Lucene search
K

5224 matches found

Cisco
Cisco
added 2017/11/29 4:0 p.m.29 views

Cisco NX-OS System Software CLI Arbitrary File Read Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to read the contents of arbitrary files. The vulnerability is due to insufficient input validation for a specific CLI command. An attacker could exploit this vulnerability by issuing a crafted...

6CVSS5.9AI score0.00377EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.29 views

Cisco NX-OS System Software Patch Installation Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation during the...

6.7CVSS6.9AI score0.0068EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.30 views

Cisco WebEx Event Center Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Event Center could allow an authenticated, remote attacker to view unlisted meeting information. The vulnerability is due to a design flaw in the product. An attacker could execute a query on an Event Center site to view scheduled meetings. A successful query would...

4.3CVSS4.6AI score0.01239EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.26 views

Cisco NX-OS System Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. An attacker would need valid administrator credentials to perform this exploit. The vulnerability is due to insufficient input validation of command...

6.7CVSS7AI score0.00603EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.42 views

Cisco Jabber Information Disclosure Vulnerability

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber...

4CVSS4.2AI score0.00387EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.40 views

Cisco FXOS and NX-OS System Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco Firepower Extensible Operating System FXOS and NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacke...

6.3CVSS6.9AI score0.01103EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.28 views

Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...

6.1CVSS6.1AI score0.0122EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.41 views

Cisco Nexus Series Switches Open Agent Container Code Execution Vulnerability

A vulnerability in the Open Agent Container OAC feature of Cisco Nexus Series Switches could allow an unauthenticated, local attacker to read and send packets outside the scope of the OAC. The vulnerability is due to insufficient internal security measures in the OAC feature. An attacker could...

6.8CVSS6.5AI score0.00382EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.25 views

Cisco WebEx Network Recording Player Denial of Service Vulnerability

A vulnerability in Cisco WebEx Network Recording Player for WebEx Recording Format WRF files could allow an attacker to cause a denial of service DoS condition. An attacker could exploit this vulnerability by providing a user with a malicious WRF file via email or URL and convincing the user to...

4.3CVSS4.8AI score0.01009EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.41 views

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

5.4CVSS5.3AI score0.00891EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.34 views

Cisco Secure Access Control System Information Disclosure Vulnerability

A vulnerability in the web-based interface of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to view sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect system software version...

5.3CVSS5.1AI score0.02247EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.24 views

Cisco NX-OS System Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...

5.7CVSS6.3AI score0.007EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.35 views

Multiple Vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players

Multiple vulnerabilities exist in Cisco WebEx Network Recording Player for Advanced Recording Format ARF and WebEx Recording Format WRF files. A remote attacker could exploit these vulnerabilities by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to...

9.6CVSS9.7AI score0.0298EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.43 views

Cisco Multilayer Director, Nexus 7000 Series, and Nexus 7700 Series Switches Bash Shell Unauthorized Access Vulnerability

A vulnerability in Cisco NX-OS System Software running on Cisco MDS Multilayer Director Switches, Cisco Nexus 7000 Series Switches, and Cisco Nexus 7700 Series Switches could allow an authenticated, local attacker to access the Bash shell of an affected device's operating system, even if the Bash...

4.2CVSS4.4AI score0.00338EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.40 views

Cisco WebEx Network Recording Player Buffer Overflow Vulnerability

A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format .arf files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malicious .arf file via email or URL and convincing the user to...

6.5CVSS7.2AI score0.01674EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.39 views

Cisco Meeting Server Denial of Service Vulnerability

A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could allow an authenticated, remote attacker to cause the system to reload, resulting in a denial of service DoS condition. The vulnerability is due to video calls being made on systems with a particular configuration. An attacker...

4.3CVSS6.4AI score0.02348EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.35 views

Cisco Prime Service Catalog SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language SQL queries. The vulnerability is due to a failure to validate user-supplied input that is used in SQL queries. An attacker could...

6.5CVSS6.7AI score0.01301EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.35 views

Multiple Vulnerabilities in Cisco UCS Central Software

Multiple vulnerabilities in the web-based management interface of Cisco UCS Central Software could allow a remote attacker to conduct a cross-site scripting XSS attack against a user of the affected interface or hijack a valid session ID from a user of the affected interface. For more information...

5.4CVSS5.4AI score0.00891EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.38 views

Cisco Email Security Appliance Header Bypass Vulnerability

A vulnerability in the Simple Mail Transfer Protocol SMTP header filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper handling...

5.8CVSS5.6AI score0.01638EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.42 views

Cisco Jabber Clients Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient...

5.4CVSS5.2AI score0.00642EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.36 views

Cisco NX-OS System Software Patch Installation Arbitrary File Write Vulnerability

A vulnerability in Cisco NX-OS System Software patch installation could allow an authenticated, local attacker to write a file to arbitrary locations. The vulnerability is due to insufficient restrictions in the patch installation process. An attacker could exploit this vulnerability by installin...

4.4CVSS4.6AI score0.00325EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.39 views

Cisco IOS XR Software Local Packet Transport Services Denial of Service Vulnerability

A vulnerability in the Local Packet Transport Services LPTS ingress frame-processing functionality of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause one of the LPTS processes on an affected system to restart unexpectedly, resulting in a brief denial of service DoS...

5.3CVSS5.5AI score0.03069EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.39 views

Cisco Jabber Clients Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is du...

6.1CVSS5.9AI score0.0122EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.28 views

Cisco Nexus Series Switches CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments to the CLI parser. An attacker could exploit this vulnerability by injecting...

6.3CVSS6.9AI score0.01102EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/29 4:0 p.m.28 views

Cisco NX-OS System Software CLI Command Injection Vulnerability

A vulnerability in the CLI of Cisco NX-OS System Software could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command...

