21 matches found
EUVD-2022-26012
Malicious code in bioql PyPI...
EUVD-2024-18041
Malicious code in bioql PyPI...
EUVD-2024-18104
Malicious code in bioql PyPI...
CVE-2024-20326
A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...
Cisco Secure Email and Web Manager Multiple Vulnerabilities (cisco-sa-esa-sma-wsa-xss-bgG5WHOD)
According to its self-reported version, Cisco Secure Email and Web Manager is affected by multiple vulnerabilities. - A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email could allow an authenticated, remote attacker to conduct an XSS attack again...
CVE-2024-20326
A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...
CVE-2024-20389
A vulnerability in the ConfD CLI and the Cisco Crosswork Network Services Orchestrator CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root on the underlying operating system. This vulnerability is due to improper authorization enforcement whe...
CVE-2024-20383
Cisco Secure Email and Web Manager (Cisco AsyncOS) web-based management interface is affected by a stored XSS vulnerability due to insufficient input validation. An authenticated, remote attacker can lure a user to click a crafted link, potentially executing arbitrary script code in the interface...
CVE-2024-20383 Cisco Secure Email and Web Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An...
CVE-2022-20762
A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...
CVE-2022-20762 Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability
A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...
Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure Privilege Escalation Vulnerability
A vulnerability in the Common Execution Environment CEE ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure SMI software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in...
Cisco Releases Security Updates for Multiple Products
Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. CISA encourages...
Cisco Elastic Services Controller Remote Command Execution Vulnerability
Cisco Elastic Services Controller is a cloud and systems management solution. A security vulnerability in the ConfD CLI for Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as a Linux tomcat user on an affected system...
CVE-2017-6689
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected Releases: 2.29.76...
Default credentials
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the admin user, aka an Insecure Default Administrator Credentials Vulnerability. More Information: CSCvc76661. Known Affected Releases: 2.29.76...
Design/Logic Flaw
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to run arbitrary commands as the Linux tomcat user on an affected system. More Information: CSCvc76620. Known Affected Releases: 2.29.76...
CVE-2017-6691
A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.32...
CVE-2017-6691
CVE-2017-6691 affects Cisco Elastic Services Controller (ESC) and its ConfD CLI. The issue arises from improper permissions on certain files in the affected service, enabling an authenticated, remote attacker to access sensitive information on the system. Affected release noted: ESC 2.3(2). Cisco...
CVE-2017-6689
CVE-2017-6689 is a Cisco Elastic Services Controller vulnerability affecting the ConfD CLI, caused by a default, hard-coded admin password. An authenticated remote attacker could log in as admin (SSH port 2024) on affected systems. Known affected release: 2.2(9.76). Cisco advisory notes there are...