Lucene search
K

323 matches found

Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.12 views

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1778)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI comman...

7.2CVSS7AI score0.00463EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.25 views

Cisco NX-OS Software Command Injection Vulnerability (CVE-2019-1784)

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI comman...

7.2CVSS7AI score0.00463EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.26 views

Cisco NX-OS and IOS XE Software Virtual Service Image Signature Bypass (CVE-2019-12662)

A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. The vulnerability is due to improper...

7.2CVSS7.1AI score0.00304EPSS
Exploits0References2
NVD
NVD
added 2023/07/21 3:15 p.m.27 views

CVE-2023-38646

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2...

9.8CVSS9.9AI score0.97924EPSS
Exploits36References6
NVD
NVD
added 2023/07/05 3:15 p.m.15 views

CVE-2023-35976

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level...

6.5CVSS6.7AI score0.0055EPSS
Exploits0References1
OSV
OSV
added 2023/07/05 3:15 p.m.2 views

CVE-2023-35977

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level...

6.5CVSS5.8AI score0.0055EPSS
Exploits0References1
Prion
Prion
added 2023/07/05 3:15 p.m.20 views

Design/Logic Flaw

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level...

4CVSS6.3AI score0.0055EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/05 2:47 p.m.42 views

CVE-2023-35977

CVE-2023-35977 affects ArubaOS with an authenticated information-disclosure issue via the ArubaOS command line interface. The vulnerability allows an authenticated attacker to access data beyond their privilege level, affecting confidentiality (C) with a high impact, while integrity and availabil...

6.5CVSS6.7AI score0.0055EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/05 12:0 a.m.5 views

PT-2023-25400 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS affected versions not specified Description: Vulnerabilities exist that allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond...

6.5CVSS6.3AI score0.0055EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/05 12:0 a.m.6 views

Aruba Networks ArubaOS 信息泄露漏洞

Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks, including Mobility Controllers and Mobility Access Switches, from Aruba Networks, Inc. An information disclosure vulnerability exists in Aruba Networks ArubaOS, which arises from a command line interface that allow...

6.5CVSS6.5AI score0.0055EPSS
Exploits0References2
Kitploit
Kitploit
added 2023/07/03 12:30 p.m.26 views

Wanderer - An Open-Source Process Injection Enumeration Tool Written In C#

Wanderer is an open-source program that collects information about running processes. This information includes the integrity level, the presence of the AMSI as a loaded module, whether it is running as 64-bit or 32-bit as well as the privilege level of the current process. This information is...

7.6AI score
Exploits0References6
OSV
OSV
added 2023/04/18 12:15 p.m.4 views

CVE-2021-41613

An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of Exception Effective Address Register EEAR is not implemented correctly. User programs from authorized privilege levels will be unable to write to EEAR...

4.3CVSS5.5AI score
Exploits0References2
NVD
NVD
added 2023/03/23 5:15 p.m.25 views

CVE-2023-20113

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

8.1CVSS7.3AI score0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/23 12:0 a.m.15 views

CVE-2023-20113 Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management...

6.5CVSS7.7AI score0.00261EPSS
Exploits0References1
OSV
OSV
added 2023/03/01 8:15 a.m.6 views

CVE-2023-22775

A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level...

6.5CVSS5.8AI score0.00584EPSS
Exploits0References1
NVD
NVD
added 2023/03/01 8:15 a.m.18 views

CVE-2023-22775

A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level...

6.5CVSS6.3AI score0.00584EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/28 4:58 p.m.11 views

CVE-2023-22775 Authenticated Sensitive Information Disclosure in ArubaOS Command Line Interface

A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Successful exploitation could allow access to data beyond what is authorized by the users existing privilege level...

6.5CVSS6.6AI score0.00584EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/23 12:0 a.m.9 views

CVE-2023-20011 Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system...

8.8CVSS7.7AI score0.00362EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.31 views

K46524395: Appliance mode vulnerability CVE-2019-6614

Security Advisory Description On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, internal methods used to prevent arbitrary file overwrites in Appliance Mode were not fully effective. An authenticated attacker with a high privilege level may be able to bypass protections implemented i...

6.5CVSS6.6AI score0.01435EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.154 views

K67090077: Apache HTTP Server vulnerability CVE-2022-22720

Security Advisory Description Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling. CVE-2022-22720 Impact Any authenticated user may exploit this vulnerability and cause a...

9.8CVSS8.2AI score0.28189EPSS
Exploits0Affected Software17
Rows per page
Query Builder