81 matches found
CVE-2021-34719
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory...
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
The Cisco Small Business RV160 and RV260 are is a router. A remote command execution vulnerability exists in the Cisco Small Business RV160 and RV260 series VPN routers. An attacker could exploit the vulnerability to execute arbitrary commands on an affected device...
Design/Logic Flaw
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory...
CVE-2020-3411
A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sendi...
CVE-2020-9237
Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126C00E125R5P3 have a user after free vulnerability. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device...
CVE-2020-3245
A vulnerability in the web application of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this...
CVE-2020-1825
FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service DoS vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successf...
Authorization
A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests fo...
CVE-2020-3214 Cisco IOS XE Software Privilege Escalation Vulnerability
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious...
PT-2020-17797 · Ultralog · Ultralog Express
Name of the Vulnerable Software and Affected Versions: UltraLog Express device management software affected versions not specified Description: The issue concerns the storage of user information in cleartext by the UltraLog Express device management software. This allows any user to obtain accoun...
CVE-2020-3154 Cisco Cloud Web Security SQL Injection Vulnerability
A vulnerability in the web UI of Cisco Cloud Web Security CWS could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this...
Command injection
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands...
Huawei GaussDB 200 Command Injection Vulnerability
Huawei GaussDB 200 is a distributed parallel relational database system developed by Huawei China based on the open source database Postgres-XC. A command injection vulnerability exists in Huawei GaussDB 200 version 6.5.1, which arises from a program that fails to adequately perform input...
CVE-2018-0730
The CVE-2018-0730 entry describes a command-injection vulnerability in QNAP QTS File Station. An attacker can execute arbitrary commands on the affected device. Root cause is not elaborated beyond an input handling issue in File Station; multiple sources (NVD entry, Red Hat advisory, Tenable plug...
CVE-2019-12688 Cisco Firepower Management Center Remote Code Execution Vulnerability
A vulnerability in the web UI of the Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted...
CVE-2019-1657 Cisco AMP Threat Grid API Key Information Disclosure Vulnerability
A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected...
CVE-2018-16198
Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device...
CVE-2018-19615
CVE-2018-19615 affects Rockwell Automation Allen-Bradley PowerMonitor 1000 (all versions). The vulnerability is described as Cross-Site Scripting due to improper neutralization of input during web page generation, enabling a remote attacker to inject arbitrary code into a targeted user’s browser ...
Huawei SmartCare CSV Injection Vulnerability
Huawei SmartCare is an end-to-end user perception enhancement and assurance solution from Huawei, China, to improve customer experience in the telecom sector. A CSV injection vulnerability exists in Huawei SmartCare. A remote attacker can exploit this vulnerability to inject malicious CSV...
Input validation
Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...