2 results (0.002 seconds)

CVSS: 5.5EPSS: 0%CPEs: 278EXPL: 0

CVE-2022-20725 – Cisco IOx Application Hosting Environment Vulnerabilities

https://notcve.org/view.php?id=CVE-2022-20725

15 Apr 2022 — Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabil... • https://github.com/orangecertcc/security-research/security/advisories/GHSA-q2v9-qpmg-4qc4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0

CVE-2013-1241

https://notcve.org/view.php?id=CVE-2013-1241

08 May 2013 — The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series of malformed packets, aka Bug ID CSCub92025. El módulo ISM en Cisco IOS de los routers ISR G2 no controla correctamente la autenticación de cabecera de los paquetes, lo que permite a usuarios remotos autenticados causar una denegación de servicio (recarga del módulo) a través de una serie de paquetes malformado... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1241 • CWE-287: Improper Authentication •