37 matches found
Cisco IOS XE Software Plug-and-Play Privilege Escalation Vulnerability
A vulnerability in a diagnostic command for the Plug-and-Play PnP subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to the level of an Administrator user level 15 on an affected device. The vulnerability is due to insufficient protection of...
Cisco IOS XE Software 日志信息泄露漏洞
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An elevation of privilege vulnerability exists in the diagnostic command of the Plug and Play PnP subsystem of Cisco IOS XE. The vulnerability stems from inadequate protection of...
Cisco IOS XE Software 安全漏洞
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A local elevation of privilege vulnerability exists in one of the diagnostic test CLI commands for Cisco IOS XE. The vulnerability stems from the fact that the affected software...
Fortinet FortiOS < 6.2.5 Clear Text Information Disclosure (FG-IR-20-009)
According to its self-reported version number, the remote host is running a version of FortiOS prior to 6.2.5. It, therefore, is vulnerable to information disclosure from data stored in clear text that can be accessed via specific commands run on FortiOS' CLI. An authenticated, remote attacker...
CVE-2019-1734
A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance...
Design/Logic Flaw
A vulnerability in the implementation of a CLI diagnostic command in Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to view sensitive system files that should be restricted. The attacker could use this information to conduct additional reconnaissance...
CVE-2018-0088
A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service DoS...
CVE-2018-0088
A vulnerability in one of the diagnostic test CLI commands on Cisco Industrial Ethernet 4010 Series Switches running Cisco IOS Software could allow an authenticated, local attacker to impact the stability of the device. This could result in arbitrary code execution or a denial of service DoS...
Command Injection Vulnerability in Multiple TP-Link Products
TP-Link TL-WVR and others are wireless router products from China P&L TP-LINK. A command injection vulnerability exists in multiple TP-Link products. The vulnerability can be exploited by a remote attacker to execute arbitrary commands by sending an admin/diagnostic command with shell...
CVE-2017-16957
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zonegeteffectdevices function in...
CVE-2017-16957
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zonegeteffectdevices function in...
CVE-2015-5718
Stack-based buffer overflow in the handledebugnetwork function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service crash via a crafted diagnostic command line request to submitnetdebug.cgi...
Oracle Linux 5 : ntp (ELSA-2009-1039)
The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2009-1039 advisory. - fix buffer overflow when parsing Autokey association message 500783, CVE-2009-1252 Tenable has extracted the preceding description block directly fro...
CentOS 4 : ntp (CESA-2009:1040)
An updated ntp package that fixes two security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time...
Scientific Linux Security Update : ntp on SL4.x i386/x86_64
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execut...
RHEL 3 : ntp (RHSA-2009:1651)
An updated ntp package that fixes two security issues is now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time...
Critical: Red Hat Security Advisory: ntp security update
An updated ntp package that fixes two security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time...