter / Facebook

CVE-2020-24651 - A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-24651
Partager : LinkedIn / Twitter / Facebook

CVE-2020-24652 - A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-24652
Partager : LinkedIn / Twitter / Facebook

CVE-2020-26891 - AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/m.login.recaptcha or /_matrix/client/r0/auth/m.login.terms Synapse 974923.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-26891
Partager : LinkedIn / Twitter / Facebook

CVE-2020-6084 - An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less bytes than required by the Key Format Table.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-6084
Partager : LinkedIn / Twitter / Facebook

CVE-2020-6085 - An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less than 0x18 bytes following the Key Format field.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-6085
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7141 - A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7141
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7142 - A eventinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7142
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7143 - A faultdevparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7143
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7144 - A comparefilesresult expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7144
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7145 - A chooseperfview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7145
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7146 - A devgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7146
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7147 - A deployselectbootrom expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7147
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7148 - A deployselectsoftware expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7148
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7149 - A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7149
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7150 - A faultstatchoosefaulttype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7150
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7151 - A faulttrapgroupselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7151
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7152 - A faultparasset expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7152
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7153 - A iccselectdevtype expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7153
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7154 - A ifviewselectpage expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7154
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7155 - A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7155
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7156 - A faultinfo_content expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7156
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7157 - A selviewnavcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7157
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7158 - A perfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7158
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7159 - A customtemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7159
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7160 - A iccselectdeviceseries expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7160
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7161 - A reporttaskselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7161
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7162 - A operatorgroupselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7162
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7163 - A navigationto expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7163
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7164 - A operationselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7164
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7165 - A iccselectcommand expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7165
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7166 - A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7166
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7167 - A quicktemplateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7167
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7168 - A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7168
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7169 - A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7169
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7170 - A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7170
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7171 - A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7171
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7172 - A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7172
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7173 - A actionselectcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7173
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7174 - A soapconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7174
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7175 - A iccselectdymicparam expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7175
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7176 - A viewtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7176
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7177 - A wmiconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7177
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7178 - A mediaforaction expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7178
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7179 - A thirdpartyperfselecttask expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7179
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7180 - A ictexpertdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7180
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7181 - A smsrulesdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7181
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7182 - A sshconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7182
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7183 - A forwardredirect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7183
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7184 - A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7184
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7185 - A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7185
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7186 - A powershellconfigcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7186
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7187 - A reportpage index expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7187
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7188 - A userselectpagingcontent expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7188
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7189 - A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7189
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7190 - A deviceselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7190
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7191 - A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7191
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7192 - A devicethresholdconfig expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7192
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7193 - A ictexpertcsvdownload expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7193
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7194 - A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7194
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7195 - A iccselectrules expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7195
Partager : LinkedIn / Twitter / Facebook

CVE-2020-7745 - This affects the package MintegralAdSDK before 6.6.0.0. The SDK distributed by the company contains malicious functionality that acts as a backdoor. Mintegral and their partners (advertisers) can remotely execute arbitrary code on a user device.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-7745
Partager : LinkedIn / Twitter / Facebook

CVE-2020-8929 - A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting deterministic AEAD with a single key, and rely on a unique ciphertext-per-plaintext.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-8929
Partager : LinkedIn / Twitter / Facebook

CVE-2020-9092 - HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-9092
Partager : LinkedIn / Twitter / Facebook

CVE-2020-9111 - E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause reboot of the process.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-9111
Partager : LinkedIn / Twitter / Facebook

CVE-2020-9112 - Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-9112
Partager : LinkedIn / Twitter / Facebook

CVE-2020-9113 - HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth messages after successful paring, causing buffer overflow. Successful exploit may cause code execution.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-9113
Partager : LinkedIn / Twitter / Facebook

CVE-2020-9263 - HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-9263
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18794 - The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service.
16/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-18794
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18795 - The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service.
16/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-18795
Partager : LinkedIn / Twitter / Facebook

CVE-2019-18796 - The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamCreateFile Denial of Service vulnerability (infinite loop) via a crafted .mp3 file. This weakness could allow attackers to consume excessive CPU and the application becomes unresponsive.
16/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-18796
Partager : LinkedIn / Twitter / Facebook

CVE-2019-19513 - The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows is prone to an out of bounds write vulnerability. An attacker may exploit this to execute code on the target machine. A failure in exploitation leads to a denial of service.
16/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-19513
Partager : LinkedIn / Twitter / Facebook

Les annonces ayant été modifiées dernièrement

CVE-2020-13957 - Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions.
20/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-13957
Partager : LinkedIn / Twitter / Facebook

CVE-2020-25645 - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.
20/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-25645
Partager : LinkedIn / Twitter / Facebook

CVE-2019-12305 - In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can be cracked to access the administration panel of the device.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2019-12305
Partager : LinkedIn / Twitter / Facebook

CVE-2020-0423 - In binder_release_work of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161151868References: N/A
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-0423
Partager : LinkedIn / Twitter / Facebook

CVE-2020-0764 - An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-0764
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1047 - An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1080.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1047
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1080 - An elevation of privilege vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory, aka 'Windows Hyper-V Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1047.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1080
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1167 - A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16923.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1167
Partager : LinkedIn / Twitter / Facebook

CVE-2020-13893 - Multiple stored cross-site scripting (XSS) vulnerabilities in Sage EasyPay 10.7.5.10 allow authenticated attackers to inject arbitrary web script or HTML via multiple parameters through Unicode Transformations (Best-fit Mapping), as demonstrated by the full-width variants of the less-than sign (%EF%BC%9C) and greater-than sign (%EF%BC%9E).
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-13893
Partager : LinkedIn / Twitter / Facebook

CVE-2020-14144 - The git hook feature in Gitea 1.1.0 through 1.12.5 allows for authenticated remote code execution.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-14144
Partager : LinkedIn / Twitter / Facebook

CVE-2020-15867 - The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-15867
Partager : LinkedIn / Twitter / Facebook

