Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3164 | 1 Cisco | 4 Cloud Email Security, Content Security Management Appliance, Email Security Appliance and 1 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to trigger a prolonged status of high CPU utilization relative to the GUI process(es). Upon successful exploitation of this vulnerability, an affected device will still be operative, but its response time and overall performance may be degraded. | |||||
| CVE-2020-3162 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Constrained Application Protocol (CoAP) implementation of Cisco IoT Field Network Director could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming CoAP traffic. An attacker could exploit this vulnerability by sending a malformed CoAP packet to an affected device. A successful exploit could allow the attacker to force the CoAP server to stop, interrupting communication to the IoT endpoints. | |||||
| CVE-2020-3160 | 1 Cisco | 1 Meeting Server | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to cause process crashes and a DoS condition for XMPP conferencing applications. | |||||
| CVE-2020-3147 | 1 Cisco | 114 Sf300-08, Sf300-08 Firmware, Sf300-24 and 111 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18 | |||||
| CVE-2020-3141 | 1 Cisco | 128 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 125 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3139 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. This vulnerability affects Cisco APIC releases prior to the first fixed software Release 4.2(3j). | |||||
| CVE-2020-3134 | 1 Cisco | 1 Email Security Appliance | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0. | |||||
| CVE-2020-3133 | 1 Cisco | 1 Email Security Appliance | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass the configured content filters, which could allow malicious content to pass through the device. | |||||
| CVE-2020-3130 | 1 Cisco | 1 Unity Connection | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required to access the system. | |||||
| CVE-2020-3128 | 1 Cisco | 4 Webex Meetings, Webex Meetings Online, Webex Meetings Server and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
| CVE-2020-3127 | 1 Cisco | 4 Webex Meetings, Webex Meetings Online, Webex Meetings Server and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex recording that is stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a malicious ARF or WRF file to a user through a link or email attachment and persuading the user to open the file on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user. | |||||
| CVE-2020-3126 | 1 Cisco | 1 Webex Meetings Server | 2024-11-21 | 3.5 LOW | 3.0 LOW |
| vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security warning dialog boxes when a room host views shared multimedia files. An authenticated, remote attacker could exploit this vulnerability by using the host role to share files within the Multimedia sharing feature and convincing a former room host to view that file. A warning dialog normally appears cautioning users before the file is displayed; however, the former host would not see that warning dialog, and any shared multimedia would be rendered within the user's browser. The attacker could leverage this behavior to conduct additional attacks by including malicious files within a targeted room host's browser window. | |||||
| CVE-2020-3116 | 1 Cisco | 2 Webex Meetings Online, Webex Meetings Server | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this vulnerability by sending a user a malicious UCF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit would cause the application to quit unexpectedly. | |||||
| CVE-2020-3111 | 1 Cisco | 54 Ip Conference Phone 7832, Ip Conference Phone 7832 Firmware, Ip Conference Phone 7832 With Multiplatform Firmware and 51 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2020-3110 | 1 Cisco | 16 Video Surveillance 8000p Ip Camera, Video Surveillance 8000p Ip Camera Firmware, Video Surveillance 8020 Ip Camera and 13 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability in the Cisco Discovery Protocol implementation for the Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP Camera. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to the targeted IP Camera. A successful exploit could allow the attacker to expose the affected IP Camera for remote code execution or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). This vulnerability is fixed in Video Surveillance 8000 Series IP Camera Firmware Release 1.0.7 and later. | |||||
| CVE-2020-36332 | 4 Debian, Netapp, Redhat and 1 more | 4 Debian Linux, Ontap Select Deploy Administration Utility, Enterprise Linux and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. | |||||
| CVE-2020-36199 | 1 Kaspersky | 1 Tinycheck | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places. | |||||
| CVE-2020-36195 | 1 Qnap | 3 Media Streaming Add-on, Multimedia Console, Qts | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3: Media Streaming add-on 430.1.8.10 and later QTS 4.3.6: Media Streaming add-on 430.1.8.8 and later QTS 4.4.x and later: Multimedia Console 1.3.4 and later We have also fixed this vulnerability in the following versions of QTS 4.3.3 and QTS 4.3.6, respectively: QTS 4.3.3.1624 Build 20210416 or later QTS 4.3.6.1620 Build 20210322 or later | |||||
| CVE-2020-36175 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field. | |||||
| CVE-2020-35789 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user. | |||||