CVE-2023-0657

The CVE-2023-0657 entries concern Keycloak, where a flaw is described as improper enforcement of token types when validating signatures locally. This could let an authenticated attacker exchange a logout token for an access token, potentially accessing data outside of enforced permissions. The co...

CVE-2020-25720

A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator...

CVE-2017-13311

The provided connected documents confirm CVE-2017-13311 affects the Android Framework, specifically the read() function in ProcessStats.java, causing a read/write serialization issue that enables a permissions bypass. This can lead to local escalation of privilege, allowing an app to start an act...

CVE-2017-13310

The CVE-2017-13310 issue is described as a read/write serialization bug in ViewPager.java.createFromParcel, causing a permissions bypass and enabling local escalation of privilege (an app could start an activity with system privileges without extra execution privileges). The vulnerability affects...

CVE-2021-1464

CVE-2021-1464 affects Cisco SD-WAN vManage Software. The issue is insufficient input validation for certain commands, allowing an authenticated, remote attacker to bypass authorization and gain restricted access to configuration data by sending crafted requests. Cisco has released software update...

CVE-2021-1484

Cisco SD-WAN vManage Software has a web UI vulnerability (CVE-2021-1484) allowing an authenticated, remote attacker to inject arbitrary commands via crafted device template configuration input, leading to DoS. Root cause: improper input validation of user-supplied device template inputs. Affected...

CVE-2022-20633

Cisco ECE (Enterprise Chat and Email) web-based management interface is affected by CVE-2022-20633. The issue arises from differences in authentication responses during login, enabling unauthenticated remote attackers to perform username enumeration and confirm existing user accounts. The vulnera...

CVE-2021-34751

CVE-2021-34751 affects Cisco Firepower Management Center (FMC) software. The vulnerability stems from improper encryption of sensitive information stored in the FMC GUI configuration manager, allowing an authenticated, low-privilege, remote attacker to view sensitive configuration parameters in c...

CVE-2021-34750

Cisco Firepower Management Center Software contains an information-disclosure vulnerability in its web-based GUI configuration manager. An authenticated, low-privilege attacker could access sensitive configuration parameters in clear text due to improper encryption of stored data. Impact is limit...

CVE-2022-20626

Cisco Prime Access Registrar Appliance exposes a Cross-Site Scripting vulnerability in its web-based management interface. The issue stems from insufficient validation of user-supplied input, allowing an authenticated attacker with device credentials to persuade a user to click a crafted link, po...

CVE-2022-20631

Cisco Enterprise Chat and Email (ECE) exposes a cross-site scripting (XSS) vulnerability in its web-based management interface. An unauthenticated, remote attacker could inject malicious script via the chat window due to improper input validation, potentially executing code in the interface conte...

CVE-2022-20634

Cisco Enterprise Chat and Email (ECE) Web-based management interface vulnerability (CVE-2022-20634) allows an unauthenticated, remote attacker to cause user redirection to a malicious URL via crafted links. Root cause: improper input validation of URL parameters in HTTP requests. Affects Cisco EC...

CVE-2022-20663

CVE-2022-20663 affects Cisco Secure Network Analytics (formerly Stealthwatch Enterprise). The issue is a cross-site scripting (XSS) vulnerability in the web-based management interface caused by insufficient validation of user-supplied input, exploitable when a user clicks a crafted link. An unaut...

CVE-2022-20766

CVE-2022-20766 affects the Cisco ATA 190 Series Analog Telephone Adapter firmware, where a vulnerability in the Cisco Discovery Protocol handling can be triggered by unauthenticated remote Craft packets, leading to a DoS via service restart. The root cause is an out-of-bounds read when processing...

CVE-2022-20793

CVE-2022-20793 affects Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 devices. The root cause is insufficient identity verification in the pairing process, allowing an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. A su...

CVE-2022-20849

CVE-2022-20849 affects Cisco IOS XR Software PPPoE functionality. An unauthenticated, adjacent attacker can send a crafted PPPoE packet sequence that the PPPoE feature does not handle correctly, causing the PPPoE process to repeatedly crash and restart, resulting in denial of service. The issue i...

CVE-2022-20948

CVE-2022-20948 affects the Cisco BroadWorks Hosted Thin Receptionist web management interface. The issue is a cross-site scripting (XSS) vulnerability caused by insufficient input validation in the web UI. An authenticated, remote attacker could lure a user to click a crafted link, triggering exe...

CVE-2023-20004

Three Cisco CVEs (CVE-2023-20004, CVE-2023-20092, CVE-2023-20093) affect the CLI of Cisco TelePresence CE and RoomOS. The root cause is improper access controls on local filesystem files, enabling an authenticated, local attacker to overwrite arbitrary files by placing a symbolic link in a specif...

CVE-2023-20039

CVE-2023-20039 – Cisco IND : A vulnerability in Cisco Industrial Network Director (IND) allows an authenticated, local attacker to read files in the application data directory due to insufficient default file permissions. This could enable viewing sensitive information. Cisco states software upda...

CVE-2023-20060

CVE-2023-20060 relates to Cisco Prime Collaboration Deployment’s web-based management interface. The issue arises from improper validation of user-supplied input, enabling an unauthenticated, remote attacker to lure a user into clicking a crafted link and execute arbitrary script code in the inte...