323 matches found
Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1778)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI comman...
Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1784)
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI comman...
Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass (CVE-2019-12662)
A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...
CVE-2023-38646
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2...
CVE-2023-35976
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level...
CVE-2023-35977
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level...
Design/Logic Flaw
Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level...
CVE-2023-35977
CVE-2023-35977 affects ArubaOS with an authenticated information-disclosure issue via the ArubaOS command line interface. The vulnerability allows an authenticated attacker to access data beyond their privilege level, affecting confidentiality (C) with a high impact, while integrity and availabil...
PT-2023-25400 · Aruba · Arubaos
Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: Vulnerabilities exist that allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond...
Aruba Networks ArubaOS 信息泄露漏洞
Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. An information disclosure vulnerability exists in Aruba Networks ArubaOS, which arises from a command line interface that allow...
Wanderer - An Open-Source Process Injection Enumeration Tool Written In C#
Wanderer is an open-source program that collects information about running processes. This information includes the integrity level, the presence of the AMSI as a loaded module, whether it is running as 64-bit or 32-bit as well as the privilege level of the current process. This information is...
CVE-2021-41613
An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of Exception Effective Address Register EEAR is not implemented correctly. User programs from authorized privilege levels will be unable to write to EEAR...
CVE-2023-20113
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...
CVE-2023-20113 Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...
CVE-2023-22775
A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level...
CVE-2023-22775
A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level...
CVE-2023-22775 Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface
A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level...
CVE-2023-20011 Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system...
K46524395: Appliance mode vulnerability CVE-2019-6614
Security Advisory Description On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented i...
K67090077: Apache HTTP Server vulnerability CVE-2022-22720
Security Advisory Description Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. CVE-2022-22720 Impact Any authenticated user may exploit this vulnerability and cause a...