Lucene search
K

869 matches found

Vulnrichment
Vulnrichment
added 2018/11/08 4:0 p.m.9 views

CVE-2018-0284 Cisco Meraki Local Status Page Privilege Escalation Vulnerability

A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the...

6.8AI score0.01563EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/11/08 4:0 p.m.18 views

CVE-2018-0284 Cisco Meraki Local Status Page Privilege Escalation Vulnerability

A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the...

6.4AI score0.01563EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2018/10/29 12:0 a.m.5 views

The vulnerability in the web interface of the microprogramming software-based network interface cards Cisco RV110W Wireless-N VPN and the multi-functional VPN routers Cisco RV130W Wireless-N and Cisco RV215W Wireless-N VPN allows attackers to disclose sensitive information.

The vulnerability of the web interface of Microprogramming Software for Cisco RV110W Wireless-N VPN and Multi-Function VPN Routers such as Cisco RV130W Wireless-N and Cisco RV215W Wireless-N VPN lies in the insufficient control of access to web interface files. Exploiting this vulnerability can...

6.8CVSS5.5AI score0.03413EPSS
Exploits0References3Affected Software3
CNVD
CNVD
added 2018/10/10 12:0 a.m.3 views

Cisco HyperFlex Software Information Disclosure Vulnerability

Cisco HyperFlex Software is a scalable distributed file system from Cisco USA. The system provides unified compute, storage and networking through cloud management, providing enterprise-class data management and optimization services. An information disclosure vulnerability exists in the...

5.5CVSS5.2AI score0.00286EPSS
Exploits0References1
NVD
NVD
added 2018/10/05 2:29 p.m.18 views

CVE-2018-0463

A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network...

7.5CVSS7.8AI score0.01487EPSS
Exploits0References1
OSV
OSV
added 2018/10/05 2:29 p.m.1 views

CVE-2018-0463

A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network...

7.5CVSS5.8AI score0.01487EPSS
Exploits0References1
Prion
Prion
added 2018/10/05 2:29 p.m.13 views

Input validation

A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network...

5CVSS7.7AI score0.01487EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/10/04 2:29 p.m.4 views

CVE-2018-1670

IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. IBM X-Force ID: 144946...

4.3CVSS5.8AI score0.01208EPSS
Exploits0References3
Cisco
Cisco
added 2018/09/05 4:0 p.m.59 views

Cisco Network Services Orchestrator Network Plug and Play Information Disclosure Vulnerability

A vulnerability in the Cisco Network Plug and Play server component of Cisco Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to gain unauthorized access to configuration data that is stored on an affected NSO system. The vulnerability exists because the Network...

5.9CVSS1.8AI score0.01487EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/08/21 12:0 a.m.5 views

The vulnerability of the microprogramming software of the 4G LTE Light Industrial M2M Router (NWL-25) is related to insufficient protection of configuration data, allowing attackers to gain unauthorized access to protected data.

The vulnerability of the microprogramming software of the 4G LTE Light Industrial M2M Router NWL-25 is related to insufficient protection of configuration data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to configuration files and profiles...

7.8CVSS5.5AI score0.01619EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2018/08/21 12:0 a.m.2 views

Containous Traefik Information Disclosure Vulnerability

Containous Traefik is an open source reverse proxy and load balancing product from French company Containous. An information disclosure vulnerability exists in Containous Traefik version 1.6.x prior to 1.6.6. An attacker can exploit this vulnerability to obtain configuration and sensitive...

7.5CVSS7AI score0.02868EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/17 12:0 a.m.1 views

Information Disclosure Vulnerability in Haiwell C10S0R(-e) PLCs

C10S0R-e PLC is a product in the programmable logic controller PLC series of Xiamen Haiwei Technology Co. The Haiwell C10S0R-e PLC suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain PLC configuration information via unauthorized construction of...

6.3AI score
Exploits0
ThreatPost
ThreatPost
added 2018/08/13 5:26 p.m.40 views

GoDaddy Leaks ‘Map of the Internet’ via Amazon S3 Cloud Bucket Misconfig

UPDATE GoDaddy, the world’s largest domain name registrar, has exposed high-level configuration information for tens of thousands of systems and competitively sensitive pricing options for running those systems in Amazon AWS, thanks to yet another cloud storage misconfiguration. The documents wer...

0.3AI score
Exploits0References2
Prion
Prion
added 2018/07/26 3:29 p.m.20 views

Privilege escalation

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

7.2CVSS7.9AI score0.05059EPSS
Exploits7References9Affected Software2
NVD
NVD
added 2018/07/26 3:29 p.m.15 views

CVE-2018-10900

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

8.8CVSS8.2AI score0.05059EPSS
Exploits7References9
UbuntuCve
UbuntuCve
added 2018/07/26 3:29 p.m.22 views

CVE-2018-10900

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

8.8CVSS7.4AI score0.05059EPSS
Exploits7References3
OSV
OSV
added 2018/07/26 3:29 p.m.29 views

CVE-2018-10900

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

7.8CVSS8AI score0.05059EPSS
Exploits7References9
Cvelist
Cvelist
added 2018/07/26 3:0 p.m.24 views

CVE-2018-10900

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

8.8CVSS7.9AI score0.05059EPSS
Exploits7References9
EUVD
EUVD
added 2018/07/26 3:0 p.m.4 views

EUVD-2018-2957

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

8.8CVSS8.5AI score0.05059EPSS
Exploits7References12
Debian CVE
Debian CVE
added 2018/07/26 3:0 p.m.26 views

CVE-2018-10900

Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...

8.8CVSS8.7AI score0.05059EPSS
Exploits7
Rows per page
Query Builder