CVE-2020-16270 - OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim's browsers in context of vulnerable applications. Executed code can be used to steal administrator's cookies, influence HTML content of targeted application and perform phishing-related attacks. Vulnerable application used in more than 3000 organizations in different sectors from retail to industries.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-16270
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1656 - The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd daemon shipped with Juniper Networks Junos OS has an Improper Input Validation vulnerability which will result in a Denial of Service (DoS) condition when a DHCPv6 client sends a specific DHPCv6 message allowing an attacker to potentially perform a Remote Code Execution (RCE) attack on the target device. Continuous receipt of the specific DHCPv6 client message will result in an extended Denial of Service (DoS) condition. If adjacent devices are also configured to relay DHCP packets, and are not affected by this issue and simply transparently forward unprocessed client DHCPv6 messages, then the attack vector can be a Network-based attack, instead of an Adjacent-device attack. No other DHCP services are affected. Receipt of the packet without configuration of the DHCPv6 Relay-Agent service, will not result in exploitability of this issue. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D95; 14.1X53 versions prior to 14.1X53-D53; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S7; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D44; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D435, 18.2X75-D60; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3-S1; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2; 19.3 versions prior to 19.3R2.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1656
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1657 - On SRX Series devices, a vulnerability in the key-management-daemon (kmd) daemon of Juniper Networks Junos OS allows an attacker to spoof packets targeted to IPSec peers before a security association (SA) is established thereby causing a failure to set up the IPSec channel. Sustained receipt of these spoofed packets can cause a sustained Denial of Service (DoS) condition. This issue affects IPv4 and IPv6 implementations. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D90; 15.1X49 versions prior to 15.1X49-D190; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S9; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R1-S7, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S4, 19.1R2. This issue does not affect 12.3 or 15.1 releases which are non-SRX Series releases.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1657
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1660 - When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This vulnerability might allow an attacker to cause an extended Denial of Service (DoS) attack against the device and to cause clients to be vulnerable to DNS based attacks by malicious DNS servers when they send DNS requests through the device. As a result, devices which were once protected by the DNS Filtering service are no longer protected and at risk of exploitation. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1660
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1661 - On Juniper Networks Junos OS devices configured as a DHCP forwarder, the Juniper Networks Dynamic Host Configuration Protocol Daemon (jdhcp) process might crash when receiving a malformed DHCP packet. This issue only affects devices configured as DHCP forwarder with forward-only option, that forward specified DHCP client packets, without creating a new subscriber session. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of the malformed DHCP packet will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. This issue can be triggered only by DHCPv4, it cannot be triggered by DHCPv6. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S16; 12.3X48 versions prior to 12.3X48-D105 on SRX Series; 14.1X53 versions prior to 14.1X53-D60 on EX and QFX Series; 15.1 versions prior to 15.1R7-S7; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230 on SRX Series; 15.1X53 versions prior to 15.1X53-D593 on EX2300/EX3400; 16.1 versions prior to 16.1R7-S5.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1661
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1662 - On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session flapping can lead to a routing process daemon (RPD) crash and restart, limiting the attack surface to configured BGP peers. This issue only affects devices with BGP damping in combination with accepted-prefix-limit configuration. When the issue occurs the following messages will appear in the /var/log/messages: rpd[6046]: %DAEMON-4-BGP_PREFIX_THRESH_EXCEEDED: XXXX (External AS x): Configured maximum accepted prefix-limit threshold(1800) exceeded for inet6-unicast nlri: 1984 (instance master) rpd[6046]: %DAEMON-3-BGP_CEASE_PREFIX_LIMIT_EXCEEDED: 2001:x:x:x::2 (External AS x): Shutting down peer due to exceeding configured maximum accepted prefix-limit(2000) for inet6-unicast nlri: 2001 (instance master) rpd[6046]: %DAEMON-4: bgp_rt_maxprefixes_check_common:9284: NOTIFICATION sent to 2001:x:x:x::2 (External AS x): code 6 (Cease) subcode 1 (Maximum Number of Prefixes Reached) AFI: 2 SAFI: 1 prefix limit 2000 kernel: %KERN-5: mastership_relinquish_on_process_exit: RPD crashed on master RE. Sending SIGUSR2 to chassisd (5612:chassisd) to trigger RE switchover This issue affects: Juniper Networks Junos OS: 17.2R3-S3; 17.3 version 17.3R3-S3 and later versions, prior to 17.3R3-S8; 17.4 version 17.4R2-S4, 17.4R3 and later versions, prior to 17.4R2-S10, 17.4R3-S2; 18.1 version 18.1R3-S6 and later versions, prior to 18.1R3-S10; 18.2 version 18.2R3 and later versions, prior to 18.2R3-S4; 18.2X75 version 18.2X75-D50, 18.2X75-D60 and later versions, prior to 18.2X75-D53, 18.2X75-D65; 18.3 version 18.3R2 and later versions, prior to 18.3R2-S4, 18.3R3-S2; 18.4 version 18.4R2 and later versions, prior to 18.4R2-S5, 18.4R3-S2; 19.1 version 19.1R1 and later versions, prior to 19.1R2-S2, 19.1R3-S1; 19.2 version 19.2R1 and later versions, prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved prior to 20.1R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R3-S3.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1662
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1664 - A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. Versions of Junos OS prior to 17.3 are unaffected by this vulnerability.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1664
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1665 - On Juniper Networks MX Series and EX9200 Series, in a certain condition the IPv6 Distributed Denial of Service (DDoS) protection might not take affect when it reaches the threshold condition. The DDoS protection allows the device to continue to function while it is under DDoS attack, protecting both the Routing Engine (RE) and the Flexible PIC Concentrator (FPC) during the DDoS attack. When this issue occurs, the RE and/or the FPC can become overwhelmed, which could disrupt network protocol operations and/or interrupt traffic. This issue does not affect IPv4 DDoS protection. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines). Please refer to https://kb.juniper.net/KB25385 for the list of Trio-based PFEs. This issue affects Juniper Networks Junos OS on MX series and EX9200 Series: 17.2 versions prior to 17.2R3-S4; 17.2X75 versions prior to 17.2X75-D102, 17.2X75-D110; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.2 versions prior to 18.2R2-S7, 18.2R3, 18.2R3-S3; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1665
