Lucene search
+L

442 matches found

vulnrichment
vulnrichment
added 2021/02/04 4:41 p.m.13 views

CVE-2021-1336 Cisco Small Business RV Series Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...

7.2CVSS7.9AI score0.02753EPSS
Exploits0References1
redhat
redhat
added 2021/02/02 2:23 p.m.5 views

shiro: specially crafted HTTP request may cause an authentication bypass

A flaw was found in Apache Shiro in versions prior to 1.6.0. A specially crafted HTTP request may cause an authentication bypass. The highest threat from this vulnerability is to data confidentiality...

7.5CVSS5.7AI score0.48019EPSS
Exploits3References4
cvelist
cvelist
added 2021/01/20 8:0 p.m.21 views

CVE-2021-1349 Cisco SD-WAN vManage Cypher Query Language Injection Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct Cypher query language injection attacks on an affected system. The vulnerability is due to insufficient input validation by the web-based management...

6.5CVSS6.7AI score0.0141EPSS
Exploits0References1
osv
osv
added 2021/01/13 10:15 p.m.4 views

CVE-2021-1209

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

7.2CVSS7.4AI score0.02194EPSS
Exploits0References1
cvelist
cvelist
added 2021/01/13 9:35 p.m.25 views

CVE-2021-1171 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

7.2CVSS7.5AI score0.02194EPSS
Exploits0References1
cvelist
cvelist
added 2021/01/13 9:16 p.m.25 views

CVE-2021-1210 Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote Command Execution and Denial of Service Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

7.2CVSS7.5AI score0.02194EPSS
Exploits0References1
osv
osv
added 2020/12/11 1:15 a.m.4 views

CVE-2020-7535

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' Vulnerability Type vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions,...

7.5CVSS7.2AI score0.01475EPSS
Exploits0References1
cnvd
cnvd
added 2020/12/01 12:0 a.m.2 views

IBM Cloud Pak for Security Information Disclosure Vulnerability (CNVD-2020-68253)

IBM Cloud Pak for Security is an integrated security tool that uses a unified interface to provide deep insight into threats in hybrid multi-cloud environments. An information disclosure vulnerability exists in IBM Cloud Pak for Security 1.3.0.1. An attacker could exploit the vulnerability via a...

5CVSS6AI score0.00976EPSS
Exploits0References1
nvd
nvd
added 2020/11/18 7:15 p.m.17 views

CVE-2020-3586

A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied input in the web-based management interface...

10CVSS9.7AI score0.02451EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2020/11/06 6:17 p.m.12 views

CVE-2020-3592 Cisco SD-WAN vManage Software Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. A...

6.5CVSS7AI score0.00786EPSS
Exploits3References1
redhat
redhat
added 2020/11/04 1:32 a.m.4 views

openwsman: Infinite loop in process_connection() allows denial of service

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in processconnection when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server...

7.5CVSS5.8AI score0.15243EPSS
Exploits0References5
nvd
nvd
added 2020/09/23 1:15 a.m.26 views

CVE-2020-3130

A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP...

6.5CVSS0.0181EPSS
Exploits0References1
nvd
nvd
added 2020/07/31 12:15 a.m.18 views

CVE-2020-3374

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The...

9.9CVSS9.7AI score0.01917EPSS
Exploits0References1
osv
osv
added 2020/07/31 12:15 a.m.3 views

CVE-2020-3374

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The...

9.9CVSS5.8AI score0.01917EPSS
Exploits0References1
cvelist
cvelist
added 2020/07/31 12:1 a.m.17 views

CVE-2020-3374 Cisco SD-WAN vManage Software Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The...

9.9CVSS9.6AI score0.01917EPSS
Exploits0References1
cisco
cisco
added 2020/07/29 4:0 p.m.24 views

Cisco SD-WAN vManage Software Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization, enabling them to access sensitive information, modify the system configuration, or impact the availability of the affected system. The...

9.9CVSS9.7AI score0.01917EPSS
Exploits0References1
osv
osv
added 2020/07/28 3:15 p.m.4 views

CVE-2020-13918

Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information that can be used for a jailbreak via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R71...

7.5CVSS7.1AI score
Exploits0References1
redhat
redhat
added 2020/05/26 10:31 a.m.2 views

varnish: denial of service handling certain crafted HTTP/1 requests

A flaw was found in the way Varnish parsed certain HTTP/1 requests. A remote attacker could use this flaw to crash Varnish by sending specially crafted multiple HTTP/1 requests processed on the same HTTP/1 keep-alive connection. This causes Varnish to restart with a clean cache, causing a denial ...

7.8CVSS7.1AI score0.05789EPSS
Exploits0References5
osv
osv
added 2020/04/03 7:15 p.m.6 views

CVE-2020-6994

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The...

9.8CVSS7.5AI score0.01606EPSS
Exploits0References1
redhatcve
redhatcve
added 2020/03/23 11:31 p.m.25 views

CVE-2020-8551

A denial of service flaw was found in Kubernetes' Kubelet API. A remote attacker can exploit this flaw by sending repeated, crafted HTTP requests to exhaust available memory and cause a crash. Mitigation Prevent unauthenticated or unauthorized access to the Kubelet API...

6.5CVSS1.8AI score0.01141EPSS
Exploits0References5
Rows per page
Query Builder