CVE-2019-1914 Cisco Small Business 220 Series Smart Switches Command Injection Vulnerability

A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...

CVE-2019-1904

A vulnerability in the web-based UI web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacke...

CVE-2019-1874 Cisco Prime Service Catalog Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the...

CVE-2019-1783 Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments...

CVE-2019-1776 Cisco NX-OS Software Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command ...

CVE-2019-1727

A vulnerability in the Python scripting subsystem of Cisco NX-OS Software could allow an authenticated, local attacker to escape the Python parser and issue arbitrary commands to elevate the attacker's privilege level. The vulnerability is due to insufficient sanitization of user-supplied...

Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must...

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1784)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI comman...

CVE-2019-1713 Cisco Adaptive Security Appliance Software Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the...

Design/Logic Flaw

The ARM-based hardware debugging feature on Raspberry Pi 3 module B+ and possibly other devices allows non-secure EL1 code to read/write any EL3 the highest privilege level in ARMv8 memory/register via inter-processor debugging. With a debug host processor A running in non-secure EL1 and a debug...

CVE-2019-1755 Cisco IOS XE Software Command Injection Vulnerability

A vulnerability in the Web Services Management Agent WSMA function of Cisco IOS XE Software could allow an authenticated, remote attacker to execute arbitrary Cisco IOS commands as a privilege level 15 user. The vulnerability occurs because the affected software improperly sanitizes user-supplied...

CVE-2018-19017

Several use after free vulnerabilities have been identified in CX-Supervisor Versions 3.42 and prior. When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the...

Privilege Escalation

cfme is vulnerable to privilege escalation attacks. The vulnerability exists as a logic error in validrole in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an...

Authorization

Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privileg...

CVE-2018-7079

Aruba ClearPass Policy Manager guest authorization failure. Certain administrative operations in ClearPass Guest do not properly enforce authorization rules, which allows any authenticated administrative user to execute those operations regardless of privilege level. This could allow low-privileg...

CVE-2018-15368

A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperl...

Cisco Prime Infrastructure Arbitrary File Upload and Command Execution Vulnerability

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure PI has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This...

Cisco Issues New Warning for 6-Month-Old Critical Bug in IOS XE

UPDATE Cisco Systems has issued a second warning for a critical static credential bug in its IOS XE software, which allows an unauthenticated attacker to gain access to targeted systems. The security bulletin comes more than six months after the company initially reported the bug and provided a...

Linux kernel KVM elevation of privilege vulnerability

Linux kernel is the kernel used by the operating system Linux released by the Linux Foundation in the U.S. KVM is one of the kernel-based virtual machines. A security vulnerability exists in KVM 4.10 and later versions of the Linux kernel, which stems from the program's failure to detect the CPL...

.NET Framework Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by...