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1666 - The system console configuration option 'log-out-on-disconnect' In Juniper Networks Junos OS Evolved fails to log out an active CLI session when the console cable is disconnected. This could allow a malicious attacker with physical access to the console the ability to resume a previous interactive session and possibly gain administrative privileges. This issue affects all Juniper Networks Junos OS Evolved versions after 18.4R1-EVO, prior to 20.2R1-EVO.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1666
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1667 - When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process might be bypassed due to a race condition. Due to this vulnerability, mspmand process, responsible for managing "URL Filtering service", can crash, causing the Services PIC to restart. While the Services PIC is restarting, all PIC services including DNS filtering service (DNS sink holing) will be bypassed until the Services PIC completes its boot process. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 18.3 versions prior to 18.3R3-S1; 18.4 versions prior to 18.4R3; 19.1 versions prior to 19.1R3; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3. This issue does not affect Juniper Networks Junos OS 17.4, 18.1, and 18.2.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1667
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1668 - On Juniper Networks EX2300 Series, receipt of a stream of specific multicast packets by the layer2 interface can cause high CPU load, which could lead to traffic interruption. This issue occurs when multicast packets are received by the layer 2 interface. To check if the device has high CPU load due to this issue, the administrator can issue the following command: user@host> show chassis routing-engine Routing Engine status: ... Idle 2 percent the "Idle" value shows as low (2 % in the example above), and also the following command: user@host> show system processes summary ... PID USERNAME PRI NICE SIZE RES STATE TIME WCPU COMMAND 11639 root 52 0 283M 11296K select 12:15 44.97% eventd 11803 root 81 0 719M 239M RUN 251:12 31.98% fxpc{fxpc} the eventd and the fxpc processes might use higher WCPU percentage (respectively 44.97% and 31.98% in the above example). This issue affects Juniper Networks Junos OS on EX2300 Series: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1668
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1669 - The Juniper Device Manager (JDM) container, used by the disaggregated Junos OS architecture on Juniper Networks NFX350 Series devices, stores password hashes in the world-readable file /etc/passwd. This is not a security best current practice as it can allow an attacker with access to the local filesystem the ability to brute-force decrypt password hashes stored on the system. This issue affects Juniper Networks Junos OS on NFX350: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1669
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1670 - On Juniper Networks EX4300 Series, receipt of a stream of specific IPv4 packets can cause Routing Engine (RE) high CPU load, which could lead to network protocol operation issue and traffic interruption. This specific packets can originate only from within the broadcast domain where the device is connected. This issue occurs when the packets enter to the IRB interface. Only IPv4 packets can trigger this issue. IPv6 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS on EX4300 series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S10; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S4, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S3, 20.1R2.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1670
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1671 - On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. This issue only affects DHCPv6, it does not affect DHCPv4. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.2 version 19.2R2 and later versions; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; This issue does not affect Juniper Networks Junos OS prior to 17.4R1.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1671
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1672 - On Juniper Networks Junos OS devices configured with DHCPv6 relay enabled, receipt of a specific DHCPv6 packet might crash the jdhcpd daemon. The jdhcpd daemon automatically restarts without intervention, but continuous receipt of specific crafted DHCP messages will repeatedly crash jdhcpd, leading to an extended Denial of Service (DoS) condition. Only DHCPv6 packet can trigger this issue. DHCPv4 packet cannot trigger this issue. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1672
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1673 - Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP/HTTPS) services allows an unauthenticated attacker to hijack the target user's HTTP/HTTPS session and perform administrative actions on the Junos device as the targeted user. This issue only affects Juniper Networks Junos OS devices with HTTP/HTTPS services enabled such as J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP). Junos OS devices with HTTP/HTTPS services disabled are not affected. If HTTP/HTTPS services are enabled, the following command will show the httpd processes: user@device> show system processes | match http 5260 - S 0:00.13 /usr/sbin/httpd-gk -N 5797 - I 0:00.10 /usr/sbin/httpd --config /jail/var/etc/httpd.conf In order to successfully exploit this vulnerability, the attacker needs to convince the device administrator to take action such as clicking the crafted URL sent via phishing email or convince the administrator to input data in the browser console. This issue affects Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S2; 19.1 versions prior to 19.1R2-S2, 19.1R3-S1; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS prior to 18.1R1.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1673
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1674 - Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard delayed MACsec packets (e.g. delayed by more than 2 seconds). Per the specification, called the "bounded receive delay", there should be no replies to delayed MACsec packets. Any MACsec traffic delayed more than 2 seconds should be dropped and late drop counters should increment. Without MACsec delay protection, an attacker could exploit the delay to spoof or decrypt packets. This issue affects: Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8, 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S3, 19.3R3; 19.4 versions prior to 19.4R1-S2, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. Juniper Networks Junos OS Evolved: all versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R2-EVO. This issue does not affect Junos OS versions prior to 16.1R1.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1674
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1675 - When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1675
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1676 - When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1676
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1677 - When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1677
