cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-34745,https://securityvulnerability.io/vulnerability/CVE-2021-34745,AppDynamics .NET Agent Privilege Escalation Vulnerability,"A vulnerability in the AppDynamics .NET Agent for Windows could allow an attacker to leverage an authenticated, local user account to gain SYSTEM privileges. This vulnerability is due to the .NET Agent Coordinator Service executing code with SYSTEM privileges. An attacker with local access to a device that is running the vulnerable agent could create a custom process that would be launched with those SYSTEM privileges. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system. This vulnerability is fixed in AppDynamics .NET Agent Release 21.7.",Cisco,Appdynamics .net Agent For Windows,7.8,HIGH,0.0004199999966658652,false,,false,false,true,2024-08-04T02:15:22.000Z,,false,false,,2021-08-18T00:00:00.000Z,0
CVE-2020-3427,https://securityvulnerability.io/vulnerability/CVE-2020-3427,Duo Authentication for Windows Logon and RDP Privilege Escalation Vulnerability,"The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. Note that this can only exploitable during new installations while the installer is running and is not exploitable once installation is finished. Versions 4.1.2 of Windows Logon addresses this issue.",Cisco,Duo Authentication For Windows Logon And Rdp,6.6,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-10-14T00:00:00.000Z,0
CVE-2019-16000,https://securityvulnerability.io/vulnerability/CVE-2019-16000,Cisco Umbrella Roaming Client for Windows Install Vulnerability,"A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows file system. A successful exploit could allow the attacker to bypass configured policy and install unapproved applications.",Cisco,Cisco Umbrella Enterprise Roaming Client For Windows,4.4,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-05T02:15:47.000Z,,false,false,,2020-09-23T01:15:00.000Z,0
CVE-2020-3322,https://securityvulnerability.io/vulnerability/CVE-2020-3322,Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability,A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.,Cisco,"Cisco Webex Network Recording Player,Cisco Webex Player For Microsoft Windows",3.3,LOW,0.0005499999970197678,false,,false,false,false,,,false,false,,2020-06-03T00:00:00.000Z,0
CVE-2020-3319,https://securityvulnerability.io/vulnerability/CVE-2020-3319,Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability,A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3.,Cisco,"Cisco Webex Network Recording Player,Cisco Webex Player For Microsoft Windows",3.3,LOW,0.0005499999970197678,false,,false,false,false,,,false,false,,2020-06-03T00:00:00.000Z,0
CVE-2020-3321,https://securityvulnerability.io/vulnerability/CVE-2020-3321,Cisco Webex Network Recording Player and Cisco Webex Player Denial of Service Vulnerability,A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file.,Cisco,"Cisco Webex Network Recording Player,Cisco Webex Player For Microsoft Windows",3.3,LOW,0.0005499999970197678,false,,false,false,false,,,false,false,,2020-06-03T00:00:00.000Z,0
CVE-2019-1855,https://securityvulnerability.io/vulnerability/CVE-2019-1855,Cisco Jabber for Windows DLL Preloading Vulnerability,"A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Jabber for Windows could allow an authenticated, local attacker to perform a DLL preloading attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of the resources loaded by the application at run time. An attacker could exploit this vulnerability by crafting a malicious DLL file and placing it in a specific location on the targeted system. The malicious DLL file would execute when the Jabber application launches. A successful exploit could allow the attacker to execute arbitrary code on the target machine with the privileges of another user's account.",Cisco,Cisco Jabber For Windows,7.3,HIGH,0.0004299999854993075,false,,false,false,true,2024-08-04T19:16:14.000Z,,false,false,,2019-07-04T20:15:00.000Z,0
CVE-2017-12284,https://securityvulnerability.io/vulnerability/CVE-2017-12284,,"A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and validation-checking mechanisms in the system. An attacker could exploit this vulnerability by issuing specific commands after authenticating to the system. A successful exploit could allow the attacker to view profile information where only certain parameters should be visible. Cisco Bug IDs: CSCve14401.",Cisco,Cisco Jabber For Windows Client,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2017-10-19T08:00:00.000Z,0
CVE-2017-3813,https://securityvulnerability.io/vulnerability/CVE-2017-3813,,"A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976.",Cisco,Cisco Anyconnect Secure Mobility Client Software For Windows Versions Prior To Released Versions 4.4.00243 And Later And 4.3.05017 And Later.,7.8,HIGH,0.0008999999845400453,false,,false,false,false,,,false,false,,2017-02-09T17:00:00.000Z,0
CVE-2011-3310,https://securityvulnerability.io/vulnerability/CVE-2011-3310,,"The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.",Cisco,"Ciscoworks Common Services,Windows",,,0.004519999958574772,false,,false,false,false,,,false,false,,2011-10-20T00:00:00.000Z,0
CVE-2008-0533,https://securityvulnerability.io/vulnerability/CVE-2008-0533,,"Multiple cross-site scripting (XSS) vulnerabilities in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to inject arbitrary web script or HTML via an argument located immediately after the Help argument, and possibly unspecified other vectors.",Cisco,"Acs Solution Engine,User Changeable Password,Acs For Windows",,,0.04089000076055527,false,,false,false,false,,,false,false,,2008-03-14T20:00:00.000Z,0
CVE-2008-0532,https://securityvulnerability.io/vulnerability/CVE-2008-0532,,"Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.",Cisco,"Acs Solution Engine,User Changeable Password,Acs For Windows",,,0.6310999989509583,false,,false,false,false,,,false,false,,2008-03-14T20:00:00.000Z,0