322 matches found
CVE-2018-12326
The Redis command line tool 'redis-cli' is vulnerable to a buffer overflow through the -h host command line parameter. The redis-cli may be used by other services; if these services do not adequately filter the host input it could lead to code execution with the privilege level of that service...
ALPINE-CVE-2018-2810
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...
CVE-2017-6020
Leao Consultoria e Desenvolvimento de Sistemas LCDS LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level...
Design/Logic Flaw
Leao Consultoria e Desenvolvimento de Sistemas LCDS LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level...
CVE-2017-6020
Leao Consultoria e Desenvolvimento de Sistemas LCDS LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level...
The vulnerability of the Cisco IOS XE operating system, related to the use of a pre-installed account, allows a perpetrator to gain access to the device.
The vulnerability of the Cisco IOS XE operating system is related to the use of a pre-installed user account. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to the device with privileges level 15...
Cisco IOS XE Software Override Access Vulnerability
Cisco IOS XE Software is an operating system developed by Cisco for its network devices. A security vulnerability exists in Cisco IOS XE Software version 16.x, which arises from the use of a default username and password for an account with level 15 privileges. A remote attacker could use this...
CVE-2018-0150
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due...
Design/Logic Flaw
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due...
CVE-2018-0150
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due...
Cisco IOS XE Software Static Credential Vulnerability
A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot. The vulnerability is due to an undocumented user account with...
PCI DSS v3.2 & Exposing Session ID in URL
Passing the session ID in the URL such as QID 150068 “Session ID in URL” will be marked as a Fail for PCI as of April 15, 2018 in accordance with PCI DSS v3.2. QID 150068 is a PCI Fail according to PCI DSS v3.2 Requirement 6.5.10: 6.5.10 Examine software development policies and procedures and...
CVE-2018-0099
A vulnerability in the web management GUI of the Cisco D9800 Network Transport Receiver could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of GUI command arguments. An attacker could exploit this...
Design/Logic Flaw
A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service DoS...
CVE-2018-0088
A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service DoS...
CVE-2018-0099
The CVE-2018-0099 entry concerns Cisco D9800 Network Transport Receiver, where the web management GUI is vulnerable to a command injection due to insufficient validation of GUI command arguments. An authenticated remote attacker could inject crafted GUI parameters to execute commands on the under...
CVE-2018-2566
Vulnerability in the Integrated Lights Out Manager ILOM component of Oracle Sun Systems Products Suite subcomponent: Remote Console Application. Supported versions that are affected are 3.x and 4.x. Difficult to exploit vulnerability allows low privileged attacker with network access via TLS to...
CVE-2017-6167
CVE-2017-6167 is a race-condition vulnerability in F5 BIG-IP iControl REST that can cause commands to execute with elevated privileges. Affected BIG-IP versions include 13.x (13.0.0), 12.x (12.1.0–12.1.2), 14.x (14.1.x), 15.x (15.0–15.1.1/2), and 16.x (16.0.0–16.0.1). Red Hat and F5 advisories co...
Command injection
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...
CVE-2017-12335
A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command...