1378 matches found
CVE-2021-1484
Cisco SD-WAN vManage Software has a web UI vulnerability (CVE-2021-1484) allowing an authenticated, remote attacker to inject arbitrary commands via crafted device template configuration input, leading to DoS. Root cause: improper input validation of user-supplied device template inputs. Affected...
CVE-2022-20633
Cisco ECE (Enterprise Chat and Email) web-based management interface is affected by CVE-2022-20633. The issue arises from differences in authentication responses during login, enabling unauthenticated remote attackers to perform username enumeration and confirm existing user accounts. The vulnera...
CVE-2021-34751
CVE-2021-34751 affects Cisco Firepower Management Center (FMC) software. The vulnerability stems from improper encryption of sensitive information stored in the FMC GUI configuration manager, allowing an authenticated, low-privilege, remote attacker to view sensitive configuration parameters in c...
CVE-2021-34750
Cisco Firepower Management Center Software contains an information-disclosure vulnerability in its web-based GUI configuration manager. An authenticated, low-privilege attacker could access sensitive configuration parameters in clear text due to improper encryption of stored data. Impact is limit...
CVE-2022-20626
Cisco Prime Access Registrar Appliance exposes a Cross-Site Scripting vulnerability in its web-based management interface. The issue stems from insufficient validation of user-supplied input, allowing an authenticated attacker with device credentials to persuade a user to click a crafted link, po...
CVE-2022-20631
Cisco Enterprise Chat and Email (ECE) exposes a cross-site scripting (XSS) vulnerability in its web-based management interface. An unauthenticated, remote attacker could inject malicious script via the chat window due to improper input validation, potentially executing code in the interface conte...
CVE-2022-20663
CVE-2022-20663 affects Cisco Secure Network Analytics (formerly Stealthwatch Enterprise). The issue is a cross-site scripting (XSS) vulnerability in the web-based management interface caused by insufficient validation of user-supplied input, exploitable when a user clicks a crafted link. An unaut...
CVE-2022-20766
CVE-2022-20766 affects the Cisco ATA 190 Series Analog Telephone Adapter firmware, where a vulnerability in the Cisco Discovery Protocol handling can be triggered by unauthenticated remote Craft packets, leading to a DoS via service restart. The root cause is an out-of-bounds read when processing...
CVE-2022-20793
CVE-2022-20793 affects Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 devices. The root cause is insufficient identity verification in the pairing process, allowing an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device. A su...
CVE-2022-20849
CVE-2022-20849 affects Cisco IOS XR Software PPPoE functionality. An unauthenticated, adjacent attacker can send a crafted PPPoE packet sequence that the PPPoE feature does not handle correctly, causing the PPPoE process to repeatedly crash and restart, resulting in denial of service. The issue i...
CVE-2022-20948
CVE-2022-20948 affects the Cisco BroadWorks Hosted Thin Receptionist web management interface. The issue is a cross-site scripting (XSS) vulnerability caused by insufficient input validation in the web UI. An authenticated, remote attacker could lure a user to click a crafted link, triggering exe...
CVE-2023-20004
Three Cisco CVEs (CVE-2023-20004, CVE-2023-20092, CVE-2023-20093) affect the CLI of Cisco TelePresence CE and RoomOS. The root cause is improper access controls on local filesystem files, enabling an authenticated, local attacker to overwrite arbitrary files by placing a symbolic link in a specif...
CVE-2023-20039
CVE-2023-20039 – Cisco IND : A vulnerability in Cisco Industrial Network Director (IND) allows an authenticated, local attacker to read files in the application data directory due to insufficient default file permissions. This could enable viewing sensitive information. Cisco states software upda...
CVE-2023-20060
CVE-2023-20060 relates to Cisco Prime Collaboration Deployment’s web-based management interface. The issue arises from improper validation of user-supplied input, enabling an unauthenticated, remote attacker to lure a user into clicking a crafted link and execute arbitrary script code in the inte...
CVE-2023-20092
Cisco TelePresence CE and RoomOS CLI have three local arbitrary file-write vulnerabilities (CVE-2023-20092) due to improper local file access controls. An authenticated, local attacker could place a symbolic link to overwrite arbitrary files; exploitation requires a remote support user account. A...
CVE-2023-20094
This CVE (CVE-2023-20094) affects Cisco TelePresence CE and Cisco RoomOS. The issue is caused by improper bounds checks in the affected software, enabling an unauthenticated, adjacent attacker to send a crafted request that can trigger an out-of-bounds read, potentially disclosing sensitive infor...
CVE-2024-20373
CVE-2024-20373 affects Cisco IOS and IOS XE SNMP IPv4 ACL handling. Root cause: extended IPv4 ACLs for SNMP aren’t supported, but extended named IPv4 ACLs can be attached to the SNMP server without warning, causing no ACL to be applied to SNMP listening. Impact: unauthenticated remote SNMP pollin...
CVE-2022-2232
CVE-2022-2232 concerns a LDAP injection in Keycloak’s username lookup, allowing bypass and potentially other actions. Affected: Keycloak package; root cause: LDAP injection during username lookup. Impact: high confidentiality risk; no user interaction required, network vector, privileges not requ...
CVE-2024-3447
A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s-datacount and the size of s-fifobuffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a...
CVE-2022-31667
Harbor (the Harbor registry) is affected by CVE-2022-31667 due to improper authorization when updating a robot account. The issue occurs when a request to update a robot account specifies an account and name belonging to a project the authenticated user cannot access, allowing an attacker to revo...