|
254971
|
9.8 |
CRITICAL
Network
|
cisco
|
ios_xe
|
A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass …
|
CWE-287
Improper Authentication
|
CVE-2017-12236
|
2024-11-21 12:09 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254972
|
8.8 |
HIGH
Network
|
cisco
|
ios_xe
|
A vulnerability in the web-based user interface (web UI) of Cisco IOS XE 16.2 could allow an authenticated, remote attacker to elevate their privileges on an affected device. The vulnerability is due…
|
CWE-276
Incorrect Default Permissions
|
CVE-2017-12230
|
2024-11-21 12:09 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254973
|
9.8 |
CRITICAL
Network
|
cisco
|
ios_xe
|
A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of t…
|
CWE-287
Improper Authentication
|
CVE-2017-12229
|
2024-11-21 12:09 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254974
|
5.9 |
MEDIUM
Network
|
cisco
|
ios
ios_xe
|
A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized ac…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-12228
|
2024-11-21 12:09 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254975
|
8.8 |
HIGH
Network
|
cisco
|
ios_xe
|
A vulnerability in the web-based Wireless Controller GUI of Cisco IOS XE Software for Cisco 5760 Wireless LAN Controllers, Cisco Catalyst 4500E Supervisor Engine 8-E (Wireless) Switches, and Cisco Ne…
|
CWE-20
Improper Input Validation
|
CVE-2017-12226
|
2024-11-21 12:09 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254976
|
6.5 |
MEDIUM
Adjacent
|
cisco
|
ios_xe
|
A vulnerability in the wireless controller manager of Cisco IOS XE could allow an unauthenticated, adjacent attacker to cause a restart of the switch and result in a denial of service (DoS) condition…
|
CWE-20
Improper Input Validation
|
CVE-2017-12222
|
2024-11-21 12:09 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254977
|
9.8 |
CRITICAL
Network
|
apache
|
commons_jelly
|
During Jelly (xml) file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser insta…
|
CWE-611
XXE
|
CVE-2017-12621
|
2024-11-21 12:09 |
2017-09-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254978
|
6.7 |
MEDIUM
Local
|
cisco
|
unified_computing_system
|
A vulnerability in the CLI of Cisco UCS Central Software could allow an authenticated, local attacker to gain shell access. The vulnerability is due to insufficient input validation of commands enter…
|
CWE-20
Improper Input Validation
|
CVE-2017-12255
|
2024-11-21 12:09 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254979
|
8.8 |
HIGH
Network
|
cisco
|
unified_intelligence_center
|
A vulnerability in the Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to a lack of cross-site request forgery …
|
CWE-352
Origin Validation Error
|
CVE-2017-12253
|
2024-11-21 12:09 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254980
|
6.1 |
MEDIUM
Network
|
cisco
|
unified_intelligence_center
|
A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. T…
|
CWE-79
Cross-site Scripting
|
CVE-2017-12254
|
2024-11-21 12:09 |
2017-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