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1678 - On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the "show task memory detail | match policy | match evpn" command multiple times to check if memory (Alloc Blocks value) is increasing. root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1678
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1679 - On Juniper Networks PTX and QFX Series devices with packet sampling configured using tunnel-observation mpls-over-udp, sampling of a malformed packet can cause the Kernel Routing Table (KRT) queue to become stuck. KRT is the module within the Routing Process Daemon (RPD) that synchronized the routing tables with the forwarding tables in the kernel. This table is then synchronized to the Packet Forwarding Engine (PFE) via the KRT queue. Thus, when KRT queue become stuck, it can lead to unexpected packet forwarding issues. An administrator can monitor the following command to check if there is the KRT queue is stuck: user@device > show krt state ... Number of async queue entries: 65007
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1679
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1680 - On Juniper Networks MX Series with MS-MIC or MS-MPC card configured with NAT64 configuration, receipt of a malformed IPv6 packet may crash the MS-PIC component on MS-MIC or MS-MPC. This issue occurs when a multiservice card is translating the malformed IPv6 packet to IPv4 packet. An unauthenticated attacker can continuously send crafted IPv6 packets through the device causing repetitive MS-PIC process crashes, resulting in an extended Denial of Service condition. This issue affects Juniper Networks Junos OS on MX Series: 15.1 versions prior to 15.1R7-S7; 15.1X53 versions prior to 15.1X53-D593; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D41, 18.2X75-D430, 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R2-S5, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1680
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1681 - Receipt of a specifically malformed NDP packet sent from the local area network (LAN) to a device running Juniper Networks Junos OS Evolved can cause the ndp process to crash, resulting in a Denial of Service (DoS). The process automatically restarts without intervention, but a continuous receipt of the malformed NDP packets could leaded to an extended Denial of Service condition. During this time, IPv6 neighbor learning will be affected. The issue occurs when parsing the incoming malformed NDP packet. Rather than simply discarding the packet, the process asserts, performing a controlled exit and restart, thereby avoiding any chance of an unhandled exception. Exploitation of this vulnerability is limited to a temporary denial of service, and cannot be leveraged to cause additional impact on the system. This issue is limited to the processing of IPv6 NDP packets. IPv4 packet processing cannot trigger, and is unaffected by this vulnerability. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO. Junos OS is unaffected by this vulnerability.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1681
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1682 - An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. The srxpfe process restarts automatically, but continuous execution of the commands could lead to an extended Denial of Service condition. This issue only affects the SRX1500, SRX4100, SRX4200, NFX150, and vSRX-based platforms. No other products or platforms are affected by this vulnerability. This issue affects the following versions of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200, vSRX, NFX150: 15.1X49 versions prior to 15.1X49-D220; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3. This issue does not affect Junos OS 19.3 or any subsequent version.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1682
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1683 - On Juniper Networks Junos OS devices, a specific SNMP OID poll causes a memory leak which over time leads to a kernel crash (vmcore). Prior to the kernel crash other processes might be impacted, such as failure to establish SSH connection to the device. The administrator can monitor the output of the following command to check if there is memory leak caused by this issue: user@device> show system virtual-memory | match "pfe_ipc|kmem" pfe_ipc 147 5K - 164352 16,32,64,8192
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1683
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1684 - On Juniper Networks SRX Series configured with application identification inspection enabled, receipt of specific HTTP traffic can cause high CPU load utilization, which could lead to traffic interruption. Application identification is enabled by default and is automatically turned on when Intrusion Detection and Prevention (IDP), AppFW, AppQoS, or AppTrack is configured. Thus, this issue might occur when IDP, AppFW, AppQoS, or AppTrack is configured. This issue affects Juniper Networks Junos OS on SRX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D221, 15.1X49-D230; 17.4 versions prior to 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S3; 18.3 versions prior to 18.3R2-S4, 18.3R3-S2; 18.4 versions prior to 18.4R2-S5, 18.4R3-S1; 19.1 versions prior to 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1684
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1685 - When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. Given a firewall filter configuration similar to: family ethernet-switching { filter L2-VLAN { term ALLOW { from { user-vlan-id 100; } then { accept; } } term NON-MATCH { then { discard; } } when there is only one term containing a 'user-vlan-id' match condition, and no other terms in the firewall filter except discard, the discard action for non-matching traffic will only discard traffic with the same VLAN ID specified under 'user-vlan-id'. Other traffic (e.g. VLAN ID 200) will not be discarded. This unexpected behavior can lead to unintended traffic passing through the interface where the firewall filter is applied. This issue only affects systems using VXLANs. This issue affects Juniper Networks Junos OS on QFX5K Series: 18.1 versions prior to 18.1R3-S7, except 18.1R3; 18.2 versions prior to 18.2R2-S7, 18.2R3-S1; 18.3 versions prior to 18.3R1-S5, 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2-S1, 18.4R3; 19.1 versions prior to 19.1R1-S5, 19.1R2; 19.2 versions prior to 19.2R1-S5, 19.2R2.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1685
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1686 - On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine or a transit packet that is sampled using sFlow/jFlow or processed by firewall filter with the syslog and/or log action. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1686
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1687 - On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in (Ethernet VPN) EVPN-(Virtual Extensible LAN) VXLAN configuration, receipt of a stream of specific VXLAN encapsulated layer 2 frames can cause high CPU load, which could lead to network protocol operation issue and traffic interruption. This issue affects devices that are configured as a Layer 2 or Layer 3 gateway of an EVPN-VXLAN deployment. The offending layer 2 frames that cause the issue originate from a different access switch that get encapsulated within the same EVPN-VXLAN domain. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2-S1, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1687
Partager : LinkedIn / Twitter / Facebook

