Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-6032

Summary
Assigner-certcc
Assigner Org ID-37e5125f-f79b-445b-8fad-9564f167944b
Published At-04 Feb, 2014 | 02:00
Updated At-06 Aug, 2024 | 17:29
Rejected At-
Credits

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:certcc
Assigner Org ID:37e5125f-f79b-445b-8fad-9564f167944b
Published At:04 Feb, 2014 | 02:00
Updated At:06 Aug, 2024 | 17:29
Rejected At:
▼CVE Numbering Authority (CNA)

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.kb.cert.org/vuls/id/108062
third-party-advisory
x_refsource_CERT-VN
http://support.lexmark.com/index?page=content&id=TE586
x_refsource_CONFIRM
Hyperlink: http://www.kb.cert.org/vuls/id/108062
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://support.lexmark.com/index?page=content&id=TE586
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.kb.cert.org/vuls/id/108062
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://support.lexmark.com/index?page=content&id=TE586
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/108062
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://support.lexmark.com/index?page=content&id=TE586
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cret@cert.org
Published At:04 Feb, 2014 | 05:39
Updated At:11 Apr, 2025 | 00:51

cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x before LC.BR.P142, X85x through LC4.BE.P487, X644 and X646 before LC2.MC.P374, X642 through LC2.MB.P318, W840 through LS.HA.P252, T64x before LS.ST.P344, X64xef through LC2.TI.P325, C935dn through LC.JO.P091, C920 through LS.TA.P152, C78x through LC.IO.P187, X78x through LC2.IO.P335, C77x through LC.CM.P052, X772 through LC2.TR.P291, C53x through LS.SW.P069, C52x through LS.FA.P150, 25xxN through LCL.CU.P114, N4000 through LC.MD.P119, N4050e through GO.GO.N206, N70xxe through LC.CO.N309, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allows remote attackers to remove the Password Protect administrative password via the vac.255.GENPASSWORD parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Lexmark International, Inc.
lexmark
>>25xxn>>Versions up to lcl.cu.p114(inclusive)
cpe:2.3:h:lexmark:25xxn:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>c52x>>Versions up to ls.fa.p150(inclusive)
cpe:2.3:h:lexmark:c52x:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>c53x>>Versions up to ls.sw.p069(inclusive)
cpe:2.3:h:lexmark:c53x:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>c77x>>Versions up to lc.cm.p052(inclusive)
cpe:2.3:h:lexmark:c77x:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>c78x>>Versions up to lc.io.p187(inclusive)
cpe:2.3:h:lexmark:c78x:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>c920>>Versions up to ls.ta.p152(inclusive)
cpe:2.3:h:lexmark:c920:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>c935dn>>Versions up to lc.jo.p091(inclusive)
cpe:2.3:h:lexmark:c935dn:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>e250>>Versions up to le.pm.p126(inclusive)
cpe:2.3:h:lexmark:e250:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>e350>>Versions up to le.ph.p129(inclusive)
cpe:2.3:h:lexmark:e350:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>e450>>Versions up to lm.sz.p124(inclusive)
cpe:2.3:h:lexmark:e450:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>n4000>>Versions up to lc.md.p119(inclusive)
cpe:2.3:h:lexmark:n4000:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>n4050e>>Versions up to go.go.n206(inclusive)
cpe:2.3:h:lexmark:n4050e:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>n70xxe>>Versions up to lc.co.n309(inclusive)
cpe:2.3:h:lexmark:n70xxe:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>t64x>>Versions up to ls.st.p343(inclusive)
cpe:2.3:h:lexmark:t64x:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>w840>>Versions up to ls.ha.p252(inclusive)
cpe:2.3:h:lexmark:w840:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x642>>Versions up to lc2.mb.p318(inclusive)
cpe:2.3:h:lexmark:x642:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x644>>Versions up to lc4.be.p487(inclusive)
cpe:2.3:h:lexmark:x644:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x646>>Versions up to lc2.mc.p373(inclusive)
cpe:2.3:h:lexmark:x646:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x64xef>>Versions up to lc2.ti.p325(inclusive)
cpe:2.3:h:lexmark:x64xef:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x772>>Versions up to lc2.tr.p291(inclusive)
cpe:2.3:h:lexmark:x772:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x78x>>Versions up to lc2.io.p335(inclusive)
cpe:2.3:h:lexmark:x78x:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x85x>>Versions up to lc4.be.p487(inclusive)
cpe:2.3:h:lexmark:x85x:*:*:*:*:*:*:*:*
Lexmark International, Inc.
lexmark
>>x94x>>Versions up to lc.br.p141(inclusive)
cpe:2.3:h:lexmark:x94x:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://support.lexmark.com/index?page=content&id=TE586cret@cert.org
N/A
http://www.kb.cert.org/vuls/id/108062cret@cert.org
US Government Resource
http://support.lexmark.com/index?page=content&id=TE586af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/108062af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Hyperlink: http://support.lexmark.com/index?page=content&id=TE586
Source: cret@cert.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/108062
Source: cret@cert.org
Resource:
US Government Resource
Hyperlink: http://support.lexmark.com/index?page=content&id=TE586
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/108062
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource

