Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

225 matches found

CNVD
CNVDadded 2018/10/10 12:0 a.m.3 views

Cisco HyperFlex Static Signing Key Authorization Bypass Vulnerability

Cisco HyperFlex Software is a scalable distributed file system from Cisco USA. The system provides unified compute, storage and networking through cloud management, providing enterprise-class data management and optimization services. A security vulnerability exists in Cisco HyperFlex Software...

8.6CVSS8.7AI score0.00676EPSS
Exploits0References1
CNVD
CNVDadded 2018/10/09 12:0 a.m.2 views

Cisco HyperFlex HX Data Platform Software Sensitive Information Disclosure Vulnerability

Cisco HyperFlex HX Data Platform Software is a scalable distributed file system from Cisco USA. The system provides unified compute, storage and networking through cloud management, providing enterprise-class data management and optimization services. An input validation vulnerability exists in t...

5.3CVSS5.5AI score0.00695EPSS
Exploits0References1
NVD
NVDadded 2018/10/05 2:29 p.m.12 views

CVE-2018-15429

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...

5.3CVSS5.2AI score0.00695EPSS
Exploits0References1
OSV
OSVadded 2018/10/05 2:29 p.m.1 views

CVE-2018-15429

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...

5.3CVSS5.8AI score0.00695EPSS
Exploits0References1
OSV
OSVadded 2018/10/05 2:29 p.m.0 views

CVE-2018-15423

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...

4.7CVSS5.8AI score
Exploits0References1
NVD
NVDadded 2018/10/05 2:29 p.m.11 views

CVE-2018-15423

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...

4.7CVSS4.8AI score0.00105EPSS
Exploits0References1
NVD
NVDadded 2018/10/05 2:29 p.m.18 views

CVE-2018-15407

A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual...

5.5CVSS5.1AI score0.00061EPSS
Exploits0References1
OSV
OSVadded 2018/10/05 2:29 p.m.2 views

CVE-2018-15382

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the stat...

8.6CVSS5.8AI score0.00676EPSS
Exploits0References2
NVD
NVDadded 2018/10/05 2:29 p.m.12 views

CVE-2018-15382

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the stat...

8.6CVSS8.6AI score0.00676EPSS
Exploits0References2
Prion
Prionadded 2018/10/05 2:29 p.m.17 views

Input validation

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...

4.3CVSS4.8AI score0.00105EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2018/10/05 2:29 p.m.13 views

Design/Logic Flaw

A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual...

2.1CVSS5.1AI score0.00061EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2018/10/05 2:29 p.m.14 views

Authorization

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...

5CVSS5.2AI score0.00695EPSS
Exploits0References1Affected Software1
Prion
Prionadded 2018/10/05 2:29 p.m.12 views

Session fixation

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the stat...

7.5CVSS8.4AI score0.00676EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2018/10/05 2:0 p.m.13 views

CVE-2018-15382 Cisco HyperFlex Software Static Signing Key Vulnerability

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the stat...

8.6AI score0.00676EPSS
Exploits0References2
CVE
CVEadded 2018/10/05 2:0 p.m.42 views

CVE-2018-15407

CVE-2018-15407 affects Cisco HyperFlex Software. Root cause: during installation, residual installation files are not properly cleaned up, enabling a local, authenticated attacker to read sensitive information about system configuration. The vulnerability is information disclosure via accessible ...

5.5CVSS5.1AI score0.00061EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2018/10/05 2:0 p.m.12 views

CVE-2018-15423 Cisco HyperFlex UI Clickjacking Vulnerability

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...

4.8AI score0.00105EPSS
Exploits0References1
Cvelist
Cvelistadded 2018/10/05 2:0 p.m.9 views

CVE-2018-15407 Cisco HyperFlex World-Readable Sensitive Information Vulnerability

A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual...

5.1AI score0.00061EPSS
Exploits0References1
Cvelist
Cvelistadded 2018/10/05 2:0 p.m.12 views

CVE-2018-15429 Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...

5.2AI score0.00695EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2018/10/05 2:0 p.m.9 views

CVE-2018-15423 Cisco HyperFlex UI Clickjacking Vulnerability

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...

6.9AI score0.00105EPSS
Exploits0References1
CVE
CVEadded 2018/10/05 2:0 p.m.45 views

CVE-2018-15429

The CVE-2018-15429 issue affects Cisco HyperFlex HX Data Platform Software and stems from improper input validation and lack of proper authorization in the web-based UI. An unauthenticated, remote attacker could exploit via malicious HTTP requests to access files containing sensitive data (partia...

5.3CVSS5.2AI score0.00695EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder