CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

286 matches found

Cisco•added 2018/06/06 4:0 p.m.•39 views

Cisco Unified Computing System Role-Based Access Vulnerability

A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System UCS Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation...

6.7CVSS2.5AI score0.00097EPSS

Exploits0References1

OSV•added 2018/03/08 7:29 a.m.•1 views

CVE-2018-0219

A vulnerability in the web-based management interface of Cisco Unified Computing System UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

6.1CVSS6AI score0.00332EPSS

Exploits0References3

Prion•added 2018/03/08 7:29 a.m.•12 views

Cross site scripting

4.3CVSS6AI score0.00332EPSS

Exploits0References3Affected Software1

Symantec•added 2018/01/03 12:0 a.m.•240 views

Multiple CPU Hardware CVE-2017-5754 Information Disclosure Vulnerability

Description Multiple CPU Hardware are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. Technologies Affected Apple Mac Os X 10.11.6 Apple iOS 11.2 Apple macOS 10.12.6 Apple macOS 10.13.2 Apple tvOS...

4.7CVSS5.9AI score0.9427EPSS

Exploits12References6Affected Software54

CNVD•added 2017/12/04 12:0 a.m.•3 views

Cisco UCS Central Software Session Fixation Vulnerability

Cisco UCS Central Software is the United States Cisco Cisco company's set of global Cisco UCS Unified Computing System resources for server management and monitoring solutions. A session fixation vulnerability exists in the web-based management interface in Cisco UCS Central Software. A remote...

5.4CVSS6.9AI score0.00235EPSS

Exploits0References1

Prion•added 2017/11/30 9:29 a.m.•16 views

Input validation

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted...

2.1CVSS5.8AI score0.00157EPSS

Exploits0References2Affected Software3

OSV•added 2017/11/30 9:29 a.m.•0 views

CVE-2017-12335

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command...

6.3CVSS6AI score

Exploits0References3

Prion•added 2017/11/30 9:29 a.m.•17 views

Command injection

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation of command...

7.2CVSS6.9AI score0.00106EPSS

Exploits0References3Affected Software2

OSV•added 2017/11/30 9:29 a.m.•1 views

CVE-2017-12341

6.7CVSS6AI score0.00421EPSS

Exploits0References2

Prion•added 2017/11/30 9:29 a.m.•19 views

Design/Logic Flaw

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software image. The vulnerability is due to insufficient NX-OS signature verification for software images. An authenticated, local attacker could exploit thi...

4.6CVSS6.3AI score0.00033EPSS

Exploits0References3Affected Software2

Prion•added 2017/11/30 9:29 a.m.•11 views

Command injection

7.2CVSS6.9AI score0.00421EPSS

Exploits0References2Affected Software2

NVD•added 2017/11/30 9:29 a.m.•14 views

CVE-2017-12338

6CVSS5.9AI score0.00157EPSS

Exploits0References2

OSV•added 2017/11/30 9:29 a.m.•4 views

CVE-2017-12332

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installin...

4.4CVSS5.9AI score0.00173EPSS

Exploits0References3

Prion•added 2017/11/30 9:29 a.m.•21 views

Design/Logic Flaw

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit th...

7.2CVSS6.3AI score0.00035EPSS

Exploits0References3Affected Software2

OSV•added 2017/11/30 9:29 a.m.•2 views

CVE-2017-12333

6.7CVSS5.8AI score0.00033EPSS

Exploits0References3

OSV•added 2017/11/30 9:29 a.m.•1 views

CVE-2017-12331

6.7CVSS5.8AI score0.00035EPSS

Exploits0References3

Prion•added 2017/11/30 9:29 a.m.•16 views

Command injection

4.6CVSS7AI score0.0037EPSS

Exploits0References3Affected Software2

Prion•added 2017/11/30 9:29 a.m.•11 views

Design/Logic Flaw

4.9CVSS4.7AI score0.00173EPSS

Exploits0References3Affected Software2

Prion•added 2017/11/30 9:29 a.m.•17 views

Input validation

A vulnerability in the TCL scripting subsystem of Cisco NX-OS System Software could allow an authenticated, local attacker to escape the interactive TCL shell and gain unauthorized access to the underlying operating system of the device. The vulnerability exists due to insufficient input validati...

4.6CVSS5.1AI score0.00104EPSS

Exploits0References3Affected Software2

NVD•added 2017/11/30 9:29 a.m.•12 views

CVE-2017-12332

4.9CVSS4.6AI score0.00173EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by