CVE-2025-37159

Summary: CVE-2025-37159 affects the web management interface of the AOS-CX OS user authentication service. An authenticated remote attacker could hijack an active user session, potentially maintaining unauthorized access to that session and viewing or modifying sensitive configuration data. What’...

Cisco NX-OS Software Operating System Command Injection Vulnerability

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. Cisco NX-OS Software suffers from an operating system command injection vulnerability that stems from insufficient user input validation, which can be exploited by an...

CVE-2025-24323

The CVE-2025-24323 issue affects Intel(R) PCIe Switch software (firmware package and LED mode toggle tool) prior to MR4_1.0b1. The root cause is improper access control, enabling a local, privileged user to escalate privileges. Impact is described as escalation of privilege with local access (no ...

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software is related to buffer overflow in the stack. This allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of Siemens Scalance LPE9403 industrial switches’ microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to trigger a service failure or execute arbitrary code...

Cisco NX-OS Software 安全漏洞

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. A command execution vulnerability exists in Cisco NX-OS Software that stems from insufficient validation of user-supplied input. An attacker could exploit this vulnerabilit...

The vulnerability of the Ethernet Frame Handler component in the microprogramming software for RUGGEDCOM Ethernet switches allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Ethernet Frame Handler component in the microprogrammed software of RUGGEDCOM Ethernet switches is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected...

GHSA-QX34-47FC-VV79 Answer vulnerable to Race Condition

Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4...

NCH Axon PBX Cross-Site Scripting Vulnerability

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. A cross-site scripting vulnerability exists in NCH Axon PBX, which stems from the failure of the product's extension name to properly filter special characters in input data, and can be exploited to execut...

NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55884)

NCH Axon PBX is a virtual phone switch software used in business environments. A cross-site scripting vulnerability exists in NCH Axon PBX, which stems from the failure of the product's primary phone to properly filter incoming data for special characters, which can be exploited to execute...

NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55888)

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...

NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55917)

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...

NCH Axon PBX 路径遍历漏洞

NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The NCH Axon PBX has a security vulnerability that could be exploited by an attacker to send a constructed URL request to the logprop function, which contains a "dot-dot" sequence in the file parameter /...

The vulnerability of the Microsoft Hyper-V Network Switch virtual programmable switch allows a attacker to gain access to protected information.

The vulnerability of the Microsoft Hyper-V Network Switch virtual programmable switch in Windows operating systems is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain access to protected information through a specially created application...

Cisco NX-OS Software Privilege License and Access Control Issues Vulnerability

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. A permission and access control issue vulnerability exists in the Simple Network Management Protocol Access Control Column feature of Cisco NX-OS Software, which can be...

Buffer overflow

A vulnerability in the Link Layer Discovery Protocol LLDP subsystem of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an adjacent, unauthenticated attacker to cause a denial of service DoS condition or execute arbitrary code with root privileges. T...

CVE-2019-1803

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is...

Command injection

A vulnerability in the filesystem management for the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker with administrator rights to gain elevated privileges as the root user on an affected device. The vulnerability is...

CVE-2019-1592

A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Insecure Fabric Authentication Vulnerability

A vulnerability in the Transport Layer Security TLS certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The...

Input validation

A vulnerability in a specific CLI command implementation of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escape a restricted shell on an affected device. The vulnerability is due to insufficient sanitization of user-supplied input when issuing a...