6.3CVSS7AI score0.00935EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.48 views

Cisco Firepower System Software Server Message Block Version 2 File Policy Bypass Vulnerability

A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 SMB2 protocol. The vulnerability is due to the incorrect detection of an SMB2 file when...

5.8CVSS5.6AI score0.01604EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.31 views

Cisco RF Gateway 1 TCP Connection Denial of Service Vulnerability

A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video SDV or video on demand VoD streams, resulting in a denial of service DoS condition. The vulnerability is due ...

5.8CVSS7.6AI score0.01589EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.51 views

Cisco IP Phone 8800 Series Command Injection Vulnerability in Debug Shell

A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting...

6.7CVSS6.8AI score0.00839EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.42 views

Cisco Web Security Appliance Advanced Malware Protection File Bypass Vulnerability

A vulnerability in the Advanced Malware Protection AMP file filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to bypass a configured AMP file filtering rule. The file types affected are zipped or archived file types. T...

5.3CVSS5.3AI score0.01638EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.46 views

Cisco HyperFlex System Authenticated Information Disclosure Vulnerability

A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative use...

6CVSS5.7AI score0.00326EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.44 views

Cisco FindIT Discovery Utility Insecure Library Loading Vulnerability

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity. The vulnerability is due to the application loading a...

4.8CVSS7.3AI score0.00356EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.41 views

Cisco Immunet Antimalware Installer DLL Preloading Vulnerability

An untrusted search path vulnerability in the Cisco Immunet antimalware installer could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafted DLL has...

4.2CVSS6.8AI score0.00536EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.42 views

Cisco Network Academy Packet Tracer DLL Preload Vulnerability

An untrusted search path vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes the installer in the current working directory where a crafte...

4.2CVSS6.8AI score0.00536EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.40 views

Cisco Unified Communications Manager SQL Injection Vulnerability

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries. The vulnerability is due to a lack of input validation on user-supplied input in SQL...

4.3CVSS5AI score0.0113EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.61 views

Cisco Registered Envelope Service Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient...

6.1CVSS6.3AI score0.00868EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.45 views

Cisco Meeting Server H.264 Decoding Denial of Service Vulnerability

A vulnerability in the H.264 decoder function of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a Cisco Meeting Server media process to restart unexpectedly when it receives an illegal H.264 frame. The vulnerability is triggered by an H.264 frame that has an invalid...

5.8CVSS5.8AI score0.02197EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.66 views

Cisco Voice Operating System-Based Products Unauthorized Access Vulnerability

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade or Prim...

9.8CVSS9.6AI score0.06435EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.63 views

Cisco Identity Services Engine Guest Portal Login Limit Bypass Vulnerability

A vulnerability in the Guest Portal login page of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insufficient server-side login attempt limit...

5.3CVSS7.7AI score0.02033EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.43 views

Cisco Spark Board Upgrade Signature Verification Bypass Vulnerability

A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local attacker to install an unverified upgrade package. The vulnerability is due to insufficient upgrade package validation. An attacker could exploit this vulnerability by providing the upgrade process wit...

4.4CVSS4.5AI score0.00193EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.44 views

Cisco Firepower 4100 and 9300 Security Appliance Local Management Filtering Bypass Vulnerability

A vulnerability in the process for creating default IP blocks during device initialization for Cisco Firepower 4100 Series and Firepower 9300 Security Appliances running Cisco FXOS Software could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device,...

5.3CVSS5.3AI score0.01163EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.49 views

Cisco Email Security Appliance and Content Security Management Appliance HTTP Response Splitting Vulnerability

A vulnerability in the Cisco Email Security Appliance ESA and Content Security Management Appliance SMA software could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly...

5.3CVSS5.2AI score0.01656EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.49 views

Cisco Umbrella Insights Virtual Appliance Static Credentials Vulnerability

A vulnerability in Cisco Umbrella Insights Virtual Appliances could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user credentials for an affected virtual appliance. An attacker...

6.7CVSS8.1AI score0.00349EPSS
Exploits1References1
Cisco
Cisco
added 2017/11/15 4:0 p.m.41 views

Cisco IOS and IOS XE Software IOS daemon Cross-Site Scripting Vulnerability

A vulnerability in the IOS daemon IOSd web-based management interface of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface on an affected device. The vulnerability is due ...

6.1CVSS6.1AI score0.0122EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/03 4:0 p.m.53 views

Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol BGP over an Ethernet Virtual Private Network EVPN for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service DoS condition, or potentially corrupt the BGP routing table,...

6.8CVSS0.5AI score0.05367EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.45 views

Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the restricted shell of the Cisco Identity Services Engine ISE that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user input for CLI...

7.8CVSS7.8AI score0.00322EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.50 views

Cisco Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability

A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries. The attacker could re...

8.1CVSS8.2AI score0.0142EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.43 views

Cisco Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability

A vulnerability in 802.11 association request frame processing for the Cisco Aironet 1560, 2800, and 3800 Series Access Points could allow an unauthenticated, Layer 2 radio frequency RF adjacent attacker to cause the Access Point AP to reload, resulting in a denial of service DoS condition. The...

7.4CVSS6.5AI score0.0087EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.40 views

Cisco WebEx Meetings Server Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...

5.4CVSS5.4AI score0.00891EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.41 views

Cisco WebEx Meetings Server Information Disclosure Vulnerability

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the HTTP header...

5.3CVSS5.4AI score0.01702EPSS
Exploits0References1
Cisco
Cisco
added 2017/11/01 4:0 p.m.45 views

Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability

A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is...

8.8CVSS8.8AI score0.00781EPSS
Exploits0References1
Total number of security vulnerabilities5224