1481 matches found
Cisco Small Business RV Series Routers CVE-2019-15957 Remote Command Injection Vulnerability
Description Cisco Small Business RV Series Routers are prone to a remote command injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands with root privileges in the context of the affected device. This issue is being tracked by Cisco Bug IDs...
Google Android Media Framework Multiple Local Privilege Escalation Vulnerabilities
Description Google Android is prone to multiple local privilege-escalation vulnerabilities. A local attacker can exploit these issues to execute arbitrary code with elevated privileges within the context of the privileged process. These issues are being tracked by Android Bug IDs A-137283376,...
Cisco Firepower Management Center Multiple Cross-Site Scripting Vulnerabilities (cisco-sa-20191016-firepwr-xss)
According to its self-reported version, Cisco Firepower Management Center is affected by multiple cross-site scripting XSS vulnerabilities due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to...
Cisco Finesse Appliance Multiple Cross-Site Scripting Vulnerabilities (Cisco-SA-20150818-CVE-2015-4310)
According to its self-reported version, the Cisco Finesse appliance is affected by multiple cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to...
Cisco Firepower Management Center CVE-2019-15280 HTML Injection Vulnerability
Description Cisco Firepower Management Center is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attack...
Cisco Firepower Management Center Multiple Cross Site Scripting Vulnerabilities
Description Cisco Firepower Management Center is prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
Cisco TelePresence CE Software CVE-2019-15275 Local Privilege Escalation Vulnerability
Description Cisco TelePresence Collaboration Endpoint Software is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary commands with root level privileges. This issue is being tracked by Cisco Bug IDs CSCvq29890 and CSCvq29895. Versions...
Cisco Unified Intelligence Center (CUIC) Software Cross-Site Scripting Vulnerability
Cross-site scripting XSS vulnerability in Cisco Unified Intelligence Center CUIC 8.5.4 through 9.11, as used in Unified Contact Center Express 10.01 through 11.01, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652. C Tenable...
Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability
The jspringsecurityswitchuser function in Cisco Unified Intelligence Center CUIC 8.5.4 through 9.11, as used in Unified Contact Center Express 10.01 through 11.01, allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. C Tenable...
Qualcomm Closed Source Components Multiple Unspecified Vulnerabilities
Description Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-122474427, A-129766175, A-129765090,...
Multiple Cisco Products CVE-2019-12700 Denial of Service Vulnerability
Description Multiple Cisco Products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the resource exhaustion and reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco bug IDs CSCvm92401, CSCvn83385...
Cisco Firepower Threat Defense Software CVE-2019-12694 Local Command Injection Vulnerability
Description Cisco Firepower Threat Defense Software is prone to a local command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands on the underlying OS with root privileges. This issue being tracked by Cisco Bug IDs CSCvo45799. Technologies Affect...
Cisco Firepower System Software Multiple Security Bypass Vulnerabilities
Description Cisco Firepower System Software is prone to multiple security-bypass vulnerabilities. Remote attackers can exploit these issues to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Cisco Bug IDs CSCvo70545...
Cisco Firepower Threat Defense Software Multiple Security Bypass Vulnerabilities
Description Cisco Firepower Threat Defense Software is prone to multiple security-bypass vulnerabilities. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions and perform unauthorized actions. These issues are being tracked by Cisco Bug IDs CSCvm14296...
Cisco FXOS and Firepower Threat Defense Software Multiple Local Command Injection Vulnerabilities
Description Cisco FXOS and Firepower Threat Defense Software are prone to multiple local command-injection vulnerabilities. An attacker may exploit these issues to inject and execute arbitrary commands on the underlying OS with root privileges. These issues are being tracked by Cisco Bug IDs...
Cisco Prime Infrastructure CVE-2019-12712 Cross Site Scripting Vulnerability
Description Cisco Prime Infrastructure is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
Rockwell Automation Stratix Ethernet Switches < 15.3 IOS DHCP Reload
Binary data 720228.prm...
CVE-2018-0367
A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is due to...
CVE-2018-0386
A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker...
Command injection
A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could exploit this...