Lucene search
+L

81 matches found

NVD
NVD
added 2021/09/09 5:15 a.m.22 views

CVE-2021-34719

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory...

7.8CVSS0.00282EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/06 12:0 a.m.32 views

Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

The Cisco Small Business RV160 and RV260 are is a router. A remote command execution vulnerability exists in the Cisco Small Business RV160 and RV260 series VPN routers. An attacker could exploit the vulnerability to execute arbitrary commands on an affected device...

10CVSS9.4AI score0.02033EPSS
Exploits0References1
Prion
Prion
added 2021/01/20 8:15 p.m.23 views

Design/Logic Flaw

Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory...

7.5CVSS9.4AI score0.02132EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2020/08/17 6:15 p.m.19 views

CVE-2020-3411

A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sendi...

7.5CVSS7.6AI score0.02222EPSS
Exploits0References1
NVD
NVD
added 2020/08/17 4:15 p.m.13 views

CVE-2020-9237

Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126C00E125R5P3 have a user after free vulnerability. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device...

6.7CVSS6.5AI score0.00218EPSS
Exploits0References1
NVD
NVD
added 2020/06/18 3:15 a.m.14 views

CVE-2020-3245

A vulnerability in the web application of Cisco Smart Software Manager On-Prem SSM On-Prem could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this...

5.3CVSS0.01207EPSS
Exploits0References1
NVD
NVD
added 2020/06/15 3:15 p.m.28 views

CVE-2020-1825

FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service DoS vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successf...

6.5CVSS0.00634EPSS
Exploits0References1
Prion
Prion
added 2020/06/03 6:15 p.m.21 views

Authorization

A vulnerability in the authorization controls for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an unauthenticated, remote attacker to execute Cisco IOx API commands without proper authorization. The vulnerability is due to incorrect handling of requests fo...

10CVSS9.4AI score0.03408EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/03 5:41 p.m.28 views

CVE-2020-3214 Cisco IOS XE Software Privilege Escalation Vulnerability

A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious...

6.7CVSS6.5AI score0.00339EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/03/27 12:0 a.m.8 views

PT-2020-17797 · Ultralog · Ultralog Express

Name of the Vulnerable Software and Affected Versions: UltraLog Express device management software affected versions not specified Description: The issue concerns the storage of user information in cleartext by the UltraLog Express device management software. This allows any user to obtain accoun...

8.6CVSS6.8AI score0.00706EPSS
Exploits0References5
Cvelist
Cvelist
added 2020/02/19 7:15 p.m.24 views

CVE-2020-3154 Cisco Cloud Web Security SQL Injection Vulnerability

A vulnerability in the web UI of Cisco Cloud Web Security CWS could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web-based management interface improperly validates SQL values. An authenticated attacker could exploit this...

4.9CVSS5.8AI score0.00869EPSS
Exploits0References1
Prion
Prion
added 2020/02/18 12:15 a.m.16 views

Command injection

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands...

6.5CVSS9AI score0.01144EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2020/01/20 12:0 a.m.4 views

Huawei GaussDB 200 Command Injection Vulnerability

Huawei GaussDB 200 is a distributed parallel relational database system developed by Huawei China based on the open source database Postgres-XC. A command injection vulnerability exists in Huawei GaussDB 200 version 6.5.1, which arises from a program that fails to adequately perform input...

8.8CVSS8AI score0.01144EPSS
Exploits0References1
CVE
CVE
added 2019/12/04 4:37 p.m.48 views

CVE-2018-0730

The CVE-2018-0730 entry describes a command-injection vulnerability in QNAP QTS File Station. An attacker can execute arbitrary commands on the affected device. Root cause is not elaborated beyond an input handling issue in File Station; multiple sources (NVD entry, Red Hat advisory, Tenable plug...

9.8CVSS9.7AI score0.0196EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/10/02 7:6 p.m.22 views

CVE-2019-12688 Cisco Firepower Management Center Remote Code Execution Vulnerability

A vulnerability in the web UI of the Cisco Firepower Management Center FMC could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted...

8.8CVSS9AI score0.03394EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2019/01/24 4:0 p.m.5 views

CVE-2019-1657 Cisco AMP Threat Grid API Key Information Disclosure Vulnerability

A vulnerability in Cisco AMP Threat Grid could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to unsafe creation of API keys. An attacker could exploit this vulnerability by using insecure credentials to gain unauthorized access to the affected...

4.3CVSS6.8AI score0.0145EPSS
Exploits0References2
NVD
NVD
added 2019/01/09 11:29 p.m.16 views

CVE-2018-16198

Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier may allow an attacker on the same network segment to access a non-documented developer screen to perform operations on the affected device...

8.8CVSS8.6AI score0.0047EPSS
Exploits0References2
CVE
CVE
added 2018/12/26 8:0 p.m.78 views

CVE-2018-19615

CVE-2018-19615 affects Rockwell Automation Allen-Bradley PowerMonitor 1000 (all versions). The vulnerability is described as Cross-Site Scripting due to improper neutralization of input during web page generation, enabling a remote attacker to inject arbitrary code into a targeted user’s browser ...

6.1CVSS6.5AI score0.033EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2017/12/26 12:0 a.m.7 views

Huawei SmartCare CSV Injection Vulnerability

Huawei SmartCare is an end-to-end user perception enhancement and assurance solution from Huawei, China, to improve customer experience in the telecom sector. A CSV injection vulnerability exists in Huawei SmartCare. A remote attacker can exploit this vulnerability to inject malicious CSV...

8.8CVSS7.3AI score0.0107EPSS
Exploits0References1
Prion
Prion
added 2017/12/22 5:29 p.m.12 views

Input validation

Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An remote authenticated attacker could inject malicious CSV expression to the affected device...

6.5CVSS8.4AI score0.0107EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder