Skip to main content
CVE-2020-9274 HIGH POC PATCH This Week

An issue was discovered in Pure-FTPd 1.0.49. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Information Disclosure Pure Ftpd Debian Linux Extra Packages For Enterprise Linux +2
NVD GitHub
CVSS 3.1
7.5
EPSS
6.0%
CVE-2020-8952 MEDIUM POC This Month

Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the logout.jsp timeOut parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Accurate Reconciliation
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-9406 CRITICAL Act Now

IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Online Weather
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2020-8951 MEDIUM POC This Month

Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the Source or Destination field of the Configuration Manager (Configuration Parameter Translation) page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Accurate Reconciliation
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-3172 HIGH This Week

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Apple Cisco RCE +3
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-3175 HIGH This Week

A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
8.6
EPSS
1.6%
CVE-2020-3165 HIGH This Week

A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Nx Os
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-3173 HIGH This Week

A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Ucs Manager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3171 HIGH This Week

A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Ucs Manager Fxos
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-3167 HIGH This Week

A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Firepower Threat Defense Adaptive Security Appliance Software Firepower Extensible Operating System +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2020-3168 HIGH This Week

A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service VMware Nx Os
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2020-3169 MEDIUM PATCH This Month

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Cisco Command Injection Firepower Extensible Operating System
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-3166 MEDIUM This Month

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Firepower Threat Defense Adaptive Security Appliance Software Firepower Extensible Operating System
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-9337 MEDIUM This Month

In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Course Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-9405 MEDIUM This Month

IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Online Weather
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-3170 MEDIUM This Month

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-9407 MEDIUM This Month

IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Online Weather
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2020-3174 MEDIUM This Month

A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Nx Os
NVD
CVSS 3.1
4.7
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy