Show filters
24 Total Results
Displaying 11-20 of 24
Sort by:
Attacker Value
Unknown

CVE-2024-26304

Disclosure Date: May 01, 2024 (last updated May 02, 2024)
There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
0
Attacker Value
Unknown

CVE-2020-9296

Disclosure Date: June 16, 2020 (last updated February 21, 2025)
Netflix Titus uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code.
Attacker Value
Unknown

CVE-2019-10060

Disclosure Date: March 26, 2019 (last updated November 27, 2024)
The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.
0
Attacker Value
Unknown

CVE-2019-1679

Disclosure Date: February 07, 2019 (last updated November 27, 2024)
A vulnerability in the web interface of Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to trigger an HTTP request from an affected server to an arbitrary host. This type of attack is commonly referred to as server-side request forgery (SSRF). The vulnerability is due to insufficient access controls for the REST API of Cisco Expressway Series and Cisco TelePresence VCS. An attacker could exploit this vulnerability by submitting a crafted HTTP request to the affected server. Versions prior to XC4.3.4 are affected.
Attacker Value
Unknown

CVE-2018-5390

Disclosure Date: August 06, 2018 (last updated November 08, 2023)
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.
Attacker Value
Unknown

CVE-2017-12287

Disclosure Date: October 19, 2017 (last updated November 26, 2024)
A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected system to restart unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete input validation of URL requests by the REST API of the affected software. An attacker could exploit this vulnerability by sending a crafted URL to the REST API of the affected software on an affected system. A successful exploit could allow the attacker to cause the CDB process on the affected system to restart unexpectedly, resulting in a temporary DoS condition. Cisco Bug IDs: CSCve77571.
0
Attacker Value
Unknown

CVE-2015-0747

Disclosure Date: May 30, 2015 (last updated October 05, 2023)
Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408.
0
Attacker Value
Unknown

CVE-2015-0653

Disclosure Date: March 13, 2015 (last updated October 05, 2023)
The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556.
0
Attacker Value
Unknown

CVE-2015-0652

Disclosure Date: March 13, 2015 (last updated October 05, 2023)
The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remote attackers to cause a denial of service (mishandled exception and device reload) via a crafted media description, aka Bug IDs CSCus96593 and CSCun73192.
0
Attacker Value
Unknown

CVE-2012-6118

Disclosure Date: March 12, 2013 (last updated October 05, 2023)
The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting.
0