361 matches found
Input validation
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...
Input validation
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...
Input validation
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...
CVE-2022-20906 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...
CVE-2022-20906 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...
CVE-2022-20907
CVE-2022-20907 : In Cisco Nexus Dashboard, there are privilege-escalation vulnerabilities caused by insufficient input validation during CLI command execution. An authenticated local attacker could log in as the rescue-user and run a malicious payload to elevate privileges to root on the device. ...
CVE-2022-20908 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...
CVE-2022-20908 Cisco Nexus Dashboard Privilege Escalation Vulnerabilities
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...
Cisco Nexus Dashboard Privilege Escalation Vulnerabilities
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...
Memory corruption
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service DoS. On all Junos platforms, the Kernel Routing Table KRT queue can get stuck due to a memory leak triggered ...
CVE-2022-30526
A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100W firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50W...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.9.38 packages and security update
Red Hat OpenShift Container Platform release 4.9.38 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a...
Design/Logic Flaw
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.9.33 packages and security update
Red Hat OpenShift Container Platform release 4.9.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.9. Red Hat Product Security has rated this update as having a...
GHSA-CPW3-X7GF-P872 Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker-specified name by sending a CLI command to...
Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI
XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...
CVE-2022-20762
A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...
CVE-2022-20762 Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability
A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...
FortiWLC - Access of Uninitialized Pointer vulnerability
An access of uninitialized pointer CWE-824 vulnerability in FortiWLC may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command...
CVE-2021-43780
Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...