CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2020-3491 A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative privileges to conduct a cross-site scri... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-3496 A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on ... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-3505 A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denia... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-3506 Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely o... | 8.8 | HIGH | — | 0 |
| CVE-2020-3507 Multiple vulnerabilities in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute code remotely o... | 8.8 | HIGH | — | 0 |
| CVE-2020-3518 A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack ... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-3519 A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected devic... | 8.1 | HIGH | — | 0 |
| CVE-2020-3520 A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due t... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-3521 A vulnerability in a specific REST API of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. ... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-3522 A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to bypass authorization on an affected device a... | 6.3 | MEDIUM | — | 0 |
| CVE-2020-3523 A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack ... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-13617 The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones with firmware before 5.1.0.SP5 could allow an unauthenticated attacker to expose sensitive information due to improper memory hand... | 7.5 | HIGH | — | 0 |
| CVE-2020-13767 The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS devic... | 5.9 | MEDIUM | — | 0 |
| CVE-2020-13863 The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A succes... | 8.1 | HIGH | — | 0 |
| CVE-2019-4694 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication t... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-15158 In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an applic... | 7.7 | HIGH | — | 0 |
| CVE-2020-23658 PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-23659 WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature. | 5.4 | MEDIUM | — | 0 |
| CVE-2020-23660 webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." | 5.4 | MEDIUM | — | 0 |
| CVE-2018-1501 IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226. | 7.5 | HIGH | — | 0 |
| CVE-2019-4686 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// li... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-23980 DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-4688 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// li... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-4689 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker ... | 7.5 | HIGH | — | 0 |
| CVE-2019-4691 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-4692 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 171829. | 5.3 | MEDIUM | — | 0 |
| CVE-2019-4693 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by a local privileged user. IBM X-Force ID: 171831. | 4.4 | MEDIUM | — | 0 |
| CVE-2020-23984 Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. | 5.4 | MEDIUM | — | 0 |
| CVE-2019-4697 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 171938. | 6.5 | MEDIUM | — | 0 |
| CVE-2019-4698 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID... | 7.5 | HIGH | — | 0 |
| CVE-2019-4699 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931. | 2.7 | LOW | — | 0 |
| CVE-2019-4701 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with active debugging code that can create unintended entry points. IBM X-Force ID: 171936. | 5.3 | MEDIUM | — | 0 |
| CVE-2019-4713 IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could e... | 8.8 | HIGH | — | 0 |
| CVE-2020-24548 Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket connection requests on arbitrary TCP ports, and provides "Cannot connect to" error messages to inform... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-11497 An issue was discovered in the NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress. An online payment system bypass allows orders to be marked as fully paid by assigning an arbitrary... | 7.5 | HIGH | — | 0 |
| CVE-2020-11797 An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain... | 7.5 | HIGH | — | 0 |
| CVE-2020-12855 A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow... | 8.8 | HIGH | — | 0 |
| CVE-2020-15156 In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF v... | 6.8 | MEDIUM | — | 0 |
| CVE-2020-17376 An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously underg... | 8.3 | HIGH | — | 0 |
| CVE-2020-15485 An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering. | 5.5 | MEDIUM | — | 0 |
| CVE-2020-24598 An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect. | 6.1 | MEDIUM | — | 0 |
| CVE-2020-24599 An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks. | 6.1 | MEDIUM | — | 0 |
| CVE-2019-5320 Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Cr... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-5321 Aruba Intelligent Edge Switch Series 2540, 2530, 2930F, 2930M, 2920, 5400R, and 3810M with firmware 16.08.* before 16.08.0009, 16.09.* before 16.09.0007, 16.10.* before 16.10.0003 are vulnerable to Re... | 8.8 | HIGH | — | 0 |
| CVE-2020-14728 Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle NetSuite service. Supported versions that are affected are Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, 2019... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-14729 Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite service. Supported versions that are affected are prior to 2020.1.4. Difficult to exploit vulnerability allows low priv... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-4166 IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-4167 IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain sensitive information or perform unauthorized actions due to improper authenciation mechanisms. IBM X-Force ID: 174403. | 6.5 | MEDIUM | — | 0 |
| CVE-2020-4169 IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 174405. | 7.5 | HIGH | — | 0 |
| CVE-2020-4171 IBM Security Guardium Insights 2.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174407. | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.