1378 matches found
CVE-2020-26066
Cisco SD-WAN vManage Software Web UI contains an XML External Entity (XXE) processing vulnerability in certain XML files parsed by the application. An authenticated remote attacker could exploit this flaw to gain read and write access to information stored on the system. Affected component is the...
CVE-2020-26067
CVE-2020-26067 concerns Cisco Webex Teams web interface. Affected component: web-based interface; issue arises from improper validation of usernames. An authenticated, remote attacker can create an account containing malicious HTML/script and join a space with that name, enabling cross-site scrip...
CVE-2020-26063
CVE-2020-26063 — Cisco Integrated Management Controller (IMC) API endpoints have improper authorization checks, enabling an authenticated remote attacker to bypass authorization and actions on the vulnerable system. Exploitation involves sending crafted API requests that could download files or m...
CVE-2020-27124
Cisco ASA SSL/TLS DoS (CVE-2020-27124): Vulnerability in the SSL/TLS handler due to improper error handling on established SSL/TLS connections can cause an unauthenticated remote attacker to reload the device, leading to DoS. Affected products: Cisco ASA Software. Impact: device reload and servic...
CVE-2020-3420
CVE-2020-3420 affects Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). The issue is a cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input in the web-based management interface. An authentica...
CVE-2020-3538
Cisco DCNM (Data Center Network Manager) contains a path traversal vulnerability in a REST API endpoint that allows an authenticated, remote attacker to overwrite or list arbitrary files on affected devices. The issue stems from insufficient path restrictions, exploitable by sending crafted HTTP ...
CVE-2021-1234
Affected product/edition: Cisco SD-WAN vManage Software (cluster mode)\nVulnerability summary: In the cluster management interface, there is an absence of authentication for sensitive information, allowing an unauthenticated, remote attacker to view sensitive data by sending a crafted request.\nR...
CVE-2021-1379
CVE-2021-1379 affects Cisco IP Phone Series 68xx/78xx/88xx via Cisco Discovery Protocol and LLDP processing. Root cause: missing checks when handling Cisco Discovery Protocol or LLDP packets, allowing an unauthenticated, adjacent attacker (Layer 2) to execute code remotely or cause a reload, resu...
CVE-2021-1424
CVE-2021-1424 concerns Cisco ASR 5000 Series Software (StarOS) where the ipsecmgr process is vulnerable to unauthenticated, remote DoS via specially malformed IKEv2 packets. The issue stems from insufficient validation of incoming IKEv2 traffic, and exploitation can cause the ipsecmgr process to ...
CVE-2021-1440
Cisco IOS XR Software contains a DoS vulnerability in the RPKI feature due to incorrect handling of RTR header packets. An unauthenticated attacker can trigger BGP process crashes by sending specially crafted RTR packets (or via MITM impersonation of the RPKI validator) over RTR TCP, causing the ...
CVE-2021-1444
CVE-2021-1444 affects Cisco ASA and Cisco FTD/FMC web services interface. The issue arises from insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to lure a user into clicking a crafted link and trigger cross-site scripting (XSS) in the interface context....
CVE-2021-1462
CVE-2021-1462 affects Cisco SD-WAN vManage Software CLI. The issue arises from an incorrect privilege assignment that lets an authenticated local attacker with a valid Administrator account create a malicious file that the system later parses, potentially granting the attacker root privileges on ...
CVE-2023-43091
GNOME Maps (GNOME Maps) is affected by CVE-2023-43091 due to a code injection flaw in its service.json configuration file. A malicious configuration can cause arbitrary code execution, as documented across multiple sources in the connected data. The issue is confirmed by CVE descriptions and rela...
CVE-2024-0793
CVE-2024-0793 – Kubernetes kube-controller-manager DoS (KCM pods churn) Affects kube-controller-manager where applying an HPA YAML without a .spec.behavior.scaleUp block can cause denial of service via KCM pods restarting (restart churn). The issue is documented in multiple sources, with IBM X-Fo...
CVE-2023-6110
OpenStack CVE-2023-6110 describes a flaw where deleting a non-existent access rule within a scope can cause other existing access rules (not linked to any application credentials) to be deleted. The vulnerability is linked to the OpenStack component handling access rule deletion. The documented i...
CVE-2023-0657
The CVE-2023-0657 entries concern Keycloak, where a flaw is described as improper enforcement of token types when validating signatures locally. This could let an authenticated attacker exchange a logout token for an access token, potentially accessing data outside of enforced permissions. The co...
CVE-2020-25720
A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator...
CVE-2017-13311
The provided connected documents confirm CVE-2017-13311 affects the Android Framework, specifically the read() function in ProcessStats.java, causing a read/write serialization issue that enables a permissions bypass. This can lead to local escalation of privilege, allowing an app to start an act...
CVE-2017-13310
The CVE-2017-13310 issue is described as a read/write serialization bug in ViewPager.java.createFromParcel, causing a permissions bypass and enabling local escalation of privilege (an app could start an activity with system privileges without extra execution privileges). The vulnerability affects...
CVE-2021-1464
CVE-2021-1464 affects Cisco SD-WAN vManage Software. The issue is insufficient input validation for certain commands, allowing an authenticated, remote attacker to bypass authorization and gain restricted access to configuration data by sending crafted requests. Cisco has released software update...