805 matches found
CVE-2021-1485
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges on the underlying Linux operating system OS of an affected device. This vulnerability is due to insufficient input validation of...
OpenSC 安全漏洞
OpenSC is an open source smart card tool and middleware. A security vulnerability exists in OpenSC that allows an authenticated, local attacker to access and delete limited resources...
CVE-2021-1375
Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and...
CVE-2021-1281
A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerabilit...
CVE-2021-1434
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this...
Cisco IOS和Cisco IOS XE Software 安全漏洞
Cisco IOS and Cisco IOS XE Software are both products of Cisco, Inc.Cisco IOS is a set of operating systems developed for its network devices.Cisco IOS XE Software is an operating system. A single operating system for enterprise wired and wireless access, aggregation, core, and WAN, Cisco IOS XE...
PT-2021-2447 · Cisco · Cisco Access Points
Name of the Vulnerable Software and Affected Versions: Cisco Access Points Software affected versions not specified Description: A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The issue is due t...
CVE-2021-20259
A flaw was found in the Foreman project. The Proxmox compute resource exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2021-20256
A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
CVE-2021-20256
A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
Design/Logic Flaw
A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with viewhosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...
PT-2021-13860 · Red Hat · Red Hat Satellite
Name of the Vulnerable Software and Affected Versions: Red Hat Satellite affected versions not specified Description: A flaw was found in Red Hat Satellite, where the BMC interface exposes the password through the API to an authenticated local attacker with view hosts permission. This poses a...
CVE-2020-12375
Heap overflow in the BMC firmware for some IntelR Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access...
Intel Ethernet I210 Controller Security Vulnerability
The Intel Ethernet I210 Controller is a hardware device from Intel Corporation USA. Providing a complete network protocol stack provides the basis for enabling small groups of computers in the same local area network as well as wide area networks connected via routing protocols. A security...
PT-2021-2102 · Intel · Intel(R) Soc Driver Package
Name of the Vulnerable Software and Affected Versions: IntelR SOC driver package for STK1A32SC versions prior to 604 Description: The issue is related to insecure inherited permissions for the IntelR SOC driver package, which may allow an authenticated user to potentially enable escalation of...
CVE-2021-1128
A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit...
CVE-2021-1283
A vulnerability in the logging subsystem of Cisco Data Center Network Manager DCNM could allow an authenticated, local attacker to view sensitive information in a system log file that should be restricted. The vulnerability exists because sensitive information is not properly masked before it is...
多款Cisco产品命令注入漏洞
Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. A command injection vulnerability exists in the CLI of Cisco SD-WAN Software. The vulnerability stems from the program not properly validati...
多款 Cisco SD-WAN 产品输入验证错误漏洞
The Cisco SD-WAN vEdge is a router from Cisco, Inc. that provides basic WAN and security and multi-cloud capabilities for Cisco SD-WAN solutions. This device provides basic WAN, security, and multi-cloud capabilities for Cisco SD-WAN solutions.Cisco SD-WAN vManage is software from Cisco that...
PT-2021-1841 · Cisco · Cisco Sd-Wan
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Software affected versions not specified Description: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is du...