2877 matches found
Input validation
A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation of...
Design/Logic Flaw
A vulnerability in the access point AP joining process of the Control and Provisioning of Wireless Access Points CAPWAP protocol of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...
CVE-2023-20067 Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability
A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation of...
CVE-2023-20100 Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Join Denial of Service Vulnerability
A vulnerability in the access point AP joining process of the Control and Provisioning of Wireless Access Points CAPWAP protocol of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...
CVE-2023-20100 Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Join Denial of Service Vulnerability
A vulnerability in the access point AP joining process of the Control and Provisioning of Wireless Access Points CAPWAP protocol of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...
CVE-2023-20067
Cisco IOS XE Software for Wireless LAN Controllers (WLCs) is affected by CVE-2023-20067 due to insufficient input validation in the HTTP-based client profiling feature, enabling an unauthenticated adjacent attacker to cause DoS by sending crafted traffic through a wireless AP. The issue can eleva...
CVE-2023-20067 Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability
A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation of...
Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability
A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient input validation of...
Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Join Denial of Service Vulnerability
A vulnerability in the access point AP joining process of the Control and Provisioning of Wireless Access Points CAPWAP protocol of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...
PT-2023-2267 · Cisco · Cisco Ios Xe
Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software for Wireless LAN Controllers WLCs affected versions not specified Description: A vulnerability in the access point AP joining process of the Control and Provisioning of Wireless Access Points CAPWAP protocol could allow ...
The vulnerability of the command-line interface of SiPass IP access integrated controllers allows a hacker to execute arbitrary code.
The vulnerability of the command-line interface of SiPass IP access integrated controllers is related to errors in processing input data. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the root user...
The vulnerability in the web interface for controlling Siemens SCALANCE industrial switches allows a hacker to execute arbitrary code.
The vulnerability in the web interface for controlling Siemens SCALANCE microprogrammable industrial controllers exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2023-27483
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...
CVE-2023-27484
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...
Code injection
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...
CVE-2023-27484
Summary : CVE-2023-27484 affects crossplane-runtime (Go libraries) used for building Kubernetes controllers in Crossplane stacks. A highly privileged user who can create or update Compositions can specify an arbitrarily high index in a patch’s ToFieldPath. If the index exceeds the current target ...
CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...
CVE-2023-27484 Unchecked fieldpath index in Composition's patches can lead to arbitrary memory allocation in crossplane
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to...
CVE-2023-27483 fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime
crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper...
CVE-2023-27483
CVE-2023-27483 affects crossplane-runtime: the fieldpath package’s Paved.SetValue can grow slices to very large sizes when given unvalidated input, causing an out-of-memory panic. Affected code path is the Paved.SetValue method that writes values along a path without validation, with the index ca...