CVE-2021-1385

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the devic...

Cross site request forgery (csrf)

A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an unauthenticated user to use a crafted HTTP API request to create, read, update, or delete entries in the subscriber database. For example, new administrative users can be added. Th...

CVE-2021-27931

LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service...

Design/Logic Flaw

LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service...

CVE-2021-27931

LumisXP aka Lumis Experience Platform before 10.0.0 allows unauthenticated blind XXE via an API request to PageControllerXml.jsp. One can send a request crafted with an XXE payload and achieve outcomes such as reading local server files or denial of service...

Command injection

rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product...

SaltStack Salt shell injection vulnerability

SaltStack Salt is a new way to manage infrastructure, easy to deploy, up and running in minutes, scales well, easily manages tens of thousands of servers, and is fast enough to communicate between servers in seconds. A shell injection vulnerability exists in the ssh client of the salt-api in...

CVE-2021-3197

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

Sql injection

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

PYSEC-2021-362

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

CVE-2021-3197

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via sshoptions provided in an API request...

CVE-2021-3197

Removed by vendor...

Cisco SD-WAN vManage Software Arbitrary File Creation (cisco-sa-vmanage-file-Y2JSRNRb)

According to its self-reported version, Cisco SD-WAN vManage is affected by an arbitrary file creation vulnerability due to improper validation of requests to APIs. An authenticated, remote attacker can exploit this, by sending malicious requests to an API in the affected system, to conduct...

Cisco Data Center Network Manager Certificate Validation Vulnerability

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A certificate validation vulnerability exists in Cisco Data Center Network Manager...

Cisco Data Center Network Manager 信任管理问题漏洞

Cisco Data Center Network Manager DCNM is a suite of data center network managers from Cisco that provides multiprotocol management of the network and troubleshooting of switch operating conditions and performance. A certificate validation vulnerability exists in Cisco Data Center Network Manager...

CVE-2020-26077

A vulnerability in the access control functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could...

Improper access control

A vulnerability in the access control functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could...

CVE-2020-26077 Cisco IoT Field Network Director Improper Access Control Vulnerability

A vulnerability in the access control functionality of Cisco IoT Field Network Director FND could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could...

Dell OpenManage Server Administrator Path Traversal (DSA-2020-172)

The version of Dell OpenManage Server Administrator OMSA running on the remote host is affected by a path traversal vulnerability due to improper sanitization of user-supplied input to a web API request. An unauthenticated, remote attacker can exploit this, via a crafted request, to gain file...

CVE-2020-12933

CVE-2020-12933 describes a denial-of-service in the D3DKMTEscape handler of the AMD ATIKMDAG.SYS driver (e.g., version 26.20.15029.27017). A crafted D3DKMTEscape request can trigger an out-of-bounds read in Windows kernel memory, with exploitation possible from a non-privileged/guest context. Pub...