Skip to main content
CVE-2020-3152 MEDIUM This Month

A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Connected Mobile Experiences
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-3151 MEDIUM This Month

A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Connected Mobile Experiences
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2020-3521 MEDIUM This Month

A vulnerability in a specific REST API of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Data Center Network Manager
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-3505 MEDIUM This Month

A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service 8000P Ip Camera Firmware 8020 Ip Camera Firmware 8030 Ip Camera Firmware +5
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2020-3440 MEDIUM This Month

A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an unauthenticated, remote attacker to overwrite arbitrary files on an end-user system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Microsoft Path Traversal Webex Meetings
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2020-15486 MEDIUM This Month

An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Electrocardiogram Pen Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-3522 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to bypass authorization on an affected device. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Data Center Network Manager
NVD
CVSS 3.1
6.3
EPSS
0.8%
CVE-2020-3485 MEDIUM This Month

A vulnerability in the role-based access control (RBAC) functionality of the web management software of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker to access. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Privilege Escalation Vision Dynamic Signage Director
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2020-24599 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joomla
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-24598 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Joomla
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-3466 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Catalyst Center
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-5927 MEDIUM This Month

In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG-IP ASM Configuration utility Stored-Cross Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Application Security Manager
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5915 MEDIUM This Month

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, an undisclosed TMUI page contains a vulnerability which allows a stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-15499 MEDIUM This Month

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rt Ac1900P Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-13767 MEDIUM This Month

The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Micollab
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2020-5917 MEDIUM This Month

In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SSH Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2020-15498 MEDIUM This Month

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Rt Ac1900P Firmware
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2020-16193 MEDIUM PATCH This Month

osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.php has an unvalidated echo $info['notes'] call. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Osticket
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-15485 MEDIUM This Month

An issue was discovered on Nescomed Multipara Monitor M1000 devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure M1000 Multipara Patient Monitor Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-3520 MEDIUM This Month

A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, local attacker to obtain confidential information from an affected device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Data Center Network Manager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3523 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-3518 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2020-13821 MEDIUM This Month

An issue was discovered in HiveMQ Broker Control Center 4.3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Broker Control Center
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-5923 MEDIUM This Month

In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1 and BIG-IQ versions 5.4.0-7.0.0, Self-IP port-lockdown bypass via IPv6 link-local addresses. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-3496 MEDIUM This Month

A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Sg200 50 Firmware Sg200 50P Firmware Sg200 50Fp Firmware +111
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-3484 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to view potentially sensitive information on an affected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Cisco Information Disclosure Vision Dynamic Signage Director
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-5924 MEDIUM This Month

In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS authentication leaks memory when the username for authentication is not set. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-3490 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct directory. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Path Traversal Vision Dynamic Signage Director
NVD
CVSS 3.1
4.9
EPSS
3.0%
CVE-2020-3491 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Vision Dynamic Signage Director
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-3439 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Data Center Network Manager
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2020-7309 MEDIUM This Month

Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Application And Change Control
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2020-3389 MEDIUM This Month

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Hyperflex Hx Series Software
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2020-5920 MEDIUM This Month

In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a vulnerability in the BIG-IP AFM Configuration utility may allow any authenticated BIG-IP user to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-5928 LOW Monitor

In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple. Rated low severity (CVSS 3.1), this vulnerability is low attack complexity. No vendor patch available.

CSRF Big Ip Application Security Manager
NVD
CVSS 3.1
3.1
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy