8007 matches found
CVE-2021-34771
CVE-2021-34771 affects Cisco IOS XR Software (CLI). The issue stems from insufficient restrictions during execution of a specific command, allowing an authenticated, local attacker to view sensitive configuration information beyond their privileges. Impact is information disclosure (confidentiali...
CVE-2021-34728
CVE-2021-34728 refers to multiple privilege-escalation flaws in Cisco IOS XR Software CLI. An authenticated, local attacker with a low-privileged account can elevate privileges on affected devices, potentially achieving root access. The vulnerabilities affect the CLI handling and are addressed by...
CVE-2021-34722
CVE-2021-34722 = Cisco IOS XR Software Command Injection vulnerabilities in the CLI. An authenticated, local attacker could gain access to the device’s root shell and execute arbitrary commands with root privileges due to improper validation of CLI parameters. Multiple connected sources corrobora...
CVE-2021-34721
Cisco IOS XR Software contains CLI command-injection vulnerabilities (CVE-2021-34721) that could let an authenticated, local attacker gain root access and execute arbitrary commands. Affected component is the CLI; root-shell access would be obtained locally with high privileges. Cisco has issued ...
CVE-2021-34721 Cisco IOS XR Software Command Injection Vulnerabilities
Multiple vulnerabilities in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to gain access to the underlying root shell of an affected device and execute arbitrary commands with root privileges. For more information about these vulnerabilities, see the Details sectio...
CVE-2021-34719
Cisco IOS XR Software contains multiple CLI privilege-escalation vulnerabilities that can be exploited by an authenticated, local attacker with a low-privileged account to gain root access. The underlying issue is described as insufficient validation of user input, with the impact described as el...
Fortinet FortiWeb Buffer Overflow Vulnerability
Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...
Fortinet FortiWeb Buffer Overflow Vulnerability (CNVD-2021-70111)
Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...
Stack overflow
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution...
CVE-2021-36179
Fortinet FortiWeb suffers a stack-based buffer overflow in its CLI interface, enabling an authenticated attacker to execute arbitrary code or commands via crafted config backup parameters. The CVE-2021-36179 affects FortiWeb versions 6.3.14 and earlier and 6.2.4 and earlier. Fortinet’s PSIRT FG-I...
CVE-2021-36179
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution...
CVE-2021-36179
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution...
PT-2021-4146 · Cisco · Cisco Ios Xr
Name of the Vulnerable Software and Affected Versions: Cisco IOS XR Software affected versions not specified Description: A vulnerability in the Cisco IOS XR Software CLI could allow an authenticated, local attacker to view more information than their privileges allow. This issue is due to...
FortiWeb - Multiple stack-based buffer overflow vulnerabilities in CLI command
Multiple stack-based buffer overflow vulnerabilities in FortiWeb CLI interface may allow an authenticated attacker to execute unauthorized code or commands via config backup arguments...
Protect
A debug functionality in FortiGate may allow a privileged user to execute unauthorized code or commands via specific chains of print str and cmd mem cli commands to, respectively, read and write hexadecimal values to any memory address...
FortiAuthenticator - Command injection in CLI
An improper neutralization of special elements used in an OS command vulnerability CWE-78 in the command line interpreter of FortiAuthenticator may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands...
CVE-2021-34733
A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive...
Authentication flaw
A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive...
CVE-2021-34733 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Information Disclosure Vulnerability
A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network EPN Manager could allow an authenticated, local attacker to access sensitive information stored on the underlying file system of an affected system. This vulnerability exists because sensitive...
CVE-2021-34733
Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager expose an information-disclosure vulnerability in their CLI. An authenticated, local attacker could access sensitive data stored on the underlying file system due to insufficient protection of sensitive information. T...