Search Results (Refine Search)

Search Parameters:
There are 145,100 matching records.
Displaying matches 221 through 240.
Vuln ID Summary CVSS Severity
CVE-2020-28580

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.

Published: November 18, 2020; 2:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-28579

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.

Published: November 18, 2020; 2:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-28578

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.

Published: November 18, 2020; 2:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-28574

A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.

Published: November 18, 2020; 2:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-28572

A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.

Published: November 18, 2020; 2:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-27697

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.

Published: November 18, 2020; 2:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-27696

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.

Published: November 18, 2020; 2:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-27695

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.

Published: November 18, 2020; 2:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-4592

IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.

Published: November 18, 2020; 1:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-3392

A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not properly authenticate API calls. An attacker could exploit this vulnerability by sending API requests to an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system, including information about the devices that the system manages, without authentication.

Published: November 18, 2020; 1:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-3367

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface and CLI. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

Published: November 18, 2020; 1:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-27126

A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of user-supplied input to an application programmatic interface (API) within Cisco Webex Meetings. An attacker could exploit this vulnerability by convincing a targeted user to follow a link designed to submit malicious input to the API used by Cisco Webex Meetings. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information from the system of a targeted user.

Published: November 18, 2020; 1:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-26097

** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published: November 18, 2020; 1:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-26081

Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system.

Published: November 18, 2020; 1:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-26080

A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system.

Published: November 18, 2020; 1:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-26079

A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device.

Published: November 18, 2020; 1:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-26078

A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system.

Published: November 18, 2020; 1:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-26077

A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system.

Published: November 18, 2020; 1:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-26076

A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device.

Published: November 18, 2020; 1:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-26075

A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device.

Published: November 18, 2020; 1:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)