cisco prime service catalog 11.1 vulnerabilities and exploits

(subscribe to this query)

8.8

CVSSv3

A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote malicious user to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protectio...

Cisco Prime Service Catalog 12.1 Cisco Prime Service Catalog 11.1 Cisco Prime Service Catalog 11.0 Cisco Prime Service Catalog 12.0

4.8

CVSSv3

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote malicious user to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation o...

Cisco Prime Service Catalog 11.0 Cisco Prime Service Catalog 11.1.1 Cisco Prime Service Catalog 12.0 Cisco Prime Service Catalog 12.1 Cisco Prime Service Catalog 11.1

5.3

CVSSv3

ntpq in NTP prior to 4.2.8p7 allows remote malicious users to obtain origin timestamps and then impersonate peers via unspecified vectors.

Ntp Ntp

4.8

CVSSv3

The ntpq protocol in NTP prior to 4.2.8p7 allows remote malicious users to conduct replay attacks by sniffing the network.

Ntp Ntp

7.5

CVSSv3

An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP dae...

Ntp Ntp-dev 4.3.70

8.8

CVSSv3

Use-after-free vulnerability in ntpd in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.

Ntp Ntp Ntp Ntp 4.2.8 Netapp Oncommand Balance -Netapp Oncommand Performance Manager -Netapp Oncommand Unified Manager -Netapp Clustered Data Ontap -Netapp Data Ontap -

6.5

CVSSv3

Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP prior to 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite ...

Ntp Ntp Ntp Ntp 4.2.8

9.8

CVSSv3

The datalen parameter in the refclock driver in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote malicious users to execute arbitrary code or cause a denial of service (crash) via a negative input value.

Ntp Ntp Ntp Ntp 4.2.8 Netapp Oncommand Balance -Netapp Oncommand Performance Manager -Netapp Oncommand Unified Manager -Netapp Clustered Data Ontap -Netapp Data Ontap -

8.8

CVSSv3

Buffer overflow in the password management functionality in NTP 4.2.x prior to 4.2.8p4, and 4.3.x prior to 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.

Ntp Ntp Ntp Ntp 4.2.8 Netapp Oncommand Balance -Netapp Oncommand Performance Manager -Netapp Oncommand Unified Manager -Netapp Clustered Data Ontap -Netapp Data Ontap -

6.5

CVSSv3

NTP prior to 4.2.8p6 and 4.3.x prior to 4.3.90, when configured in broadcast mode, allows man-in-the-middle malicious users to conduct replay attacks by sniffing the network.

Ntp Ntp Ntp Ntp 4.2.8 Siemens Tim 4r-ie Firmware Siemens Tim 4r-ie Dnp3 Firmware Freebsd Freebsd 9.3 Freebsd Freebsd Freebsd Freebsd 10.1 Freebsd Freebsd 10.2 Netapp Clustered Data Ontap -Netapp Oncommand Balance -Canonical Ubuntu Linux 12.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 16.04

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook