4.3
CVE-2022-20939 - Cisco Smart Software Manager On-Prem Privilege Escalation Vulnerability
A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit β¦
4.4
CVE-2023-20004 - Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Write Vulnerability
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An β¦
9.9
CVE-2023-20036 - Cisco Industrial Network Director Command Injection Vulnerability
A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An β¦
5.5
CVE-2023-20039 - Cisco Industrial Network Director File Permissions
A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the applicβ¦
6.1
CVE-2023-20060 - Cisco Prime Collaboration Deployment Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not prβ¦
6.7
CVE-2023-20090 - Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability
A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of β¦
4.8
CVE-2024-49758 - LibreNMS has a stored XSS in ExamplePlugin with Device's Notes
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be trigger. This vulnerabilβ¦
5.1
CVE-2023-20091 - Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Overwrite Vulnerability
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. This vulnerability is due to improper access controls on files that are on the local file system. An attacker cβ¦
4.4
CVE-2023-20092 - Cisco TelePresence Collaboration Endpoint and RoomOS Software Arbitrary File Overwrite Vulnerability
Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device. These vulnerabilities are due to improper access controls on files that are on the local file system. An β¦
7.5
CVE-2024-49754 - LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.pβ¦
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result iβ¦