Lucene search
+L

131 matches found

cisco
cisco
added 2023/11/01 4:0 p.m.50 views

Cisco Firepower Management Center Software Command Injection Vulnerability

A vulnerability in the web services interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense FTD device that is managed by the FMC Software. This vulnerability is...

9.9CVSS9.4AI score0.15821EPSS
Exploits4References1
prion
prion
added 2023/09/21 2:15 p.m.18 views

Design/Logic Flaw

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also includes some debug functions...

4.3CVSS8.6AI score0.00159EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2023/09/13 4:15 p.m.24 views

CVE-2023-4828

An improper check for an exceptional condition in the Insider Threat Management ITM Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure...

6.4CVSS6.2AI score0.00298EPSS
Exploits0References2
nvd
nvd
added 2023/04/11 3:15 p.m.24 views

CVE-2023-1552

ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configurati...

7.8CVSS6.8AI score0.00241EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2022/12/06 12:0 a.m.5 views

CVE-2022-39091

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed...

6.9AI score0.00109EPSS
Exploits0References1
osv
osv
added 2022/05/24 7:16 p.m.2 views

GHSA-6Q4G-84F3-MW74 Improper handling of equivalent directory names on Windows in Jenkins

Jenkins stores jobs and other entities on disk using their name shown on the UI as file and folder names. On Windows, when specifying a file or folder with a trailing dot character example., the file or folder will be treated as if that character was not present example. As both are legal names f...

6.3CVSS5.9AI score0.00967EPSS
Exploits0References4
bdu_fstec
bdu_fstec
added 2021/08/25 12:0 a.m.7 views

The vulnerability of the Modbus protocol implementation in microprogrammed software for programmable logic controllers like Modicon Quantum allows a intruder to trigger malfunctions in the equipment or unauthorized changes to its configuration.

The vulnerability of the Modbus protocol implementation in microprogrammed logic controllers like Modicon Quantum is related to errors in privilege management. Exploiting this vulnerability could allow an attacker to cause service failures or unauthorized changes to the PLC’s configuration...

9.4CVSS7.7AI score0.01399EPSS
Exploits0References2
jvn
jvn
added 2021/08/17 5:9 a.m.23 views

Multiple vulnerabilities in D-Link router DSL-2750U

Overview D-Link router DSL-2750U is vulnerable to unauthorized configuration modification CWE-15, CVE-2021-3707 and OS command injection CWE-78, CVE-2021-3708. Mohammed Hadi reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An unauthenticated attacker on t...

8.8CVSS7.5AI score0.24563EPSS
Exploits2References9
cnvd
cnvd
added 2021/08/17 12:0 a.m.25 views

D-Link DSL-2750U Unauthorized Configuration Modification Vulnerability

The D-Link DSL-2750U is a wireless N 300 ADSL2 modem router.An unauthorized configuration modification vulnerability exists in the D-Link DSL-2750U ME1.16 and earlier versions. An attacker could use this vulnerability to modify the configuration without authorization...

5.5CVSS4.6AI score0.01541EPSS
Exploits2References1
nvd
nvd
added 2021/08/16 5:15 a.m.49 views

CVE-2021-3707

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device...

5.5CVSS0.01541EPSS
Exploits2References3
prion
prion
added 2021/08/16 5:15 a.m.25 views

Command injection

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device...

2.1CVSS6.5AI score0.24563EPSS
Exploits2References3Affected Software1
cvelist
cvelist
added 2021/08/16 4:55 a.m.55 views

CVE-2021-3707

D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device...

6.6AI score0.01541EPSS
Exploits2References3
cve
cve
added 2021/08/16 4:55 a.m.136 views

CVE-2021-3707

CVE-2021-3707 (and CVE-2021-3708) affects D-Link DSL-2750U routers with firmware vME1.16 or earlier. The issues allow an unauthenticated attacker on the local network to perform dangerous actions: CVE-2021-3707 enables unauthorized configuration modification, while CVE-2021-3708 enables OS comman...

5.5CVSS6.4AI score0.01541EPSS
Exploits2References3Affected Software1
cnnvd
cnnvd
added 2021/08/16 12:0 a.m.18 views

D-Link DSL-2750U安全漏洞

The D-Link DSL-2750U is a wireless N 300 ADSL2 modem router.An unauthorized configuration modification vulnerability exists in the D-Link DSL-2750U ME1.16 and earlier versions. An attacker could use this vulnerability to modify the configuration without authorization...

5.5CVSS5.6AI score0.01541EPSS
Exploits2References4
hp
hp
added 2021/08/13 12:0 a.m.42 views

HP LaserJet Pro Printer - Potential vulnerabilities to unauthorized configuration and denial of service

Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset, or create a Denial of Service on the device. Update your printer firmware...

7.3CVSS2.4AI score0.01787EPSS
Exploits0
cnnvd
cnnvd
added 2021/05/24 12:0 a.m.6 views

Bluetooth Mesh 安全漏洞

Bluetooth Mesh is an application. A configuration file for Bluetooth. A security vulnerability exists in Bluetooth Mesh that allows devices without AuthValue to complete configuration without forcing AuthValue...

8.8CVSS8.2AI score0.00852EPSS
Exploits0References7
nvd
nvd
added 2021/05/14 12:15 p.m.21 views

CVE-2020-27149

By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed...

6.5CVSS0.00691EPSS
Exploits0References2
nvd
nvd
added 2021/01/05 11:15 p.m.25 views

CVE-2020-7336

Cross Site Request Forgery vulnerability in McAfee Network Security Management NSM prior to 10.1.7.35 and NSM 9.x prior to 9.2.9.55 may allow an attacker to change the configuration of the Network Security Manager via a carefully crafted HTTP request...

6.6CVSS6.4AI score0.00523EPSS
Exploits0References1
nvd
nvd
added 2020/04/08 8:15 p.m.19 views

CVE-2020-1630

A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines RE, Virtual Chassis VC or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This...

5.5CVSS5.3AI score0.00221EPSS
Exploits0References1
prion
prion
added 2020/04/08 8:15 p.m.14 views

Privilege escalation

A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines RE, Virtual Chassis VC or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This...

2.1CVSS5.7AI score0.00221EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder