CVE-2020-1601

Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper’s path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Continued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9; 17.2 version 17.2R2 and later prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2-S6, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect releases of Junos OS prior to 15.1R1.

Source: CVE-2020-1601

CVE-2020-7058

** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm."

Source: CVE-2020-7058

CVE-2020-5501

phpBB 3.2.8 allows a CSRF attack that can modify a group avatar.

Source: CVE-2020-5501

CVE-2020-5502

phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships.

Source: CVE-2020-5502

CVE-2019-17149

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Source: CVE-2019-17149

CVE-2019-17150

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Source: CVE-2019-17150

CVE-2020-0656

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’.

Source: CVE-2020-0656

CVE-2020-0654

A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka ‘Microsoft OneDrive for Android Security Feature Bypass Vulnerability’.

Source: CVE-2020-0654

CVE-2020-0653

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka ‘Microsoft Excel Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0650, CVE-2020-0651.

Source: CVE-2020-0653

CVE-2020-0652

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka ‘Microsoft Office Memory Corruption Vulnerability’.

Source: CVE-2020-0652