Change History

0
Information is not available yet

Similar CVEs

377Records found
CVE-2010-2193
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.10% / 94.20%
||
7 Day CHG~0.00%
Published-10 Jun, 2010 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aCA Technologies (Broadcom Inc.)
Product-psformx_active_x_controlwebscan_active_x_controln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5816
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-89.95% / 99.56%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2018-11808
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-4.23% / 88.53%
||
7 Day CHG~0.00%
Published-06 Jun, 2018 | 03:00
Updated-05 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect Access Control in CustomFieldsFeedServlet in Zoho ManageEngine Applications Manager Version 13 before build 13740 allows an attacker to delete any file and read certain files on the server in the context of the user (which by default is "NT AUTHORITY / SYSTEM") by sending a specially crafted request to the server.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_applications_managern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-11287
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.24%
||
7 Day CHG~0.00%
Published-20 Sep, 2018 | 13:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm636_firmwaresdm632_firmwaremsm8996au_firmwaresd430sd625_firmwaresdm632sd650_firmwaresdm660sdm439mdm9607_firmwaresdm630mdm9650sdm429sd425_firmwaresd205msm8909w_firmwaremdm9607msm8996ausd205_firmwaresd820a_firmwaresdm710sdm710_firmwaresd652_firmwaresd425sd652sd210_firmwaresd427_firmwaresd625mdm9206sd435sd212_firmwaresd835_firmwaresd435_firmwaresdm439_firmwaresdm636sd427sd212sdm630_firmwaresd820_firmwaresda660_firmwaresd845_firmwaremdm9206_firmwaresd430_firmwaresd450_firmwaresd845sd210sdm429_firmwaremdm9650_firmwaresd820sda660sd835sd650sd820asd850_firmwaremsm8909wsd450sdm660_firmwaresd850Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-20
Improper Input Validation
CVE-2021-32974
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 74.37%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-16 Apr, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moxa NPort IAW5000A-I/O Series Serial Device Server Improper Input Validation

Improper input validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier may allow a remote attacker to execute commands.

Action-Not Available
Vendor-Moxa Inc.
Product-nport_iaw5150a-12i\/o_firmwarenport_iaw5250a-6i\/onport_iaw5150a-6i\/o_firmwarenport_iaw5150a-6i\/onport_iaw5250a-6i\/o_firmwarenport_iaw5250a-12i\/onport_iaw5150a-12i\/onport_iaw5250a-12i\/o_firmwareNPort IAW5000A-I/O series firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-33527
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-9.8||CRITICAL
EPSS-6.38% / 90.80%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 10:24
Updated-16 Sep, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OS Command Injection in mbDIALUP <= 3.9R0.0

In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code execution with the privileges of the service.

Action-Not Available
Vendor-mbconnectlineMB connect line
Product-mbdialupmbDIALUP
CWE ID-CWE-20
Improper Input Validation
CVE-2010-3491
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-6.03% / 90.52%
||
7 Day CHG~0.00%
Published-26 Oct, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-activematrix_service_performance_manageractivematrix_businessworks_service_engineactivematrix_service_gridactivematrix_service_busn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-26624
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-7.8||HIGH
EPSS-2.08% / 83.69%
||
7 Day CHG~0.00%
Published-01 Apr, 2022 | 22:17
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
eScan Anti-Virus Local privilege escalation Vulnerability

An local privilege escalation vulnerability due to a "runasroot" command in eScan Anti-Virus. This vulnerability is due to invalid arguments and insufficient execution conditions related to "runasroot" command. This vulnerability can induce remote attackers to exploit root privileges by manipulating parameter values.

Action-Not Available
Vendor-escanavMicroWorld Technologies Inc.
Product-escan_anti-viruseScan Anti-Virus for Linux
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0147
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.02% / 88.23%
||
7 Day CHG+1.02%
Published-08 Mar, 2018 | 07:00
Updated-14 Jan, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) prior to release 5.8 patch 9 could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Cisco Bug IDs: CSCvh25988.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_systemCisco Secure Access Control SystemSecure Access Control System (ACS)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2021-26606
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.87%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 14:08
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DreamSecurity MagicLine Buffer Overflow Vulnerability

A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successful exploit could allow the attacker to remotely execute arbitrary code on a target system.

Action-Not Available
Vendor-dreamsecurityDream Security Co.,LtdMicrosoft Corporation
Product-windowsmagicline4nx.exeMagicLine4NX.exe
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-0349
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.18% / 78.45%
||
7 Day CHG~0.00%
Published-18 Jul, 2018 | 23:00
Updated-29 Nov, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the request admin-tech command in the CLI of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying operating system of an affected device and escalate their privileges to the root user. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vEdge 100 Series Routers, vEdge 1000 Series Routers, vEdge 2000 Series Routers, vEdge 5000 Series Routers, vEdge Cloud Router Platform, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69852, CSCvi69856.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-vbond_orchestratorvedge_100mvedge-plusvedge-5000vsmart_controllervedge_100b_firmwarevedge_100wm_firmwarevedge-2000vmanage_network_managementvedge-100vedge_100bvedge-100_firmwarevedge-2000_firmwarevedge-provedge_100m_firmwarevedge-1000_firmwarevedge-5000_firmwarevedge-1000vedge_100wmCisco SD-WAN Solution unknown
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-26622
Matching Score-4
Assigner-KrCERT/CC
ShareView Details
Matching Score-4
Assigner-KrCERT/CC
CVSS Score-9.6||CRITICAL
EPSS-2.27% / 84.36%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 18:02
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Genian NAC remote code execution vulnerability

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability.

Action-Not Available
Vendor-geniansGenians Co., LtdMicrosoft Corporation
Product-windowsgenian_nacGenian NAC Suite V4.0Genian NAC V5.0 & Genian NAC Suite V5.0
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2018-0301
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.35% / 79.83%
||
7 Day CHG~0.00%
Published-20 Jun, 2018 | 21:00
Updated-29 Nov, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the NX-API subsystem. An attacker could exploit this vulnerability by sending a crafted HTTP or HTTPS packet to the management interface of an affected system with the NX-API feature enabled. An exploit could allow the attacker to execute arbitrary code as root. Note: NX-API is disabled by default. This vulnerability affects: MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules. Cisco Bug IDs: CSCvd45804, CSCve02322, CSCve02412.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nexus_56128pnexus_9332pqnexus_3132q-xnexus_93108tc-exnexus_3172tqnx-osnexus_9508nexus_3100-vnexus_3636c-rnexus_93120txnexus_n9k-x9636c-rnexus_93128txnexus_3548-xlnexus_31128pqnexus_6001pnexus_3164qnexus_5020nexus_3172tq-32tnexus_3132c-znexus_3524-xnexus_5548pnexus_5648qmds_9000nexus_9272qnexus_5672upnexus_3264qnexus_34180ycnexus_3064-32tnexus_5596upnexus_3548nexus_3132qnexus_3016nexus_9372pxnexus_5696qnexus_92304qcnexus_92160yc-xnexus_n9k-x9636q-rnexus_n9k-c9508-fm-rnexus_9504nexus_3048nexus_9500nexus_3524-xlnexus_9396txnexus_7000nexus_3172pqnexus_3064-xnexus_3232cnexus_5548upnexus_9396pxnexus_5010nexus_5000nexus_5596tnexus_3264c-enexus_9372txnexus_5624qnexus_3548-xnexus_3132q-xlnexus_3064-tnexus_93180yc-exnexus_6001tnexus_172tq-xlnexus_c36180yc-rnexus_9236cnexus_9516nexus_3172pq-xlnexus_7700Cisco NX-OS unknown
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-21985
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-9.8||CRITICAL
EPSS-94.41% / 99.98%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 14:04
Updated-30 Oct, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)
Product-vcenter_servercloud_foundationVMware vCenter Server and VMware Cloud FoundationvCenter Server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-470
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2018-0253
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.29% / 88.61%
||
7 Day CHG~0.00%
Published-02 May, 2018 | 22:00
Updated-29 Nov, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the ACS Report component of Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is due to insufficient validation of the Action Message Format (AMF) protocol. An attacker could exploit this vulnerability by sending a crafted AMF message that contains malicious code to a targeted user. A successful exploit could allow the attacker to execute arbitrary commands on the ACS device. This vulnerability affects all releases of Cisco Secure ACS prior to Release 5.8 Patch 7. Cisco Bug IDs: CSCve69037.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-secure_access_control_systemCisco Secure Access Control System
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1965
Matching Score-4
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-4
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-27.45% / 96.30%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 05:31
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwarewcn3991_firmwarewsa8830sd678qcn9070sa6150p_firmwaresa8145p_firmwareipq4028_firmwareqcn5550ar9380ipq8173_firmwareqcn5124qca4024_firmwareqcn9072qca9880_firmwareqca9992wcn3950_firmwareipq8078aipq5028_firmwaresa8150p_firmwareqca6420_firmwareqca6595au_firmwareqca6390_firmwareipq6000sd730_firmwarewcd9370sd_675_firmwaresd675_firmwareqcn5152_firmwareqca6426qcn9000_firmwareqca9984_firmwareipq5018wcn3998wcd9385_firmwaresdxr2_5g_firmwarewcn3950ipq8076aqcn6024_firmwaresd720gipq8074aqcn5124_firmwaresm7315_firmwareqca6574au_firmwareqcn5122_firmwareqcn5164_firmwaresdx55_firmwareqca6595auqca8081_firmwareqcn6023_firmwarewcd9375_firmwarewcn3998_firmwareqca6420qca6436_firmwareipq5010sd778gipq8070_firmwaresa6155p_firmwareipq8065ipq8078a_firmwareipq8174qca9990ipq5028qca7500ipq4029_firmwareqcn5052sdxr2_5gipq6010ipq8068wcn3988_firmwareqca6430qcn9074sa6145p_firmwaresm6250sd778g_firmwaresa8195pwsa8810_firmwareqca6436wcn6851sa6155pqca8081ipq8071aqcn6023ipq8071a_firmwarewcd9385qca9888_firmwareqcn6122ipq8068_firmwarewcd9341qca6696_firmwaresd870_firmwareqcn5154_firmwareqca6390csr8811qca9898_firmwareaqt1000ipq4019sa8150psm6250_firmwarewcd9375qcn9100_firmwarewcn3910_firmwarewsa8830_firmwareqca9992_firmwaresd855_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwaresd888_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqcn5121qca9898qcn5022_firmwarewcn6750_firmwareipq4028qca8072ipq5018_firmwareqca9985_firmwarewcn3991ipq4018_firmwarewcd9380_firmwareqcn9000ipq8072aqca7500_firmwareqca9980_firmwaresd_675sd780gipq8076a_firmwaresd865_5gar9380_firmwareipq8078sdx55m_firmwareipq8173wcn6856_firmwareqcn9012sd888qcn5164qcn6122_firmwareipq8065_firmwarewsa8835csr8811_firmwarewcd9380sd888_5gqcn5054_firmwareqcn5154qca8075_firmwareipq4019_firmwareipq4018ipq6005_firmwareqca6574aqcn5024sdx50m_firmwareqca9889wcn6855_firmwaresm7325pqca9888qca8072_firmwareqca9985qca6430_firmwareqca9994_firmwareqcn5052_firmwareqcn9012_firmwareipq8070a_firmwarewcn3980wcn6750ipq6018_firmwareipq8076_firmwareqca9886sd855wsa8815sm7325p_firmwarewcn6850pmp8074_firmwarewcn3910ipq8076qca6426_firmwareqca6574a_firmwareqca9984ipq6028ipq8064qcn5021pmp8074qcn5152qcn9024wcn3980_firmwaresm7315qcn5550_firmwareqca6391sd730sdx55mipq8064_firmwareipq6005aqt1000_firmwarewcn6740_firmwareqcn9100sd678_firmwaresdx50mipq8078_firmwareqcn5054qcn9070_firmwarewcn6851_firmwareipq8070ipq6028_firmwareipq8072a_firmwareqca9994qca6574auqca9889_firmwaresa8155p_firmwaresdx55qca9980qcn5122qcn9024_firmwareipq8174_firmwareqca9880wcd9341_firmwarewsa8810sd870qcn5121_firmwarewcn6855wcn6856ipq6018qcn5022sa6145pqca9886_firmwareipq6010_firmwaresa8145pwcn6740qca6696qca6391_firmwareqca4024sd780g_firmwarewcd9370_firmwaresa6150psd888_firmwareqca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022sa8155pqca9990_firmwareipq8070asd675qcn9072_firmwareipq6000_firmwaresd720g_firmwareqcn9074_firmwareipq4029Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-9811
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-24.67% / 96.01%
||
7 Day CHG~0.00%
Published-17 Jul, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.

