CVE-2021-34755

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-34756

Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details section of this advisory...

CVE-2021-34788

A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture HostScan Module is installed on the AnyConnect...

CVE-2021-35028

A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands...

Zyxel Vpn2S 操作系统命令注入漏洞

Zyxel Vpn2S is a reliable and secure Vpn router from China's Heqin Technology Zyxel. The Zyxel VPN2S suffers from an operating system command injection vulnerability that stems from a command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 that could allow an...

Cisco SD-WAN 安全漏洞

Cisco SD-WAN is a highly secure cloud-scale architecture that is open, programmable, and scalable from Cisco USA. A security vulnerability exists in Cisco SD-WAN that results from improper protection of file access through the CLI. The vulnerability could allow an authenticated local attacker to...

PT-2021-5069 · Cisco · Cisco Sd-Wan

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Software affected versions not specified Description: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This issue is due to improper protections on...

CVE-2021-34771 Cisco IOS XR Software Unauthorized Information Disclosure Vulnerability

A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this...

CVE-2021-34719 Cisco IOS XR Software Authenticated User Privilege Escalation Vulnerabilities

Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker with a low-privileged account to elevate privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory...

Cisco Prime Infrastructure信息泄露漏洞

Cisco Prime Infrastructure is a software application from Cisco USA. It is used to simplify the management of wireless and wired networks. An information disclosure vulnerability exists in Cisco Prime Infrastructure and Evolved Programmable Network Manager, which stems from a vulnerability in the...

AppDynamics.NET Agent for Windows 安全漏洞

AppDynamics.NET Agent for Windows is intended to be used if you want to monitor IIS applications, Windows services, or standalone applications. A security vulnerability exists in AppDynamics.NET Agent for Windows versions prior to 21.7, which originates from the .NET Agent Coordinator service...

PT-2021-6860 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 6.4.7 FortiOS versions 7.0.0 through 7.0.2 Description: A buffer overflow in the TFTP client library may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line...

CVE-2021-0062

Improper input validation in some IntelR Graphics Drivers before version 27.20.100.8935 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2021-0003

Improper conditions check in some IntelR Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2021-0002

Improper conditions check in some IntelR Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access...

Linux kernel 代码问题漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable due to a null pointer dereference and OOPS flaw in arch/powerpc/perf/core-book3s.c. By sending a constructed perf record command, an authenticated local attacker can exploit th...

CVE-2021-35030

A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting XSS attack via a crafted LLDP packet...

CVE-2021-21572

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions...

CVE-2021-21573

Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions...

GHSA-F2RP-4RV7-FC95 Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox

A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Versions of...