CVSS: 7.8EPSS: 0%CPEs: 44EXPL: 0CVE-2015-4237
https://notcve.org/view.php?id=CVE-2015-4237
03 Jul 2015 — The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436. El analizador sintáctico CLI en Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), y 9.1(1)SV1(3.1.8) en los dispositivos Nexus permite a usuarios locales ejecutar c... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39583 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 31EXPL: 0CVE-2015-0775
https://notcve.org/view.php?id=CVE-2015-0775
12 Jun 2015 — The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000 devices, and 7.2(0)ZN(99.67) on Nexus 3000 devices allows remote attackers to cause a denial of service (login process reset) via an unspecified terminal-session request during TELNET session setup, aka Bug IDs CSCuo10554, CSCuu75466, CSCuu75471, CSCuu75484, CSCuu75498... • http://tools.cisco.com/security/center/viewAlert.x?alertId=39280 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3367
https://notcve.org/view.php?id=CVE-2014-3367
20 Sep 2014 — Cross-site scripting (XSS) vulnerability in the vCloud Director component in Cisco Nexus 1000V InterCloud for VMware allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq90524. Vulnerabilidad de XSS en el componente vCloud Director en Cisco Nexus 1000V InterCloud para VMware permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un valor no especificado, también conocido como Bug ID CSCuq90524. • http://secunia.com/advisories/61426 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0685
https://notcve.org/view.php?id=CVE-2014-0685
07 May 2014 — Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691. Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) y anteriores para VMware permite a atacantes remotos evadir declaraciones de denegación ACL a través de paquetes (1) IGMPv2 o (2) IGMPv3 manipulados, también conocido como Bug ID CSCug61691. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0685 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2013-5556
https://notcve.org/view.php?id=CVE-2013-5556
16 Nov 2013 — The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340. El módulo license-installation en el switch Cisco Nexus 1000V 4.2(1)SV1(5.2b) y anteriores para VMware vSphere, switch Cisco Nexus... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5556 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2013-3400
https://notcve.org/view.php?id=CVE-2013-3400
10 Jul 2013 — The license-installation module in Cisco NX-OS on Nexus 1000V devices allows local users to execute arbitrary commands via crafted "install license" arguments, aka Bug ID CSCuh30824. El módulo license-installation en Cisco NX-OS en dispositivos Nexus 1000V, permite a usuarios locales ejecutar comandos arbitrarioa través de argumentos manipulados en la instalación de la licencia. Aka Bug ID CSCuh30824. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3400 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1208
https://notcve.org/view.php?id=CVE-2013-1208
29 May 2013 — The encryption functionality in Cisco NX-OS on the Nexus 1000V does not properly handle Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication, which allows remote attackers to intercept or modify network traffic by leveraging certain Layer 2 or Layer 3 access, aka Bug ID CSCud14691. La funcionalidad de cifrado en Cisco NX-OS en Nexus 1000V no controla correctamente el modulo de comunicación Virtual Supervisor Module (VSM) de Virtual Ethernet Module (VEM), lo que permite a atacantes ... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1208 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1209
https://notcve.org/view.php?id=CVE-2013-1209
29 May 2013 — The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable packet-level encryption and integrity protection via crafted packets, aka Bug ID CSCud14710. La funcionalidad de cifrado en el Virtual Supervisor Module (VSM) al componente de comunicaciones Virtual Ethernet Module (VEM) en Cisco NX-OS sobre the Nexus 1000V no aut... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1209 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1210
https://notcve.org/view.php?id=CVE-2013-1210
29 May 2013 — Array index error in the Virtual Ethernet Module (VEM) kernel driver for VMware ESXi in Cisco NX-OS on the Nexus 1000V, when STUN debugging is enabled, allows remote attackers to cause a denial of service (ESXi crash and purple screen of death) by sending crafted STUN packets to a VEM, aka Bug ID CSCud14825. Error de indexación en el array en el controlador del kernel del Virtual Ethernet Module (VEM) en Cisco NX-OS sobre the Nexus 1000V, cuando está activado el depurador STUN, permite a atacantes remotos p... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1210 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1211
https://notcve.org/view.php?id=CVE-2013-1211
29 May 2013 — Cisco NX-OS on the Nexus 1000V does not properly handle authentication for Virtual Ethernet Module (VEM) to Virtual Supervisor Module (VSM) communication, which allows remote attackers to obtain VEM access via (1) spoofed STUN packets or (2) a crafted VMware ESXi instance, aka Bug ID CSCud14832. Cisco NX-OS sobre the Nexus 1000V no maneja adecuadamente la autenticación para el módulo Virtual Ethernet Module (VEM) para con la comunicación con el Virtual Supervisor Module, lo que permite a atacantes remotos o... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1211 • CWE-287: Improper Authentication •