Action-Not Available
Vendor-n/aKaspersky Lab
Product-anti-virus_for_linux_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2018-0125
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-39.59% / 97.21%
||
7 Day CHG~0.00%
Published-08 Feb, 2018 | 07:00
Updated-14 Jan, 2026 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to an incomplete input validation on user-controlled input in an HTTP request to the targeted device. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a DoS condition. This vulnerability is fixed in firmware version 1.0.1.11 for the following Cisco products: RV132W ADSL2+ Wireless-N VPN Router and RV134W VDSL2 Wireless-AC VPN Router. Cisco Bug IDs: CSCvg92737, CSCvh60170.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-rv134wrv132wrv132w_firmwarerv134w_firmwareCisco RV132W and RV134WVPN Routers
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1602
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.2||HIGH
EPSS-1.62% / 81.49%
||
7 Day CHG~0.00%
Published-04 Aug, 2021 | 17:20
Updated-07 Nov, 2024 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-small_business_rv260small_business_rv160small_business_rv260wsmall_business_rv_series_router_firmwaresmall_business_rv160wsmall_business_rv260pCisco Small Business RV Series Router Firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-20
Improper Input Validation
CVE-2021-1142
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.67% / 91.03%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 20:11
Updated-12 Nov, 2024 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-smart_software_manager_satelliteCisco Smart Software Manager On-Prem
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-1138
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-11.69% / 93.53%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 20:11
Updated-12 Nov, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-smart_software_manager_satelliteCisco Smart Software Manager On-Prem
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2018-0304
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.27% / 84.33%
||
7 Day CHG~0.00%
Published-20 Jun, 2018 | 21:00
Updated-29 Nov, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to read sensitive memory content, create a denial of service (DoS) condition, or execute arbitrary code as root. The vulnerability exists because the affected software insufficiently validates Cisco Fabric Services packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Fabric Services packet to an affected device. A successful exploit could allow the attacker to cause a buffer overflow or buffer overread condition in the Cisco Fabric Services component, which could allow the attacker to read sensitive memory content, create a DoS condition, or execute arbitrary code as root. This vulnerability affects the following if configured to use Cisco Fabric Services: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvd69951, CSCve02459, CSCve02461, CSCve02463, CSCve02474, CSCve04859.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-nexus_9000nexus_7000_firmwarefirepower_9000_firmwareunified_computing_systemnexus_5000_firmwarenexus_5000nexus_9000_firmwarenexus_7000unified_computing_system_firmwarefirepower_9000Cisco FXOS and NX-OS unknown
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1140
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-11.69% / 93.53%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 20:11
Updated-12 Nov, 2024 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Smart Software Manager Satellite Web UI Command Injection Vulnerabilities

Multiple vulnerabilities in the web UI of Cisco Smart Software Manager Satellite could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-smart_software_manager_satelliteCisco Smart Software Manager On-Prem
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-8981
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-12.22% / 93.68%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0506 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8975
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-51.06% / 97.80%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-moonshot_provisioning_manager_applianceMoonshot Provisioning Manager Appliance
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-14.68% / 94.33%
||
7 Day CHG~0.00%
Published-02 Aug, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via a crafted domain name.

Action-Not Available
Vendor-n/aPalo Alto Networks, Inc.
Product-pan-osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8976
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-51.06% / 97.80%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance version v1.20 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-moonshot_provisioning_manager_applianceMoonshot Provisioning Manager Appliance
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8957
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-51.06% / 97.80%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8956
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-12.22% / 93.68%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2020-6963
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.21% / 42.84%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 16:31
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code.

Action-Not Available
Vendor-gehealthcaren/a
Product-carescape_central_station_mai700_firmwarecarescape_central_station_mas700carescape_central_station_mai700clinical_information_center_mp100dapexpro_telemetry_serverclinical_information_center_mp100rclinical_information_center_mp100d_firmwareclinical_information_center_mp100r_firmwarecarescape_telemetry_server_mp100r_firmwarecarescape_telemetry_server_mp100rcarescape_central_station_mas700_firmwareapexpro_telemetry_server_firmwareGE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-20
Improper Input Validation
CVE-2020-6962
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.19% / 41.02%
||
7 Day CHG~0.00%
Published-24 Jan, 2020 | 16:07
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution.

Action-Not Available
Vendor-gehealthcaren/a
Product-carescape_central_station_mas700clinical_information_center_mp100dclinical_information_center_mp100d_firmwarecarescape_telemetry_server_mp100r_firmwarecarescape_b850_monitor_firmwarecarescape_telemetry_server_mp100rcarescape_central_station_mas700_firmwarecarescape_b450_monitorcarescape_b650_monitorapexpro_telemetry_server_firmwarecarescape_central_station_mai700_firmwarecarescape_central_station_mai700apexpro_telemetry_serverclinical_information_center_mp100rclinical_information_center_mp100r_firmwarecarescape_b450_monitor_firmwarecarescape_b650_monitor_firmwarecarescape_b850_monitorGE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center,CARESCAPE B450,B650,B850 Monitors
CWE ID-CWE-20
Improper Input Validation
CVE-2017-9034
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.58% / 90.10%
||
7 Day CHG~0.00%
Published-25 May, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to write to arbitrary files and consequently execute arbitrary code with root privileges by leveraging failure to validate software updates.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8954
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-51.06% / 97.80%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2009-1783
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.36% / 57.89%
||
7 Day CHG~0.00%
Published-22 May, 2009 | 20:00
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.

Action-Not Available
Vendor-f-protn/a
Product-f-prot_avesf-prot_antivirusf-prot_miltern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7213
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||CRITICAL
EPSS-10.41% / 93.07%
||
7 Day CHG~0.00%
Published-15 May, 2017 | 10:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops via unspecified vectors.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_desktop_centraln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6667
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.13% / 86.59%
||
7 Day CHG-0.22%
Published-13 Jun, 2017 | 06:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the update process for the dynamic JAR file of the Cisco Context Service software development kit (SDK) could allow an unauthenticated, remote attacker to execute arbitrary code on the affected device with the privileges of the web server. More Information: CSCvb66730. Known Affected Releases: 2.0.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-context_service_development_kitCisco Context Service SDK
CWE ID-CWE-20
Improper Input Validation
CVE-2017-6315
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.43% / 92.63%
||
7 Day CHG~0.00%
Published-19 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-astaro_security_gateway_firmwareastaro_security_gatewayn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5817
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-82.55% / 99.20%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5805
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-55.43% / 98.01%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 03:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.2 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5819
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-51.06% / 97.80%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-17 Sep, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5815
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-9.8||CRITICAL
EPSS-58.57% / 98.16%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 22:00
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.

Action-Not Available
Vendor-HP Inc.Hewlett Packard Enterprise (HPE)
Product-intelligent_management_centerIntelligent Management Center (iMC) PLAT
CWE ID-CWE-20
Improper Input Validation
CVE-2017-4997
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-5.22% / 89.72%
||
7 Day CHG~0.00%
Published-29 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an unauthenticated remote code execution vulnerability that could potentially be exploited by malicious users to compromise the affected system.

Action-Not Available
Vendor-n/aDell Inc.
Product-emc_vasa_provider_virtual_applianceVASA Provider Virtual Appliance versions 8.3.x and prior
CWE ID-CWE-20
Improper Input Validation
CVE-2009-0311
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-10.29% / 93.02%
||
7 Day CHG~0.00%
Published-27 Jan, 2009 | 22:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer.

