Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2020
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-10-26
A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands.
CVSS Score
9.6
EPSS Score
0.004
Published
2020-10-26
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
CVSS Score
7.2
EPSS Score
0.044
Published
2020-10-26
A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
CVSS Score
7.2
EPSS Score
0.054
Published
2020-10-26
A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04
CVSS Score
5.4
EPSS Score
0.002
Published
2020-10-26
A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
CVSS Score
9.8
EPSS Score
0.009
Published
2020-10-26
A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
CVSS Score
8.8
EPSS Score
0.006
Published
2020-10-26
A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
CVSS Score
5.8
EPSS Score
0.002
Published
2020-10-26
Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-10-26
AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.
CVSS Score
6.1
EPSS Score
0.005
Published
2020-10-26


Contact Us

Shodan ® - All rights reserved