CVE-2020-16876 - An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations, aka 'Windows Application Compatibility Client Library Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-16920.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-16876
Partager : LinkedIn / Twitter / Facebook

CVE-2020-16877 - An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points, aka 'Windows Elevation of Privilege Vulnerability'.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-16877
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1688 - On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between the Juniper device and the authenticator services. Exploitation of this vulnerability may allow an attacker to decrypt the communications between the Juniper device and the authenticator service. This Web API service is used for authentication services such as the Juniper Identity Management Service, used to obtain user identity for Integrated User Firewall feature, or the integrated ClearPass authentication and enforcement feature. This issue affects Juniper Networks Junos OS on Networks SRX Series and NFX Series: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D190; 16.1 versions prior to 16.1R7-S8; 17.2 versions prior to 17.2R3-S4; 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R2-S11, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S4, 18.3R3; 18.4 versions prior to 18.4R1-S7, 18.4R2; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S4, 19.2R2.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1688
Partager : LinkedIn / Twitter / Facebook

CVE-2020-16885 - An elevation of privilege vulnerability exists when the Windows Storage VSP Driver improperly handles file operations, aka 'Windows Storage VSP Driver Elevation of Privilege Vulnerability'.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-16885
Partager : LinkedIn / Twitter / Facebook

CVE-2020-16887 - An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-16887
Partager : LinkedIn / Twitter / Facebook

CVE-2020-16889 - An information disclosure vulnerability exists when the Windows KernelStream improperly handles objects in memory, aka 'Windows KernelStream Information Disclosure Vulnerability'.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-16889
Partager : LinkedIn / Twitter / Facebook

CVE-2020-1689 - On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone configuration. The offending layer 2 frame packets can originate only from within the broadcast domain where the device is connected. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-1689
Partager : LinkedIn / Twitter / Facebook

CVE-2020-16890 - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-16890
Partager : LinkedIn / Twitter / Facebook

CVE-2020-16891 - A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'.
19/10/2020 | https://nvd.nist.gov/vuln/detail/CVE-2020-16891
Partager : LinkedIn / Twitter / Facebook