CVE-2020-3504

The CVE-2020-3504 issue affects Cisco UCS Manager Software Local Management CLI, where improper handling of CLI command parameters could allow an authenticated, local attacker to cause a DoS on affected devices. A successful exploit may cause internal UCS Manager processes to fail to terminate, l...

CVE-2020-3504 Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability

A vulnerability in the local management local-mgmt CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit th...

CVE-2020-3151

A vulnerability in the CLI of Cisco Connected Mobile Experiences CMX could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker cou...

CVE-2020-3446

A vulnerability in Cisco Virtual Wide Area Application Services vWAAS with Cisco Enterprise NFV Infrastructure Software NFVIS-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected devic...

Design/Logic Flaw

A vulnerability in the CLI of Cisco Connected Mobile Experiences CMX could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker cou...

Design/Logic Flaw

A vulnerability in Cisco Connected Mobile Experiences CMX could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An...

Design/Logic Flaw

A vulnerability in Cisco Virtual Wide Area Application Services vWAAS with Cisco Enterprise NFV Infrastructure Software NFVIS-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected devic...

CVE-2020-3151 Cisco Connected Mobile Experiences Restricted Shell Escape Vulnerability

A vulnerability in the CLI of Cisco Connected Mobile Experiences CMX could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker cou...

CVE-2020-3151 Cisco Connected Mobile Experiences Restricted Shell Escape Vulnerability

A vulnerability in the CLI of Cisco Connected Mobile Experiences CMX could allow an authenticated, local attacker with administrative credentials to bypass restrictions on the CLI. The vulnerability is due to insufficient security mechanisms in the restricted shell implementation. An attacker cou...

CVE-2020-3151

CVE-2020-3151 is a Cisco CMX restricted shell escape vulnerability. An authenticated, local attacker with administrative credentials can bypass CLI restrictions due to insufficient security in the restricted shell, enabling execution of normally unauthorized commands with non-root privileges. CNV...

CVE-2020-3152 Cisco Connected Mobile Experiences Privilege Escalation Vulnerability

A vulnerability in Cisco Connected Mobile Experiences CMX could allow an authenticated, local attacker with administrative credentials to execute arbitrary commands with root privileges. The vulnerability is due to improper user permissions that are configured by default on an affected system. An...

CVE-2020-3446 Cisco vWAAS for Cisco ENCS 5400-W Series and CSP 5000-W Series Default Credentials Vulnerability

A vulnerability in Cisco Virtual Wide Area Application Services vWAAS with Cisco Enterprise NFV Infrastructure Software NFVIS-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected devic...

CVE-2020-3446

CVE-2020-3446 affects Cisco vWAAS on ENCS 5400-W and CSP 5000-W with NFVIS-bundled images. An unauthenticated attacker can log into the NFVIS CLI using default, static passwords, potentially gaining administrator privileges. Exploitation requires access to the NFVIS CLI (or CIMC) on the affected ...

CVE-2020-3496 Cisco Small Business Smart and Managed Switches Denial of Service Vulnerability

A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient validation of incoming IPv6 traffic. A...

Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability

A vulnerability in the local management local-mgmt CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper handling of CLI command parameters. An attacker could exploit th...

docker-cli docker-engine security update

docker-cli 19.03.11-5 - Bugfix for 'docker images name' not working on docker 19.03.11-ol - Address CVE-2020-16845 19.03.11-4 - added patch for registry list 19.03.11-3 - update to 19.03.11 for CVE-2020-13401 19.03.1-1.0.0 - update to 19.03.1 19.03-0.0.1 - update to 19.03 18.09.1-1.0.6 - disable...

pocsuite3-1

This is a PoC Proof of Concept framework for vulnerability testing and penetration testing, developed by the Knownsec 404 Team. The framework is called pocsuite3. The framework has a powerful proof-of-concept engine and many features for penetration testers and security researchers. It supports...

CVE-2020-20633

ajaxpolicygenerator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent cookie-law-info 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation...

CVE-2020-20633

CVE-2020-20633 affects the WordPress plugin GDPR Cookie Consent (cookie-law-info) versions 1.8.2 and earlier, via ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php. The vulnerability allows authenticated stored XSS and privilege escalation. The co...

Security Bulletin: Golang Vulnerabilities in IBM Cloud CLI 1.1.0 or earlier

Summary Golang vulnerabilities were found, which could allow an attacker to bypass security restrictions under some circumstances. IBM Cloud CLI version 1.1.0 or earlier is impacted by these vulnerabilities. Vulnerability Details CVEID: CVE-2020-15586 DESCRIPTION: Golang Go is vulnerable to a...