Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilities are below - CVE-2026-20184 CVSS...

CVE-2026-20147

creationtimestamp| type| source ---|---|--- 2026-04-15 16:21:38+00:00| seen| https://infosec.exchange/users/AAKL/statuses/116409637135769540 2026-04-15 17:19:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mjkfozrbcw2y 2026-04-15 19:12:10+00:00| seen|...

CVE-2019-20147

An issue was discovered in GitLab Community Edition CE and Enterprise Edition EE 9.1 through 12.6.1. It has Incorrect Access Control...

Linux Distros Unpatched Vulnerability : CVE-2017-20147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing...

CVE-2021-20147

ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists...

CVE-2025-20147

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting attack XSS on an affected system. This vulnerability is due to improper sanitization of use...

CVE-2024-20147

In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 Note: For MT79XX chipsets / ALPS0913650...

CVE-2024-20147

CVE-2024-20147 concerns a vulnerability in MediaTek Bluetooth firmware where an improper exception handling can lead to a reachable assertion, enabling remote denial of service without privileges or user interaction. Affected components are MediaTek chipsets, including MT79XX (and MT2737, MT3603,...

CVE-2024-20147

In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 Note: For MT79XX chipsets / ALPS0913650...

CVE-2024-20147

In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389046 Note: For MT79XX chipsets / ALPS0913650...

texthold.com Improper Access Control vulnerability OBB-3815104

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-20147

CVE-2023-20147 concerns multiple XSS vulnerabilities in the web-based management interfaces of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers. Root cause: insufficient input validation in the web interface, enabling an unauthenticated, remote attacker to craft HTTP req...

CVE-2017-20147

creationtimestamp| type| source ---|---|--- 2022-09-20 22:39:33+00:00| seen| https://t.me/cibsecurity/50153...

CVE-2017-20147

In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary PIDs when the service is stopped...

CVE-2017-20147

CVE-2017-20147 affects Smokeping on Gentoo (smokeping-2.7.3-r1). The initscript uses a PID file writable by the smokeping user, allowing an attacker to write arbitrary PIDs to that file and cause a denial of service to arbitrary PIDs when the service is stopped. The provided connected documents c...

CVE-2022-20147

creationtimestamp| type| source ---|---|--- 2022-06-15 18:20:42+00:00| seen| https://t.me/cibsecurity/44518...

CVE-2022-20147

CVE-2022-20147 affects Google/Android: the out-of-bounds write in nfa_dm_check_set_config within nfa_dm_main.cc is caused by a missing bounds check. This yields local privilege escalation with no additional execution privileges and no user interaction required. Affected: Android 10–12/12L. Root c...

CVE-2021-20147

Affected product: ManageEngine ADSelfService Plus (below build 6116). Vulnerability: observable response discrepancy in the UMCP operation of the ChangePasswordAPI that can be exploited by an unauthenticated remote attacker to determine whether a Windows domain user exists. Root cause / vulnerabi...

CVE-2019-20147

CVE-2019-20147 affects GitLab Community Edition (CE) and Enterprise Edition (EE) versions 9.1–12.6.1, where an Incorrect Access Control flaw exists in multiple components. The issue, documented across NVD/Red Hat OSV and related feeds, implies that unauthorized users may access data that should b...

CVE-2019-20147

An issue was discovered in GitLab Community Edition CE and Enterprise Edition EE 9.1 through 12.6.1. It has Incorrect Access Control...