CVSS: 5.4EPSS: 0%CPEs: 33EXPL: 0CVE-2022-20965
https://notcve.org/view.php?id=CVE-2022-20965
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted. {{value}} ["%7b%7bvalue%7d%7d"])}]] Una vulnerabilidad en la interfaz de administración basada en web de Cisco Identity Services Engine podría permitir que un atacante remoto autenticado realice acciones de privilegios dentro de la interfaz de administración basada en web. Esta vulnerabilidad se debe a un control de acceso inadecuado a una función dentro de la interfaz de administración basada en web del sistema afectado. Un atacante podría aprovechar esta vulnerabilidad accediendo a funciones a través de solicitudes directas, evitando las comprobaciones dentro de la aplicación. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx • CWE-648: Incorrect Use of Privileged APIs •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10011 – OpenDNS OpenResolve endpoints.py neutralization for logs
https://notcve.org/view.php?id=CVE-2015-10011
A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutralization for logs. The identifier of the patch is 9eba6ba5abd89d0e36a008921eb307fcef8c5311. It is recommended to apply a patch to fix this issue. • https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311 https://vuldb.com/?ctiid.217197 https://vuldb.com/?id.217197 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10010 – OpenDNS OpenResolve API endpoints.py get cross site scripting
https://notcve.org/view.php?id=CVE-2015-10010
A vulnerability was found in OpenDNS OpenResolve. It has been rated as problematic. Affected by this issue is the function get of the file resolverapi/endpoints.py of the component API. The manipulation leads to cross site scripting. The attack may be launched remotely. • https://github.com/opendns/OpenResolve/commit/c680170d5583cd9342fe1af43001fe8b2b8004dd https://vuldb.com/?ctiid.217196 https://vuldb.com/?id.217196 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 715EXPL: 0CVE-2022-20968
https://notcve.org/view.php?id=CVE-2022-20968
A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device. Una vulnerabilidad en la función de procesamiento de Cisco Discovery Protocol del firmware de los teléfonos IP de las series 7800 y 8800 de Cisco podría permitir que un atacante adyacente no autenticado provoque un desbordamiento de pila en un dispositivo afectado. Esta vulnerabilidad se debe a una validación de entrada insuficiente de los paquetes recibidos del Protocolo de descubrimiento de Cisco. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2022-20691
https://notcve.org/view.php?id=CVE-2022-20691
A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause a DoS condition of an affected device. This vulnerability is due to missing length validation of certain Cisco Discovery Protocol packet header fields. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause the device to exhaust available memory and cause the service to restart. Cisco has released firmware updates that address this vulnerability. Una vulnerabilidad en la funcionalidad Cisco Discovery Protocol del firmware del adaptador telefónico adaptable Cisco ATA serie 190 podría permitir que un atacante adyacente no autenticado cause una condición DoS en un dispositivo afectado. Esta vulnerabilidad se debe a la falta de validación de longitud de ciertos campos de encabezado de paquetes de Cisco Discovery Protocol. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs • CWE-400: Uncontrolled Resource Consumption CWE-1284: Improper Validation of Specified Quantity in Input •