Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search Last 3 Months
There are 5,580 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2021-1271

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface.

Published: January 20, 2021; 3:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1270

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.

Published: January 20, 2021; 3:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1269

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.

Published: January 20, 2021; 3:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1265

A vulnerability in the configuration archive functionality of Cisco DNA Center could allow any privilege-level authenticated, remote attacker to obtain the full unmasked running configuration of managed devices. The vulnerability is due to the configuration archives files being stored in clear text, which can be retrieved by various API calls. An attacker could exploit this vulnerability by authenticating to the device and executing a series of API calls. A successful exploit could allow the attacker to retrieve the full unmasked running configurations of managed devices.

Published: January 20, 2021; 3:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1264

A vulnerability in the Command Runner tool of Cisco DNA Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to insufficient input validation by the Command Runner tool. An attacker could exploit this vulnerability by providing crafted input during command execution or via a crafted command runner API call. A successful exploit could allow the attacker to execute arbitrary CLI commands on devices managed by Cisco DNA Center.

Published: January 20, 2021; 3:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1263

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.

Published: January 20, 2021; 3:15:15 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1262

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.

Published: January 20, 2021; 3:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1261

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.

Published: January 20, 2021; 3:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1260

Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.

Published: January 20, 2021; 3:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1259

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain write access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to write arbitrary files on the affected system.

Published: January 20, 2021; 3:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1257

A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands.

Published: January 20, 2021; 3:15:14 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1255

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.

Published: January 20, 2021; 3:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1253

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.

Published: January 20, 2021; 3:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1133

Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these vulnerabilities, see the Details section of this advisory.

Published: January 20, 2021; 3:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-1129

A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to access general system information and certain configuration information from an affected device. The vulnerability exists because a secure authentication token is not required when authenticating to the general purpose API. An attacker could exploit this vulnerability by sending a crafted request for information to the general purpose API on an affected device. A successful exploit could allow the attacker to obtain system and configuration information from the affected device, resulting in an unauthorized information disclosure.

Published: January 20, 2021; 3:15:13 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-27859

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ESMPRO Manager 6.42. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetEuaLogDownloadAction class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-9607.

Published: January 20, 2021; 3:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-27858

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CA Arcserve D2D 16.5. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getNews method. Due to the improper restriction of XML External Entity (XXE) references, a specially-crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of SYSTEM. Was ZDI-CAN-11103.

Published: January 20, 2021; 3:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-6024

Check Point SmartConsole before R80.20 Build 119, R80.30 before Build 94, R80.40 before Build 415, and R81 before Build 548 were vulnerable to a possible local privilege escalation due to running executables from a directory with write access to all authenticated users.

Published: January 20, 2021; 2:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2021-21269

Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more files than allowed. This is fixed in version 0.2.0.

Published: January 20, 2021; 1:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-28483

This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.

Published: January 20, 2021; 1:15:12 PM -0500
V3.1: 7.1 HIGH
V2.0:(not available)