237 matches found
CVE-2022-20663
A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability is due to insufficient...
CVE-2025-20256
A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating...
CVE-2025-20257
A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Th...
CVE-2025-20257
A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Th...
CVE-2025-20257
Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager are affected by CVE-2025-20257. The issue stems from insufficient authorization enforcement on a specific API, allowing an authenticated, low-privilege user to perform crafted API calls and generate fraudule...
CVE-2025-20257 Cisco Secure Network Analytics API Authorization Vulnerability
A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Th...
CVE-2025-20257 Cisco Secure Network Analytics API Authorization Vulnerability
A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Th...
CVE-2025-20256 Cisco Secure Network Analytics Manager Server-Side Template Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating...
CVE-2025-20256 Cisco Secure Network Analytics Manager Server-Side Template Injection Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating...
CVE-2025-20256
CVE-2025-20256 affects Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager. The issue is in the web-based management interface, caused by insufficient input validation in specific fields. An authenticated administrator can send crafted input to an affected de...
Cisco Secure Network Analytics Manager Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating...
Cisco Secure Network Analytics Manager API Authorization Vulnerability
A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Th...
PT-2025-22380 · Cisco · Cisco Secure Network Analytics Virtual Manager +1
Name of the Vulnerable Software and Affected Versions: Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker with...
Cisco Secure Network Analytics Manager和Cisco Secure Network Analytics Virtual Manager 安全漏洞
Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager are both products of Cisco, Inc.Cisco Secure Network Analytics Manager is a secure network analytics manager. Cisco Secure Network Analytics Manager is a secure network analytics manager.Cisco Secure Network...
PT-2025-22381 · Cisco · Cisco Secure Network Analytics Manager +1
Name of the Vulnerable Software and Affected Versions: Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager affected versions not specified Description: A vulnerability in the API subsystem could allow an authenticated, remote attacker with low privileges to...
CVE-2025-47419
Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from...
CVE-2025-30165 Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a SUB ZeroMQ socket and connect to an XPUB socket on the primary vLLM host. When data ...
CVE-2025-30165 Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
vLLM is an inference and serving engine for large language models. In a multi-node vLLM deployment using the V0 engine, vLLM uses ZeroMQ for some multi-node communication purposes. The secondary vLLM hosts open a SUB ZeroMQ socket and connect to an XPUB socket on the primary vLLM host. When data ...
PT-2025-19899
Name of the Vulnerable Software and Affected Versions vllm versions 0.5.2 through 0.8.5.post1 Description The issue exists in the V0 engine of vLLM, which uses ZeroMQ for multi-node communication. When data is received on the SUB ZeroMQ socket, it is deserialized with pickle, allowing for potenti...
The vulnerability in the web-based interface of the Cisco Secure Network Analytics system (previously known as Cisco Stealthwatch Enterprise) allows a malicious actor to elevate their privileges to the root level.
The vulnerability in the web-based interface of the Cisco Secure Network Analytics system, previously known as Cisco Stealthwatch Enterprise, is related to errors in verifying the cryptographic signature. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root...