CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1098 matches found

Tenable Nessus•added 2021/02/01 12:0 a.m.•25 views

Cisco SD-WAN vManage Authorization Bypass (cisco-sa-sdwan-abyp-TnGFHrS)

According to its self-reported version, Cisco SD-WAN vManage is affected by multiple authorization bypass vulnerabilities: - An authorization bypass vulnerability exists in the web-based management interface due to insufficient authorization checks. An authenticated, remote attacker can exploit...

8.8CVSS6.4AI score0.0196EPSS

Exploits0References7

ThreatPost•added 2021/01/20 9:47 p.m.•66 views

Critical Cisco SD-WAN Bugs Allow RCE Attacks

Cisco is warning of multiple, critical vulnerabilities in its software-defined networking for wide-area networks SD-WAN solutions for business users. Cisco issued patches addressing eight buffer-overflow and command-injection SD-WAN vulnerabilities. The most serious of these flaws could be...

2.2AI score0.04383EPSS

Exploits0References9

NVD•added 2021/01/20 9:15 p.m.•19 views

CVE-2021-1222

A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values...

8.1CVSS7.5AI score0.01247EPSS

Exploits0References1

Prion•added 2021/01/20 9:15 p.m.•21 views

Sql injection

Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates value...

6.4CVSS9.4AI score0.01391EPSS

Exploits0References1Affected Software1

NVD•added 2021/01/20 8:15 p.m.•25 views

CVE-2021-1257

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The...

8.8CVSS7.7AI score0.00836EPSS

Exploits0References2

Vulnrichment•added 2021/01/20 8:11 p.m.•10 views

CVE-2021-1222 Cisco Smart Software Manager Satellite SQL Injection Vulnerability

6.8CVSS7.7AI score0.01247EPSS

Exploits0References1

Cvelist•added 2021/01/20 8:11 p.m.•20 views

CVE-2021-1222 Cisco Smart Software Manager Satellite SQL Injection Vulnerability

6.8CVSS8.5AI score0.01247EPSS

Exploits0References1

CVE•added 2021/01/20 8:11 p.m.•88 views

CVE-2021-1225

CVE-2021-1225 corresponds to SQL injection vulnerabilities in Cisco SD-WAN vManage’s web-based management interface, caused by improper validation of SQL queries. This could allow an unauthenticated, remote attacker to modify or retrieve values from the underlying database or operating system. Ci...

9.1CVSS8.5AI score0.01391EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2021/01/20 8:10 p.m.•9 views

CVE-2021-1253 Cisco Data Center Network Manager Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager DCNM could allow a remote attacker with network-operator privileges to conduct a cross-site scripting XSS attack or a reflected file download RFD attack against a user of the interface. For more...

6.5CVSS5.9AI score0.00614EPSS

Exploits0References1

CVE•added 2021/01/20 7:57 p.m.•95 views

CVE-2021-1257

CVE-2021-1257 affects Cisco DNA Center (web-based management interface) with CSRF in versions prior to 2.1.2.0. An unauthenticated, remote attacker can lure a logged-in user to a crafted link, causing actions on the device with the user’s privileges, including modifying configuration, disconnecti...

8.8CVSS8.1AI score0.00836EPSS

Exploits0References2Affected Software1

CVE•added 2021/01/20 7:57 p.m.•66 views

CVE-2021-1270

CVE-2021-1270 affects Cisco Data Center Network Manager (DCNM) via vulnerabilities in the web-based management interface that allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The root cause is failure to properly restrict access to administrat...

6.5CVSS6.4AI score0.00639EPSS

Exploits0References1Affected Software1

CVE•added 2021/01/20 7:55 p.m.•63 views

CVE-2021-1304

Cisco SD-WAN vManage web-based management interface contains authorization bypass vulnerabilities (CVE-2021-1304). An authenticated, remote attacker can bypass authorization to modify configurations and access sensitive information they are not authorized to view. Root cause cited in public advis...

8.8CVSS7.8AI score0.01616EPSS

Exploits0References1Affected Software1

Cisco•added 2021/01/20 4:0 p.m.•67 views

Cisco Data Center Network Manager Vulnerabilities

6.5CVSS5.9AI score0.0094EPSS

Exploits0References1

Cisco•added 2021/01/20 4:0 p.m.•65 views

Cisco Smart Software Manager Satellite SQL Injection Vulnerability

6.8CVSS1.1AI score0.01247EPSS

Exploits0References1

NVD•added 2021/01/13 10:15 p.m.•12 views

CVE-2021-1209

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

9CVSS7.3AI score0.02194EPSS

Exploits0References1

NVD•added 2021/01/13 10:15 p.m.•12 views

CVE-2021-1183

9CVSS7.3AI score0.02194EPSS

Exploits0References1

NVD•added 2021/01/13 10:15 p.m.•19 views

CVE-2021-1177

9CVSS7.3AI score0.02194EPSS

Exploits0References1

NVD•added 2021/01/13 10:15 p.m.•19 views

CVE-2021-1167