Action-Not Available
Vendor-n/aELAN Microelectronics Corporation
Product-autostartn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3792
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.86% / 82.74%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-telepresence_mcu_softwaretelepresence_mcu_5310telepresence_mcu_4510telepresence_mcu_4520telepresence_mcu_4505telepresence_mcu_4515telepresence_mcu_5320telepresence_mcu_mse_8510Cisco TelePresence Multipoint Control Unit (MCU) software version 4.3(1.68) or later configured for Passthrough content mode
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3881
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-94.28% / 99.93%
||
7 Day CHG~0.00%
Published-17 Mar, 2017 | 22:00
Updated-12 Jan, 2026 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-catalyst_3560cx-8tc-scatalyst_4948e_ethernet_switchcatalyst_2960xr-48lpd-icatalyst_2960x-24ts-lcatalyst_2975ie_2000-4ts_industrial_ethernet_switchcatalyst_2960l-8ts-llcatalyst_4900mcatalyst_3750_metro_24-acembedded_service_2020_24tc_ncp_bcatalyst_2960g-24tc-lie-3010-16s-8pc_industrial_ethernet_switchie-4000-8gt8gp4g-e_industrial_ethernet_switchcatalyst_2960cx-8tc-lcatalyst_2960cpd-8pt-lcatalyst_2960s-48ts-scatalyst_2960-48pst-scatalyst_2960-plus_48tc-lcatalyst_2960xr-48lps-icatalyst_3750-24pscatalyst_3560-24tscatalyst_3750x-48t-lcatalyst_2960x-48lpd-lme_4924-10gecatalyst_2960x-24ts-llenhanced_layer_2\/3_etherswitch_service_moduleie-4000-8s4g-e_industrial_ethernet_switchcatalyst_3560e-48pd-efcatalyst_3550_48_smicatalyst_3750g-24pscatalyst_2960xr-48fps-lcatalyst_2960-48tt-scatalyst_2960xr-48ts-icatalyst_3560v2-48pscatalyst_2960l-48ps-llcatalyst_2960s-24ps-lcatalyst_2960xr-24td-lcatalyst_3560e-12d-ecatalyst_2960xr-48td-lcatalyst_2918-24tc-ccatalyst_switch_module_3110catalyst_2960-48tt-lcatalyst_2350-48td-scatalyst_2960xr-24pd-lcatalyst_3750-48pscatalyst_2960s-f48lps-lcatalyst_2960l-16ts-llcatalyst_2960-24pc-scatalyst_2970g-24tscatalyst_3560x-48t-lcatalyst_2960c-8tc-lcatalyst_3560-8pccatalyst_2960xr-24ts-lcatalyst_3560e-24td-scatalyst_3750g-24tsembedded_service_2020_24tc_con_bembedded_service_2020_24tc_concatalyst_2960cpd-8tt-lcatalyst_2970g-24tcatalyst_3560x-48t-sie-4000-16gt4g-e_industrial_ethernet_switchgigabit_ethernet_switch_module_\(cgesm\)catalyst_3560e-48pd-scatalyst_2960-24lt-lcatalyst_3550_24_pwrcatalyst_3560e-24pd-ecatalyst_3750x-24u-eie_3000-4tc_industrial_ethernet_switchcatalyst_3560-48tscatalyst_3750x-48pf-eie-4000-4s8p4g-e_industrial_ethernet_switchcatalyst_3750x-48u-lcatalyst_3750e-48pd-sfcatalyst_2960x-24pd-lie-4000-4tc4g-e_industrial_ethernet_switchcatalyst_2960-plus_48pst-scatalyst_blade_switch_3020catalyst_3750v2-48pscatalyst_2960xr-48fps-icatalyst_4000_supervisor_engine_iie_2000-16tc-g-x_industrial_ethernet_switchcatalyst_3750e-48td-sie_2000-16t67p_industrial_ethernet_switchcatalyst_3560c-8pc-scatalyst_2960xr-24ts-icatalyst_3560-24pscatalyst_3750x-48t-ecatalyst_2960s-48lps-lcatalyst_2918-48tt-ccatalyst_3560-12pc-scatalyst_2960l-24ps-llcatalyst_3750x-48p-lcatalyst_2960xr-24ps-lcatalyst_2960xr-48fpd-icatalyst_blade_switch_3040catalyst_2960-24-scatalyst_2960s-24ts-lie_2000-8t67p_industrial_ethernet_switchcatalyst_4948_10_gigabit_ethernet_switchcatalyst_2960x-48fps-lcatalyst_2960x-24psq-lcatalyst_4500e_supervisor_engine_8-ecatalyst_2960x-24ps-lcatalyst_3560g-24tscatalyst_2960s-48td-lcatalyst_2960xr-24pd-icatalyst_3560x-24p-scatalyst_2960g-8tc-lcatalyst_3560x-48p-ecatalyst_3750g-16tdcatalyst_4500_supervisor_engine_6-ecatalyst_3560x-48u-scatalyst_3560v2-24pscatalyst_3550_12tie_2000-8tc_industrial_ethernet_switchcatalyst_2960c-8pc-lembedded_service_2020_ncp_bcatalyst_3560x-24u-ecatalyst_3750-24tsie-3010-24tc_industrial_ethernet_switchcatalyst_3750x-24s-scatalyst_2960x-48ts-lcatalyst_3750x-24t-scatalyst_3750x-48pf-lcatalyst_3750e-24pd-ecatalyst_2960s-f48fps-lcatalyst_3750e-24pd-sie-4000-4t4p4g-e_industrial_ethernet_switchcatalyst_2960cg-8tc-lcatalyst_switch_module_3110xie-4000-8gs4g-e_industrial_ethernet_switchcatalyst_2960s-24ts-scatalyst_2960l-24ts-llie_2000-16t67_industrial_ethernet_switchcatalyst_3560e-12sd-scatalyst_3560cx-12pc-scatalyst_2960s-48ts-lcatalyst_2960x-48lps-lcatalyst_2960s-48fps-lie-5000-16s12p_industrial_ethernet_switchcatalyst_2960c-12pc-lcatalyst_3560x-24t-scatalyst_3560cg-8pc-scatalyst_4500_supervisor_engine_vcatalyst_3750e-48pd-efcatalyst_3750v2-24pscatalyst_3750e-24td-scatalyst_3550_24_smicatalyst_4948e-f_ethernet_switchie_2000-16tc-g-e_industrial_ethernet_switchcatalyst_2960s-24td-lcatalyst_3560x-24u