Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web security appliance vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2020-27010
A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an malicious user to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.
Trendmicro Interscan Web Security Virtual Appliance 6.5
8.8
CVSSv3
CVE-2020-8461
A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an malicious user to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.
Trendmicro Interscan Web Security Virtual Appliance 6.5
7.5
CVSSv3
CVE-2020-8463
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an malicious user to bypass a global authorization check for anonymous users by manipulating request paths.
Trendmicro Interscan Web Security Virtual Appliance 6.5
7.5
CVSSv3
CVE-2020-8464
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an malicious user to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.
Trendmicro Interscan Web Security Virtual Appliance 6.5
6.1
CVSSv3
CVE-2020-27783
A XSS vulnerability exists in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
Lxml Lxml
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Netapp Snapcenter -
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Zfs Storage Appliance Kit 8.8
1 Github repository
7.2
CVSSv3
CVE-2020-28580
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote malicious user to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
Trendmicro Interscan Web Security Virtual Appliance 6.5
9.8
CVSSv3
CVE-2020-28578
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote malicious user to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
Trendmicro Interscan Web Security Virtual Appliance 6.5
8.8
CVSSv3
CVE-2020-28579
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote malicious user to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
Trendmicro Interscan Web Security Virtual Appliance 6.5
7.2
CVSSv3
CVE-2020-28581
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote malicious user to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
Trendmicro Interscan Web Security Virtual Appliance 6.5
7.8
CVSSv3
CVE-2020-3367
A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local malicious user to perform command injection and elevate privileges to root. This vulnerability is due to ins...
Cisco Asyncos
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »