9 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2019-15997
CVE-2019-15997 affects Cisco DNA Spaces: Connector. The advisory and multiple sources describe a local command-injection vulnerability caused by insufficient validation of CLI command arguments. An authenticated, local attacker could supply malicious input during command execution and gain arbitr...
CVE-2021-1559
CVE-2021-1559 describes multiple command-injection vulnerabilities in Cisco DNA Spaces Connector. The root cause, per sources, is insufficient input sanitization during command execution, enabling an authenticated, remote attacker to run arbitrary OS commands as root inside the Connector Docker c...
CVE-2019-15996
CVE-2019-15996 : Cisco DNA Spaces: Connector contains a local privilege-escalation vulnerability. An authenticated, local attacker can exploit insufficient restrictions when executing an affected CLI command to elevate privileges and run arbitrary commands as root, potentially modifying sensitive...
CVE-2021-1560
CVE-2021-1560 describes command injection vulnerabilities in Cisco DNA Spaces Connector due to insufficient input sanitization during command execution. An authenticated, remote attacker could inject crafted input to run arbitrary commands as root inside the Connector docker container, as stated ...
CVE-2021-1557
Cisco DNA Spaces Connector contains OS command injection and privilege-escalation vulnerabilities for versions prior to 2.3.1. An authenticated, local attacker could exploit insufficient restrictions during execution of CLI commands to elevate privileges to root and execute arbitrary commands on ...
CVE-2019-15995
Cisco DNA Spaces: Connector is affected by a SQL injection in the web UI. The vulnerability allows an authenticated, remote attacker to execute arbitrary SQL queries due to improper input validation, potentially removing the SQL database and forcing a Connector VM reinstallation. Multiple sources...
CVE-2021-1558
Cisco DNA Spaces Connector contains privilege-escalation and OS command-injection vulnerabilities. The root cause is insufficient restrictions during the execution of affected CLI commands, allowing an authenticated local attacker (from the dnasadmin context) to elevate privileges to root and exe...
CVE-2020-3586
Cisco DNA Spaces Connector exposes a vulnerability in its web-based management interface that allows unauthenticated remote command execution due to insufficient input validation. A crafted HTTP request can run arbitrary OS commands with the web app’s privileges, potentially impacting integrity a...