Lucene search
K

37 matches found

Cisco
Cisco
added 2021/03/24 4:0 p.m.89 views

Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability

A vulnerability in a diagnostic command for the Plug-and-Play PnP subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user level 15 on an affected device. The vulnerability is due to insufficient protection of...

7CVSS7.7AI score0.00241EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/03/24 12:0 a.m.6 views

Cisco IOS XE Software 日志信息泄露漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An elevation of privilege vulnerability exists in the diagnostic command of the Plug and Play PnP subsystem of Cisco IOS XE. The vulnerability stems from inadequate protection of...

7.8CVSS7.1AI score0.00241EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/03/24 12:0 a.m.5 views

Cisco IOS XE Software 安全漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A local elevation of privilege vulnerability exists in one of the diagnostic test CLI commands for Cisco IOS XE. The vulnerability stems from the fact that the affected software...

7.2CVSS7.2AI score0.00328EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/11/18 12:0 a.m.45 views

Fortinet FortiOS < 6.2.5 Clear Text Information Disclosure (FG-IR-20-009)

According to its self-reported version number, the remote host is running a version of FortiOS prior to 6.2.5. It, therefore, is vulnerable to information disclosure from data stored in clear text that can be accessed via specific commands run on FortiOS' CLI. An authenticated, remote attacker...

6.5CVSS6.6AI score0.00569EPSS
Exploits0References2
OSV
OSV
added 2019/11/05 8:15 p.m.4 views

CVE-2019-1734

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance...

5.5CVSS6.1AI score0.00309EPSS
Exploits0References1
Prion
Prion
added 2019/11/05 8:15 p.m.20 views

Design/Logic Flaw

A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance...

2.1CVSS5.5AI score0.00309EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2018/01/18 6:29 a.m.1 views

CVE-2018-0088

A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service DoS...

7.2CVSS6.7AI score0.0039EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/01/18 6:0 a.m.26 views

CVE-2018-0088

A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service DoS...

7.2AI score0.0039EPSS
Exploits0References2
CNVD
CNVD
added 2017/11/29 12:0 a.m.9 views

Command Injection Vulnerability in Multiple TP-Link Products

TP-Link TL-WVR and others are wireless router products from China P&L TP-LINK. A command injection vulnerability exists in multiple TP-Link products. The vulnerability can be exploited by a remote attacker to execute arbitrary commands by sending an admin/diagnostic command with shell...

9CVSS8.4AI score0.05644EPSS
Exploits2References1
NVD
NVD
added 2017/11/27 10:29 a.m.20 views

CVE-2017-16957

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zonegeteffectdevices function in...

9CVSS9AI score0.05644EPSS
Exploits2References2
Cvelist
Cvelist
added 2017/11/27 10:0 a.m.20 views

CVE-2017-16957

TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zonegeteffectdevices function in...

9AI score0.05644EPSS
Exploits2References2
Cvelist
Cvelist
added 2015/08/12 2:0 p.m.28 views

CVE-2015-5718

Stack-based buffer overflow in the handledebugnetwork function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service crash via a crafted diagnostic command line request to submitnetdebug.cgi...

6.9AI score0.01842EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.30 views

Oracle Linux 5 : ntp (ELSA-2009-1039)

The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2009-1039 advisory. - fix buffer overflow when parsing Autokey association message 500783, CVE-2009-1252 Tenable has extracted the preceding description block directly fro...

6.8CVSS6.8AI score0.21123EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2013/06/29 12:0 a.m.30 views

CentOS 4 : ntp (CESA-2009:1040)

An updated ntp package that fixes two security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time...

6.8CVSS7.2AI score0.21123EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.31 views

Scientific Linux Security Update : ntp on SL4.x i386/x86_64

A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execut...

6.8CVSS7.1AI score0.21123EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2009/12/09 12:0 a.m.36 views

RHEL 3 : ntp (RHSA-2009:1651)

An updated ntp package that fixes two security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time...

6.8CVSS6.7AI score0.32288EPSS
Exploits4References5
RedHat Linux
RedHat Linux
added 2009/05/18 8:51 p.m.36 views

Critical: Red Hat Security Advisory: ntp security update

An updated ntp package that fixes two security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time...

6.8CVSS7.2AI score0.21123EPSS
Exploits2References3
Rows per page
Query Builder