26 matches found
EUVD-2019-14872
Malware in sbrugna...
CVE-2024-20462 Cisco ATA 190 Series Analog Telephone Adapter Muliplatform Firmware Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML conte...
Exploit for Path Traversal in Tuzitio Camaleon_Cms
CVE-2024-46986 Camaleon CMS Exploit - Arbitrary File Upload...
CVE-2024-20322
A vulnerability in the access control list ACL processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface...
CVE-2023-20257
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker cou...
Cisco IOS XR Software iPXE Boot Signature Bypass (cisco-sa-iosxr-ipxe-sigbypass-pymfyqgB)
According to its self-reported version, Cisco IOS XR is affected by a vulnerability. - A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to...
Design/Logic Flaw
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further...
Input validation
A vulnerability in the CLI of Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected device that is running in multi-instance mode. This vulnerability is due to...
CVE-2021-1431
A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service DoS condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this...
Race condition
A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service DoS condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this...
CVE-2021-1431 Cisco IOS XE SD-WAN Software vDaemon Denial of Service Vulnerability
A vulnerability in the vDaemon process of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting a denial of service DoS condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this...
CVE-2020-9137
There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful...
CVE-2020-9114
FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause...
CVE-2020-3133 Cisco Email Security Appliance Content Filter Bypass Vulnerability
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit...
CVE-2020-3498
A vulnerability in Cisco Jabber software could allow an authenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of message contents. An attacker could exploit this vulnerability by sending specially crafted messages to a targeted...
Cisco Firepower Threat Defense Software Management Access List Bypass Vulnerability (cisco-sa-ftd-accesslist-bypass-5dZs5qZp)
According to its version and configuration, the Cisco Firepower Threat Defense FTD Software running on the remote device is affected by vulnerability, where an unauthenticated attacker could bypass a configured management interface access list on an affected system. The vulnerability is due to th...
Privilege escalation
An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise the...
CVE-2019-15277 Cisco TelePresence Collaboration Endpoint Software Privilege Escalation Vulnerability
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the...
CVE-2019-1907
A vulnerability in the web server of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by...
CVE-2019-1730 Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must...