-lcatalyst_2960s-f48ts-scatalyst_4500_supervisor_engine_ivcatalyst_2960s-f24ts-lios_xecatalyst_3560x-48pf-scatalyst_3560e-24pd-scatalyst_2960-8tc-sie_2000-8tc-g_industrial_ethernet_switchcatalyst_2960-plus_24tc-scatalyst_3560x-48u-ecatalyst_3560x-48p-scatalyst_blade_switch_3120xcatalyst_3560e-48td-scatalyst_3750_metro_24-dccatalyst_2960-plus_24lc-lcatalyst_2960-plus_24pc-scatalyst_3560x-48t-ecatalyst_4928_10_gigabit_ethernet_switchcatalyst_3750e-48pd-ecatalyst_2960-24tc-lcatalyst_2960l-16ps-llcatalyst_2960pd-8tt-lcatalyst_3560cg-8tc-ssm-x_layer_2\/3_etherswitch_service_moduleie_2000-8tc-g-n_industrial_ethernet_switchcatalyst_2960-24pc-lcatalyst_2960-plus_48pst-lcatalyst_2960xr-24td-icatalyst_3750-24fscatalyst_3750g-24tcatalyst_4000_supervisor_engine_vcatalyst_3560x-48u-lie-5000-12s12p-10g_industrial_ethernet_switchcatalyst_3750x-24t-lie_2000-16tc-g-n_industrial_ethernet_switchcatalyst_3560x-24p-lcatalyst_4948catalyst_3750g-24ts-1uie-4000-8t4g-e_industrial_ethernet_switchcatalyst_3560x-24t-lcatalyst_3750x-24p-scatalyst_3560x-24u-scatalyst_3750x-24u-scatalyst_3560c-12pc-scatalyst_2960-24tc-scatalyst_2960s-f24ps-lcatalyst_3750e-48pd-scatalyst_2350-48td-sdcatalyst_3750g-48tscatalyst_2960s-48fpd-lie-4000-4gc4gp4g-e_industrial_ethernet_switchcatalyst_3750v2-24fscatalyst_3750g-12s-sdcatalyst_4500_supervisor_ii-plus-10gecatalyst_3560e-12d-scatalyst_3560g-24pscatalyst_2960xr-48lpd-lcatalyst_3750x-24t-ecatalyst_2960-48tc-scatalyst_2960cx-8pc-lcatalyst_3750e-48td-ecatalyst_3750x-12s-ecatalyst_3560cx-8pt-scatalyst_3750v2-48tscatalyst_2960x-48td-lcatalyst_2960-8tc-lcatalyst_2960-plus_24lc-srf_gateway_10catalyst_3560e-12sd-eie_2000-4t_industrial_ethernet_switchcatalyst_3560cx-8pc-scatalyst_c2928-24lt-cioscatalyst_3560v2-24tscatalyst_4500_supervisor_engine_6l-eie-4000-8gt4g-e_industrial_ethernet_switchcatalyst_2928-24tc-ccatalyst_blade_switch_3120catalyst_2960xr-24ps-iie_2000-4t-g_industrial_ethernet_switchcatalyst_2960-24tt-lembedded_service_2020_con_bcatalyst_2960s-24pd-lcatalyst_3560v2-24dccatalyst_2960-24lc-scatalyst_3560v2-48tscatalyst_3750x-12s-scatalyst_3750x-48u-ecatalyst_3560e-48pd-sfcatalyst_2960x-24td-lcatalyst_4500_supervisor_engine_ii-plus-tscatalyst_2960-48tc-lcatalyst_2360-48td-scatalyst_3560g-48tscatalyst_3560e-48td-ecatalyst_3750x-24s-ecatalyst_2960s-f24ts-scatalyst_2960xr-48fpd-lcatalyst_blade_switch_3130catalyst_2960xr-48td-icatalyst_3560e-48pd-ecatalyst_2960xr-48ts-lcatalyst_blade_switch_3030catalyst_3750x-48t-scatalyst_2960x-48ts-llcatalyst_3560cx-12tc-sie_2000-16ptc-g_industrial_ethernet_switchembedded_service_2020_ncpembedded_service_2020_conie-4000-16t4g-e_industrial_ethernet_switchcatalyst_3550_24_fx_smicatalyst_3560cpd-8pt-scatalyst_3560e-24td-ecatalyst_2960s-48lpd-lcatalyst_3560g-48pscatalyst_2960l-8ps-llcatalyst_3550_24_dc_smiie_2000-16tc_industrial_ethernet_switchcatalyst_3750e-24td-ecatalyst_3750v2-24tsie_2000-8tc-g-e_industrial_ethernet_switchcatalyst_blade_switch_3032catalyst_2960s-f48ts-lcatalyst_2960-plus_24pc-lie-4010-4s24p_industrial_ethernet_switchcatalyst_2960g-48tc-lcatalyst_2960-48pst-lcatalyst_c2928-48tc-cie_2000-4s-ts-g_industrial_ethernet_switchcatalyst_switch_module_3012catalyst_3550_12gie_2000-24t67_industrial_ethernet_switchcatalyst_3560-48pscatalyst_4000_supervisor_engine_ivenhanced_layer_2_etherswitch_service_modulecatalyst_3550_24_emicatalyst_3750x-48pf-scatalyst_3750x-24p-ecatalyst_3750g-48psie_3000-8tc_industrial_ethernet_switchie_2000-8t67_industrial_ethernet_switchcatalyst_2960-plus_48tc-scatalyst_2960c-8tc-scatalyst_3750-48tscatalyst_3560x-48p-lcatalyst_2960x-48fpd-lcatalyst_2918-48tc-ccatalyst_3560cx-8xpd-scatalyst_4500_supervisor_engine_ii-plusembedded_service_2020_24tc_ncpcatalyst_2960l-48ts-llcatalyst_3560x-48pf-lie_2000-4ts-g_industrial_ethernet_switchie_2000-16tc-g_industrial_ethernet_switchcatalyst_3560x-24p-ecatalyst_3750g-12scatalyst_2960-plus_24tc-lcatalyst_3750x-24p-lcatalyst_2960xr-48lps-lcatalyst_3750x-48p-scatalyst_4500_supervisor_engine_v-10gecatalyst_3550_48_emicatalyst_3750x-48p-ecatalyst_3560x-24t-ecatalyst_3750x-24u-lie-4010-16s12p_industrial_ethernet_switchcatalyst_3560x-48pf-ecatalyst_2918-24tt-ccatalyst_3560cx-12pd-scatalyst_3750x-48u-sie-4000-4gs8gp4g-e_industrial_ethernet_switchCisco IOS and IOS XE SoftwareIOS and IOS XE
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3197
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-2.84% / 85.93%
||
7 Day CHG~0.00%
Published-09 Jul, 2018 | 19:00
Updated-05 Aug, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection

GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.

Action-Not Available
Vendor-gigabyteGIGABYTE
Product-gb-bsi7h-6500gb-bxi7-5775gb-bxi7-5775_firmwaregb-bsi7h-6500_firmwareGB-BXi7-5775GB-BSi7H-6500
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-20
Improper Input Validation
CVE-2017-3098
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9.8||CRITICAL
EPSS-15.17% / 94.44%
||
7 Day CHG~0.00%
Published-20 Jun, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-captivateAdobe Captivate 9 and earlier.
CWE ID-CWE-20
Improper Input Validation
CVE-2017-12240
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-9.90% / 92.85%
||
7 Day CHG+1.98%
Published-28 Sep, 2017 | 07:00
Updated-12 Jan, 2026 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-asr_901s-4sg-f-dasr_1000-esp100catalyst_3650-48ts-ecatalyst_3850-48xs-f-sasr_920-24tz-m1101-4p_integrated_services_routercatalyst_3650-48tq-ecatalyst_3850-24t-scatalyst_3850-16xs-sasr_901-6cz-ft-acatalyst_3650-24ts-ecatalyst_3650-24pdmasr_9904catalyst_3650-24td-l1841_integrated_service_routercatalyst_3650-48fs-lcatalyst_3650-12x48fd-scatalyst_3850-48p-lcatalyst_3850-24t-easr_920-4sz-a_r8800_12-slotcatalyst_3650-48pd-scatalyst_3650-48ts-lasr_920-12cz-aasr_10011111x_integrated_services_routerasr_901-6cz-fs-a8101-32fhcatalyst_3850-24xs-sasr_920-24sz-im1100-4gltena_integrated_services_router1120_integrated_services_routercatalyst_3850-24xucatalyst_3850-24p-ecatalyst_3850-24xs-e1100-4gltegb_integrated_services_router1109-4p_integrated_services_routercatalyst_3650-8x24pd-lasr_9901catalyst_3650-48ts-s8202catalyst_3650-12x48uq-ecatalyst_3650-48fs-sasr_920-24sz-masr_1000-esp200-xasr_920-12cz-d1803_integrated_service_routerasr_920-24sz-im_routercatalyst_3850-48f-ecatalyst_3650-12x48uq-lasr_920-10sz-pd_router1811_integrated_service_routercatalyst_3650-48td-s4000_integrated_services_routercatalyst_3850-nm-8-10gasr_901-4c-ft-d8800_4-slotcatalyst_3850-12x48u1100_integrated_services_routercatalyst_3850-48f-s1101_integrated_services_routerasr_920-4sz-a1802_integrated_service_routercatalyst_3850-48xs-ecatalyst_3650-24pd-lasr_901s-3sg-f-ahcatalyst_3650-48fd-lasr_1002-x_rcatalyst_3650-24ts-lcatalyst_3650-24pd-e1111x-8p_integrated_services_routerasr_902u1801_integrated_service_routerasr_1001-x_r1000_integrated_services_routercatalyst_3650-48fq-ecatalyst_3650-24ts-sasr_9903catalyst_3650-48tq-lcatalyst_3650-12x48ur-lasr_901s-2sg-f-dcatalyst_3650-12x48fd-ecatalyst_3850-24xu-e8101-32hcatalyst_3850-48u-lasr_920-4sz-d_routerasr_920-12sz-imasr_9001asr_1001-xasr_1013asr_9010asr_920-10sz-pdcatalyst_3650-8x24uq-sasr_920-24sz-m_rasr_920-12sz-im_rasr_1023asr_901-4c-f-dcatalyst_3850-48u-ecatalyst_3850-24u-easr_903catalyst_3650-8x24pd-s8208asr_901-6cz-f-acatalyst_3850-24ucatalyst_3850-24s-scatalyst_3650-12x48urcatalyst_3650-12x48uqcatalyst_3650-48fqm-scatalyst_3850-24u-scatalyst_3850-24pw-scatalyst_3650-24pdm-s1100-4p_integrated_services_router9800-lasr_901-6cz-fs-dasr_1006-xasr_9906catalyst_3850-24t-lasr_1002-hx_rcatalyst_3850catalyst_3650-12x48ur-e1100-lte_integrated_services_routercatalyst_3650-48td-lcatalyst_3650-48fd-easr_920-4sz-d8804catalyst_3650-48fq-s8831asr_920-12cz-d_routerasr_920-10sz-pd_rcatalyst_3650-8x24uq-l4221_integrated_services_routercatalyst_3650-12x48uq-scatalyst_3850-24xscatalyst_3650-48pq-l111x_integrated_services_routercatalyst_3650-12x48uz-scatalyst_3650-24pdcatalyst_3650-48td-easr_9006asr_900catalyst_3650-48fqm-ecatalyst_3850-24xu-scatalyst_3650-24pdm-l1100-4g_integrated_services_routercatalyst_3650-48tq-scatalyst_3650-24td-ecatalyst_3850-24p-s9800-40asr_920-24sz-m_routercatalyst_3850-12s-scatalyst_3850-24xu-l1160_integrated_services_router1100-8p_integrated_services_routercatalyst_3650-24pd-scatalyst_3850-48u-scatalyst_3650-12x48uzasr_920-12cz-a_rcatalyst_3850-16xs-e1905_integrated_services_router8800_8-slotcatalyst_3650-8x24uq-ecatalyst_3650-48pd-ecatalyst_3850-48f-l1906c_integrated_services_router8201-32fhasr_9912catalyst_3850-48xs-f-ecatalyst_3850-nm-2-40gcatalyst_3850-12s-ecatalyst_3650-24ps-lasr_920-12cz-d_rasr_9922asr_901s-2sg-f-ah1861_integrated_service_router8812catalyst_3850-48xs-scatalyst_3850-32xs-siosasr_901-12c-f-dcatalyst_3650-24ps-s9800-801100-6g_integrated_services_routerasr_907catalyst_3850-48pw-s82128201catalyst_3650-48fqmcatalyst_3650-24pdm-easr_9000vcatalyst_3850-48ucatalyst_3650-12x48fd-lcatalyst_3850-48p-easr_920-24tz-m_rcatalyst_3650-12x48uz-ecatalyst_3850-48t-lcatalyst_3850-48t-sasr_9141812_integrated_service_routercatalyst_3850-24u-lcatalyst_3650-48fs-e1941w_integrated_services_router1109-2p_integrated_services_routercatalyst_3850-24s-easr_1002asr_1000-xasr_1001-hxcatalyst_3850-12xs-sasr_902asr_920-24tz-m_routercatalyst_3850-48t-e8808catalyst_3650-48fqasr_901-6cz-f-d8102-64hcatalyst_3650-48fd-scatalyst_3650-48fq-lcatalyst_3650-48pq-scatalyst_3650-8x24uqcatalyst_3650-12x48ur-s422_integrated_services_routerasr_1009-x8800_18-slot9800-clasr_1004asr_9902catalyst_3650-8x24pd-easr_920-12sz-im_routercatalyst_3650-48ps-scatalyst_3850-32xs-easr_9920catalyst_3850-12xs-easr_920-24sz-im_rcatalyst_3850-48p-sasr_9000asr_920u-12sz-im1131_integrated_services_routercatalyst_3650-48pd-l8818catalyst_3650-24ps-ecatalyst_3650-48pq-ecatalyst_3650asr_920-4sz-a_routerasr_9910catalyst_3650-48ps-lcatalyst_3850-48xscatalyst_3850-24p-l1921_integrated_services_routerasr_1002-hxasr_920-12cz-a_router82181109_integrated_services_routerasr_901s-3sg-f-dasr_1001-hx_rasr_901-12c-ft-dcatalyst_3650-12x48uz-l1941_integrated_services_routerasr_1006asr_920-4sz-d_rasr_1000-esp100-xasr_1000catalyst_3650-24td-sasr_901-6cz-ft-dasr_1002-xcatalyst_3650-48fqm-lcatalyst_3650-48ps-eCisco IOS and IOS XEIOS and IOS XE Software
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CVE-2017-2434
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.58% / 68.31%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "HomeKit" component. It allows attackers to have an unspecified impact by leveraging the presence of Home Control on Control Center.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-4727
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.43% / 62.22%
||
7 Day CHG~0.00%
Published-03 Feb, 2011 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors.

Action-Not Available
Vendor-smartyn/a
Product-smartyn/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • Next
Details not found