| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-25133 | Hig | 0.57 | 8.8 | 0.03 | Sep 25, 2020 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other… | ||
| CVE-2020-19451 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter. | ||
| CVE-2020-19450 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter. | ||
| CVE-2020-5930 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods. | ||
| CVE-2020-15369 | Hig | 0.57 | 8.8 | 0.01 | Sep 25, 2020 | Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to… | ||
| CVE-2019-16212 | Hig | 0.57 | 8.8 | 0.02 | Sep 25, 2020 | A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process. | ||
| CVE-2018-6448 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host. | ||
| CVE-2020-26112 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | The email quota cache in cPanel before 90.0.10 allows overwriting of files. | ||
| CVE-2020-26109 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). | ||
| CVE-2020-26107 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). | ||
| CVE-2020-26106 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). | ||
| CVE-2020-26104 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). | ||
| CVE-2020-26103 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). | ||
| CVE-2020-26102 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). | ||
| CVE-2020-26099 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). | ||
| CVE-2020-25748 | Hig | 0.53 | 8.1 | 0.01 | Sep 25, 2020 | A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify… | ||
| CVE-2020-24718 | Hig | 0.53 | 8.2 | 0.01 | Sep 25, 2020 | bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges… | ||
| CVE-2020-24692 | Hig | 0.46 | 7.1 | 0.00 | Sep 25, 2020 | The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | ||
| CVE-2020-24621 | Hig | 0.00 | 8.8 | 0.03 | Sep 25, 2020 | A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and… | ||
| CVE-2020-24593 | Hig | 0.47 | 7.2 | 0.01 | Sep 25, 2020 | Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. | ||
| CVE-2020-23837 | Hig | 0.57 | 8.8 | 0.01 | Sep 25, 2020 | A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL. | ||
| CVE-2020-13387 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. | ||
| CVE-2020-12824 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. | ||
| CVE-2019-7178 | Hig | 0.47 | 7.2 | 0.02 | Sep 25, 2020 | Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup. | ||
| CVE-2019-7177 | Hig | 0.47 | 7.2 | 0.01 | Sep 25, 2020 | Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin. | ||
| CVE-2018-10585 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | Pexip Infinity before 18 allows remote Denial of Service (XML parsing). | ||
| CVE-2018-10432 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2020 | Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP). | ||
| CVE-2020-17365 | Hig | 0.51 | 7.8 | 0.00 | Sep 24, 2020 | Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can… | ||
| CVE-2020-15843 | Hig | 0.47 | 7.3 | 0.00 | Sep 24, 2020 | ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. The folder permissions allow "Full… | ||
| CVE-2020-13991 | Hig | 0.00 | 7.5 | 0.02 | Sep 24, 2020 | vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register. | ||
| CVE-2020-15850 | Hig | 0.51 | 7.8 | 0.01 | Sep 24, 2020 | Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the… | ||
| CVE-2016-11086 | — | Hig | 0.41 | 7.4 | 0.01 | Sep 24, 2020 | lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. | |
| CVE-2020-19447 | Hig | 0.49 | 7.5 | 0.01 | Sep 24, 2020 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter. | ||
| CVE-2020-3560 | Hig | 0.56 | 8.6 | 0.01 | Sep 24, 2020 | A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit… | ||
| CVE-2020-3559 | Hig | 0.56 | 8.6 | 0.01 | Sep 24, 2020 | A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this… | ||
| CVE-2020-3552 | Hig | 0.48 | 7.4 | 0.00 | Sep 24, 2020 | A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An… | ||
| CVE-2020-3527 | Hig | 0.56 | 8.6 | 0.01 | Sep 24, 2020 | A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames… | ||
| CVE-2020-3526 | Hig | 0.56 | 8.6 | 0.01 | Sep 24, 2020 | A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could… | ||
| CVE-2020-3512 | Hig | 0.48 | 7.4 | 0.00 | Sep 24, 2020 | A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition.… | ||
| CVE-2020-3511 | Hig | 0.48 | 7.4 | 0.00 | Sep 24, 2020 | A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input… | ||
| CVE-2020-3510 | Hig | 0.56 | 8.6 | 0.01 | Sep 24, 2020 | A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to… | ||
| CVE-2020-3509 | Hig | 0.56 | 8.6 | 0.01 | Sep 24, 2020 | A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. The vulnerability is due… | ||
| CVE-2020-3508 | Hig | 0.48 | 7.4 | 0.00 | Sep 24, 2020 | A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected… | ||
| CVE-2020-3497 | Hig | 0.48 | 7.4 | 0.01 | Sep 24, 2020 | Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)… | ||
| CVE-2020-3494 | Hig | 0.48 | 7.4 | 0.00 | Sep 24, 2020 | Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)… | ||
| CVE-2020-3493 | Hig | 0.48 | 7.4 | 0.01 | Sep 24, 2020 | Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)… | ||
| CVE-2020-3492 | Hig | 0.56 | 8.6 | 0.01 | Sep 24, 2020 | A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers and Cisco AireOS Software for Cisco Wireless LAN Controllers (WLC) could allow an unauthenticated, remote attacker to cause a denial of… | ||
| CVE-2020-3489 | Hig | 0.48 | 7.4 | 0.01 | Sep 24, 2020 | Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)… | ||
| CVE-2020-3488 | Hig | 0.48 | 7.4 | 0.01 | Sep 24, 2020 | Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)… | ||
| CVE-2020-3480 | Hig | 0.56 | 8.6 | 0.01 | Sep 24, 2020 | Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4… |
- risk 0.57cvss 8.8epss 0.03
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other…
- risk 0.49cvss 7.5epss 0.01
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter.
- risk 0.49cvss 7.5epss 0.01
SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter.
- risk 0.49cvss 7.5epss 0.01
In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods.
- risk 0.57cvss 8.8epss 0.01
Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to…
- risk 0.57cvss 8.8epss 0.02
A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process.
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.
- risk 0.49cvss 7.5epss 0.01
The email quota cache in cPanel before 90.0.10 allows overwriting of files.
- risk 0.49cvss 7.5epss 0.01
cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557).
- risk 0.49cvss 7.5epss 0.01
cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).
- risk 0.49cvss 7.5epss 0.01
cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558).
- risk 0.49cvss 7.5epss 0.01
In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).
- risk 0.49cvss 7.5epss 0.01
In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).
- risk 0.49cvss 7.5epss 0.01
In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).
- risk 0.49cvss 7.5epss 0.01
cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491).
- risk 0.53cvss 8.1epss 0.01
A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify…
- risk 0.53cvss 8.2epss 0.01
bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges…
- risk 0.46cvss 7.1epss 0.00
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.
- risk 0.00cvss 8.8epss 0.03
A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and…
- risk 0.47cvss 7.2epss 0.01
Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation.
- risk 0.57cvss 8.8epss 0.01
A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.
- risk 0.49cvss 7.5epss 0.01
Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.
- risk 0.49cvss 7.5epss 0.01
Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.
- risk 0.47cvss 7.2epss 0.02
Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.
- risk 0.47cvss 7.2epss 0.01
Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin.
- risk 0.49cvss 7.5epss 0.01
Pexip Infinity before 18 allows remote Denial of Service (XML parsing).
- risk 0.49cvss 7.5epss 0.01
Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).
- risk 0.51cvss 7.8epss 0.00
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can…
- risk 0.47cvss 7.3epss 0.00
ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. The folder permissions allow "Full…
- risk 0.00cvss 7.5epss 0.02
vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register.
- risk 0.51cvss 7.8epss 0.01
Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the…
- risk 0.41cvss 7.4epss 0.01
lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
- risk 0.49cvss 7.5epss 0.01
SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.
- risk 0.56cvss 8.6epss 0.01
A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit…
- risk 0.56cvss 8.6epss 0.01
A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this…
- risk 0.48cvss 7.4epss 0.00
A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An…
- risk 0.56cvss 8.6epss 0.01
A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames…
- risk 0.56cvss 8.6epss 0.01
A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could…
- risk 0.48cvss 7.4epss 0.00
A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition.…
- risk 0.48cvss 7.4epss 0.00
A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input…
- risk 0.56cvss 8.6epss 0.01
A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to…
- risk 0.56cvss 8.6epss 0.01
A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. The vulnerability is due…
- risk 0.48cvss 7.4epss 0.00
A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected…
- risk 0.48cvss 7.4epss 0.01
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…
- risk 0.48cvss 7.4epss 0.00
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…
- risk 0.48cvss 7.4epss 0.01
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…
- risk 0.56cvss 8.6epss 0.01
A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers and Cisco AireOS Software for Cisco Wireless LAN Controllers (WLC) could allow an unauthenticated, remote attacker to cause a denial of…
- risk 0.48cvss 7.4epss 0.01
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…
- risk 0.48cvss 7.4epss 0.01
Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS)…
- risk 0.56cvss 8.6epss 0.01
Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4…